WSM-00008 : Web service authentication failed - [Security:090302]Authentication Failed: User Denied Error For Weblogic User

(Doc ID 2298049.1)

Last updated on AUGUST 23, 2017

Applies to:

Oracle Web Services Manager - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Symptoms

When using a username token service policy on a SOA service, an "Authentication Failed: User xxx denied" error was encountered for a user defined in Weblogic while hitting the service from SoapUI using a particular weblogic user.

The below error was observed :

<Aug 10, 2017 12:25:03 PM EDT> <Error> <oracle.wsm.resources.security> <WSM-00006> <Error in receiving the request: oracle.wsm.security.SecurityException: WSM-00008 : Web service authentication failed..>
<Aug 10, 2017 12:25:03 PM EDT> <Error> <oracle.wsm.resources.enforcement> <WSM-07607> <Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss-username-token executor class oracle.wsm.security.policy.scenario.executor.WssUsernameTokenScenarioExecutor.>
<Aug 10, 2017 12:25:03 PM EDT> <Error> <oracle.wsm.resources.enforcement> <WSM-07602> <Failure in WS-Policy Execution due to exception.>
<Aug 10, 2017 12:25:03 PM EDT> <Error> <oracle.wsm.resources.enforcement> <WSM-07501> <Failure in Oracle WSM Agent processRequest, category=security, function=agent.function.service, application=soa-infra, composite=XrxXPCSPaymentCardMSNETRequesterABCSImpl, modelObj=XrxXPCSMSNETAppsABO, policy=oracle/wss_username_token_service_policy_OPT_ON, policyVersion=1, assertionName={http://schemas.oracle.com/ws/2006/01/securitypolicy}wss-username-token.>
<Aug 10, 2017 12:25:03 PM EDT> <Error> <oracle.webservices.service> <OWS-04086> <oracle.fabric.common.PolicyEnforcementException: FailedAuthentication : The security token cannot be authenticated.
at oracle.fabric.common.AbstractSecurityInterceptor.processResult(AbstractSecurityInterceptor.java:180)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:95)
at oracle.integration.platform.common.InterceptorChainImpl.processRequest(InterceptorChainImpl.java:129)
at oracle.integration.platform.common.mgmt.InterceptorChainManager.processRequest(InterceptorChainManager.java:276)
at oracle.j2ee.ws.server.mgmt.runtime.SuperServerInterceptorPipeline.handleRequest(SuperServerInterceptorPipeline.java:165)
at oracle.j2ee.ws.server.provider.management.AbstractProviderInterceptorPipeline.executeRequestInterceptorChain(AbstractProviderInterceptorPipeline.java:576)
at oracle.j2ee.ws.server.provider.ProviderProcessor.executeInterceptorRequestChain(ProviderProcessor.java:921)
at oracle.j2ee.ws.server.WebServiceProcessor.processRequest(WebServiceProcessor.java:233)
at oracle.j2ee.ws.server.WebServiceProcessor.doService(WebServiceProcessor.java:195)
at oracle.j2ee.ws.server.WebServiceServlet.doPost(WebServiceServlet.java:487)
at oracle.integration.platform.blocks.soap.FabricProviderServlet.doPost(FabricProviderServlet.java:544)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:119)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:324)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:460)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:103)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:171)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:163)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3748)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3714)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2283)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2182)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1499)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: oracle.wsm.common.sdk.WSMException: FailedAuthentication : The security token cannot be authenticated.
at oracle.wsm.security.policy.scenario.executor.WssUsernameTokenScenarioExecutor.receiveRequest(WssUsernameTokenScenarioExecutor.java:198)
at oracle.wsm.security.policy.scenario.executor.SecurityScenarioExecutor.execute(SecurityScenarioExecutor.java:832)
at oracle.wsm.policyengine.impl.runtime.AssertionExecutor.execute(AssertionExecutor.java:41)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeSimpleAssertion(WSPolicyRuntimeExecutor.java:425)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.executeAndAssertion(WSPolicyRuntimeExecutor.java:344)
at oracle.wsm.policyengine.impl.runtime.WSPolicyRuntimeExecutor.execute(WSPolicyRuntimeExecutor.java:291)
at oracle.wsm.policyengine.impl.PolicyExecutionEngine.execute(PolicyExecutionEngine.java:102)
at oracle.wsm.agent.WSMAgent.processCommon(WSMAgent.java:1059)
at oracle.wsm.agent.WSMAgent.processRequest(WSMAgent.java:489)
at oracle.fabric.common.BindingSecurityInterceptor.processRequest(BindingSecurityInterceptor.java:94)
... 35 more
Caused by: oracle.wsm.security.SecurityException: WSM-00008 : Web service authentication failed.
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:190)
at oracle.wsm.security.jps.JpsManager.basicAuthenticate(JpsManager.java:265)
at oracle.wsm.security.policy.scenario.executor.WssUsernameTokenScenarioExecutor.receiveRequest(WssUsernameTokenScenarioExecutor.java:157)
... 44 more
Caused by: javax.security.auth.login.LoginException: [Security:090304]Authentication Failed: User xrxapmb javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xxxx denied
at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:71)
at sun.reflect.GeneratedMethodAccessor2071.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:184)
... 46 more
Caused by: oracle.security.jps.internal.jaas.module.AuthenticationException: [Security:090304]Authentication Failed: User xrxapmb javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xxxx denied
at oracle.security.jps.wls.jaas.module.authentication.WlsUserAuthenticator.authenticate(WlsUserAuthenticator.java:61)
at oracle.security.jps.internal.jaas.module.authentication.JpsUserAuthenticationLoginModule.login(JpsUserAuthenticationLoginModule.java:62)
... 57 more
Caused by: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User xrxapmb javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xxxx denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.GeneratedMethodAccessor1955.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
at sun.reflect.GeneratedMethodAccessor1953.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:64)
at com.sun.proxy.$Proxy32.login(Unknown Source)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
at sun.reflect.GeneratedMethodAccessor2021.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:64)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms