My Oracle Support Banner

Accessing Discussions Protected with WS_Security in WebCenter Portal After Upgrading from 11g to 12c Fails With: InvalidSecurity : error in processing the WS-Security security header (Doc ID 2578331.1)

Last updated on AUGUST 20, 2019

Applies to:

Oracle WebCenter Portal - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Symptoms

 

Accessing Discussions Protected with WS_Security in WebCenter Portal After Upgrading from 11g to 12c fails with the following error in the WebCenter UI:


ERROR

failure to authenticate the user [username], due to: Unexpected error occurred, due to: oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header

 

The Spaces diagnostic log shows the following error:

[<date>] [WC_Spaces1] [ERROR] [] [oracle.webservices.jaxws] [tid: pool-1-daemon-thread-14] [userId: <user>] [ecid: <ecid>,0:2:13] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] Error while invoking endpoint "https://<host:port>/owc_discussions/OWCDiscussionsServiceAuthenticated" from client; Client side policies: [oracle/wss11_saml_token_with_message_protection_client_policy]; Security Subject: <security-subject>

[<date>] [WC_Spaces1] [ERROR] [WCS-67005] [oracle.webcenter.concurrent.Submission] [tid: pool-1-daemon-thread-14] [userId: <user>] [ecid: <ecid>,0:2:13] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] Submission[id=15, task=Task[class=oracle.webcenter.collab.share.Session$1, service=oracle.webcenter.collab.forum, resource=null, isDone=false, requestedTimeoutPeriod=100000ms, actualTimeoutPeriod=100000ms], source=Task[class=oracle.webcenter.collab.share.Session$1, service=oracle.webcenter.collab.forum, resource=null, isDone=false, requestedTimeoutPeriod=100000ms, actualTimeoutPeriod=100000ms] (class=oracle.webcenter.collab.share.Session$1), submittedTime=1565795966609, stopRequestedTime=0, isHung=false] caught exception running task: Task[class=oracle.webcenter.collab.share.Session$1, service=oracle.webcenter.collab.forum, resource=null, isDone=false, requestedTimeoutPeriod=100000ms, actualTimeoutPeriod=100000ms].[[
oracle.webcenter.collab.share.LoginFailedException: failure to authenticate the user <user>, due to: Unexpected error occurred, due to : oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header
    at oracle.webcenter.collab.forum.internal.jive.JiveForumSession.login(JiveForumSession.java:213)
    at oracle.webcenter.collab.share.Session$1.call(Session.java:685)
    at oracle.webcenter.collab.share.Session$1.call(Session.java:678)
    at oracle.webcenter.concurrent.Submission$2.run(Submission.java:491)
    at java.security.AccessController.doPrivileged(Native Method)
    at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
    ...
Caused by: oracle.webcenter.collab.share.SessionException: Unexpected error occurred, due to : oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header
    at oracle.webcenter.collab.forum.internal.jive.JiveAuthenticator.login(JiveAuthenticator.java:229)
    at oracle.webcenter.collab.forum.internal.jive.JiveForumSession.login(JiveForumSession.java:186)
    ... 13 more
Caused by: oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header
    at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:1833)
    at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:1408)
    at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:238)
    at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:109)
    at oracle.j2ee.ws.client.jaxws.WsClientProxyInvocationHandler.invoke(WsClientProxyInvocationHandler.java:261)
    at com.sun.proxy.$Proxy469.getUserByUsername(Unknown Source)
    at oracle.webcenter.collab.forum.internal.jive.JiveAuthenticator.login(JiveAuthenticator.java:205)
    ... 14 more


]]
[<date>] [WC_Spaces1] [ERROR] [WSM-00279] [oracle.wsm.resources.security] [tid: pool-1-daemon-thread-15] [userId: <user>] [ecid: <ecid>,0:2:15] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_client_policy] The following Fault Message is received at the client side from the service:- [[
InvalidSecurity : error in processing the WS-Security security header.

The client side policy is:-
oracle/wss11_saml_token_with_message_protection_client_policy.

The service endpoint url is:-
https://<host:port>/owc_discussions/OWCDiscussionsServiceAuthenticated.

 

The Collaboration diagnostic log with trace enabled shows the following errors:

[<date>] [WC_Collaboration1] [ERROR] [WSM-00008] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] Login Exception: Login Failure: all modules ignored.

[<date>] [WC_Collaboration1] [TRACE] [] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] [SRC_CLASS: oracle.wsm.common.logging.WsmMessageLogger] [SRC_METHOD: logSevere] [[
javax.security.auth.login.LoginException: Login Failure: all modules ignored
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:906)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
    at java.security.AccessController.doPrivileged(Native Method)
...

[<date>] [WC_Collaboration1] [ERROR] [WSM-00006] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] Error in receiving the request: oracle.wsm.security.SecurityException: WSM-00423 : Web service authentication failed..

[<date>] [WC_Collaboration1] [TRACE] [] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] [SRC_CLASS: oracle.wsm.common.logging.WsmMessageLogger] [SRC_METHOD: logSevere] [[
oracle.wsm.security.SecurityException: WSM-00423 : Web service authentication failed.
    at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:248)
    at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:416)
    at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticateSamlToken(WssSaml11TokenProcessor.java:516)
    at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticate(WssSaml11TokenProcessor.java:356)
    at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:800)
    ...
    
Caused by: javax.security.auth.login.LoginException: Login Failure: all modules ignored
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:906)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    ...

[<date>] [WC_Collaboration1] [ERROR] [WSM-07607] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.

 



STEPS

The issue can be reproduced at will with the following steps:

 

  1. Connect to WebCenter Portal.

  2. Navigate to a Portal with Discussions Service Enabled.

  3. Select the Discussions page.
    Here you will see the error.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.