oracle.wsm.common.sdk.WSMException Occurs with Using the oracle/wss11_kerberos_token_service_template in a Custom Policy when Placed Inside an OR Clause (Doc ID 2188186.1)

Last updated on FEBRUARY 06, 2024

Applies to:

Symptoms

Calling a web service in a separate Domain using the default oracle/wss11_kerberos_token_service-/client_template, the OWSM policies for security work fine.

However, when creating a custom policy and placing the Kerberos assertion inside an OR-clause, the following occurs:

-> If the Kerberos assertion is inside the OR-clause by itself, without other assertions, it works as it should.
-> If the  oracle/wss11_kerberos_token_with_message_protection_service_template is placed with other assertions inside the OR-clause and the other assertion(s) are used for security,  it works as well (with changing the client policy of course).
-> If the  oracle/wss11_kerberos_token_with_message_protection_service_template is placed with other assertions inside the OR-clause and the kerbero assertion is used for security, the following exception is seen:


#### <[ACTIVE] ExecuteThread: '36' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <[severity-value: 8] [rid: 0:1:3] [partition-id: 0] [partition-name: DOMAIN] > oracle.wsm.common.sdk.WSMException: GenericFault : generic error
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.processRequest(XORPolicyExecutor.java:217)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.execute(XORPolicyExecutor.java:176)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeXorAssertion(WSPolicyRuntimeExecutor.java:487)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:432)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:385)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:175)
Caused By: java.lang.NullPointerException
at oracle.wsm.security.policy.scenario.processor.Wss11X509TokenProcessor.processEncryptedKeysAndDecryptMessage(Wss11X509TokenProcessor.java:1907)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.decryptMessage(XORPolicyExecutor.java:1703)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.findMatchingAssertionForMsgProtSoap(XORPolicyExecutor.java:950)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.findMatchingAssertionsForMsgWithSecurityHeader(XORPolicyExecutor.java:802)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.findMatchingAssertionsForMessage(XORPolicyExecutor.java:741)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.processRequest(XORPolicyExecutor.java:204)
at oracle.wsm.policyengine.impl.runtime.XORPolicyExecutor.execute(XORPolicyExecutor.java:176)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeXorAssertion(WSPolicyRuntimeExecutor.java:487)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:432)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:385)


The issue can be reproduced by creating a custom policy and placing the Kerberos assertion inside an OR-clause together with other assertions, then using the Kerberos assertion in the security mechanism of the service.

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.