Accessing Discussions Protected with WS_Security in WebCenter Portal After Upgrading from 11g to 12c Fails With: InvalidSecurity : error in processing the WS-Security security header
(Doc ID 2578331.1)
Last updated on JUNE 17, 2024
Applies to:
Oracle WebCenter Portal - Version 12.2.1.3.0 and laterOracle WebCenter Portal for OCI - Version 12.2.1.4_24.2 and later
Information in this document applies to any platform.
Symptoms
Accessing Discussions Protected with WS_Security in WebCenter Portal After Upgrading from 11g to 12c fails with the following error in the WebCenter UI:
ERROR
failure to authenticate the user [username], due to: Unexpected error occurred, due to: oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header
The Spaces diagnostic log shows the following error:
[<date>] [WC_Spaces1] [ERROR] [] [oracle.webservices.jaxws] [tid: pool-1-daemon-thread-14] [userId: <user>] [ecid: <ecid>,0:2:13] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] Error while invoking endpoint "https://<host:port>/owc_discussions/OWCDiscussionsServiceAuthenticated" from client; Client side policies: [oracle/wss11_saml_token_with_message_protection_client_policy]; Security Subject: <security-subject>
[<date>] [WC_Spaces1] [ERROR] [WCS-67005] [oracle.webcenter.concurrent.Submission] [tid: pool-1-daemon-thread-14] [userId: <user>] [ecid: <ecid>,0:2:13] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] Submission[id=15, task=Task[class=oracle.webcenter.collab.share.Session$1, service=oracle.webcenter.collab.forum, resource=null, isDone=false, requestedTimeoutPeriod=100000ms, actualTimeoutPeriod=100000ms], source=Task[class=oracle.webcenter.collab.share.Session$1, service=oracle.webcenter.collab.forum, resource=null, isDone=false, requestedTimeoutPeriod=100000ms, actualTimeoutPeriod=100000ms] (class=oracle.webcenter.collab.share.Session$1), submittedTime=1565795966609, stopRequestedTime=0, isHung=false] caught exception running task: Task[class=oracle.webcenter.collab.share.Session$1, service=oracle.webcenter.collab.forum, resource=null, isDone=false, requestedTimeoutPeriod=100000ms, actualTimeoutPeriod=100000ms].[[
oracle.webcenter.collab.share.LoginFailedException: failure to authenticate the user <user>, due to: Unexpected error occurred, due to : oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header
at oracle.webcenter.collab.forum.internal.jive.JiveForumSession.login(JiveForumSession.java:213)
at oracle.webcenter.collab.share.Session$1.call(Session.java:685)
at oracle.webcenter.collab.share.Session$1.call(Session.java:678)
at oracle.webcenter.concurrent.Submission$2.run(Submission.java:491)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
...
Caused by: oracle.webcenter.collab.share.SessionException: Unexpected error occurred, due to : oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header
at oracle.webcenter.collab.forum.internal.jive.JiveAuthenticator.login(JiveAuthenticator.java:229)
at oracle.webcenter.collab.forum.internal.jive.JiveForumSession.login(JiveForumSession.java:186)
... 13 more
Caused by: oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header
at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:1833)
at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:1408)
at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:238)
at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:109)
at oracle.j2ee.ws.client.jaxws.WsClientProxyInvocationHandler.invoke(WsClientProxyInvocationHandler.java:261)
at com.sun.proxy.$Proxy469.getUserByUsername(Unknown Source)
at oracle.webcenter.collab.forum.internal.jive.JiveAuthenticator.login(JiveAuthenticator.java:205)
... 14 more
]]
[<date>] [WC_Spaces1] [ERROR] [WSM-00279] [oracle.wsm.resources.security] [tid: pool-1-daemon-thread-15] [userId: <user>] [ecid: <ecid>,0:2:15] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_client_policy] The following Fault Message is received at the client side from the service:- [[
InvalidSecurity : error in processing the WS-Security security header.
The client side policy is:-
oracle/wss11_saml_token_with_message_protection_client_policy.
The service endpoint url is:-
https://<host:port>/owc_discussions/OWCDiscussionsServiceAuthenticated.
[<date>] [WC_Spaces1] [ERROR] [WCS-67005] [oracle.webcenter.concurrent.Submission] [tid: pool-1-daemon-thread-14] [userId: <user>] [ecid: <ecid>,0:2:13] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] Submission[id=15, task=Task[class=oracle.webcenter.collab.share.Session$1, service=oracle.webcenter.collab.forum, resource=null, isDone=false, requestedTimeoutPeriod=100000ms, actualTimeoutPeriod=100000ms], source=Task[class=oracle.webcenter.collab.share.Session$1, service=oracle.webcenter.collab.forum, resource=null, isDone=false, requestedTimeoutPeriod=100000ms, actualTimeoutPeriod=100000ms] (class=oracle.webcenter.collab.share.Session$1), submittedTime=1565795966609, stopRequestedTime=0, isHung=false] caught exception running task: Task[class=oracle.webcenter.collab.share.Session$1, service=oracle.webcenter.collab.forum, resource=null, isDone=false, requestedTimeoutPeriod=100000ms, actualTimeoutPeriod=100000ms].[[
oracle.webcenter.collab.share.LoginFailedException: failure to authenticate the user <user>, due to: Unexpected error occurred, due to : oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header
at oracle.webcenter.collab.forum.internal.jive.JiveForumSession.login(JiveForumSession.java:213)
at oracle.webcenter.collab.share.Session$1.call(Session.java:685)
at oracle.webcenter.collab.share.Session$1.call(Session.java:678)
at oracle.webcenter.concurrent.Submission$2.run(Submission.java:491)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
...
Caused by: oracle.webcenter.collab.share.SessionException: Unexpected error occurred, due to : oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header
at oracle.webcenter.collab.forum.internal.jive.JiveAuthenticator.login(JiveAuthenticator.java:229)
at oracle.webcenter.collab.forum.internal.jive.JiveForumSession.login(JiveForumSession.java:186)
... 13 more
Caused by: oracle.j2ee.ws.client.jaxws.JRFSOAPFaultException: Client received SOAP Fault from server : InvalidSecurity : error in processing the WS-Security security header
at oracle.j2ee.ws.client.jaxws.DispatchImpl.throwJAXWSSoapFaultException(DispatchImpl.java:1833)
at oracle.j2ee.ws.client.jaxws.DispatchImpl.invoke(DispatchImpl.java:1408)
at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.synchronousInvocationWithRetry(OracleDispatchImpl.java:238)
at oracle.j2ee.ws.client.jaxws.OracleDispatchImpl.invoke(OracleDispatchImpl.java:109)
at oracle.j2ee.ws.client.jaxws.WsClientProxyInvocationHandler.invoke(WsClientProxyInvocationHandler.java:261)
at com.sun.proxy.$Proxy469.getUserByUsername(Unknown Source)
at oracle.webcenter.collab.forum.internal.jive.JiveAuthenticator.login(JiveAuthenticator.java:205)
... 14 more
]]
[<date>] [WC_Spaces1] [ERROR] [WSM-00279] [oracle.wsm.resources.security] [tid: pool-1-daemon-thread-15] [userId: <user>] [ecid: <ecid>,0:2:15] [APP: webcenter] [partition-name: DOMAIN] [tenant-name: GLOBAL] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_client_policy] The following Fault Message is received at the client side from the service:- [[
InvalidSecurity : error in processing the WS-Security security header.
The client side policy is:-
oracle/wss11_saml_token_with_message_protection_client_policy.
The service endpoint url is:-
https://<host:port>/owc_discussions/OWCDiscussionsServiceAuthenticated.
The Collaboration diagnostic log with trace enabled shows the following errors:
[<date>] [WC_Collaboration1] [ERROR] [WSM-00008] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] Login Exception: Login Failure: all modules ignored.
[<date>] [WC_Collaboration1] [TRACE] [] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] [SRC_CLASS: oracle.wsm.common.logging.WsmMessageLogger] [SRC_METHOD: logSevere] [[
javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:906)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
...
[<date>] [WC_Collaboration1] [ERROR] [WSM-00006] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] Error in receiving the request: oracle.wsm.security.SecurityException: WSM-00423 : Web service authentication failed..
[<date>] [WC_Collaboration1] [TRACE] [] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] [SRC_CLASS: oracle.wsm.common.logging.WsmMessageLogger] [SRC_METHOD: logSevere] [[
oracle.wsm.security.SecurityException: WSM-00423 : Web service authentication failed.
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:248)
at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:416)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticateSamlToken(WssSaml11TokenProcessor.java:516)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticate(WssSaml11TokenProcessor.java:356)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:800)
...
Caused by: javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:906)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
...
[<date>] [WC_Collaboration1] [ERROR] [WSM-07607] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.
[<date>] [WC_Collaboration1] [TRACE] [] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] [SRC_CLASS: oracle.wsm.common.logging.WsmMessageLogger] [SRC_METHOD: logSevere] [[
javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:906)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
...
[<date>] [WC_Collaboration1] [ERROR] [WSM-00006] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] Error in receiving the request: oracle.wsm.security.SecurityException: WSM-00423 : Web service authentication failed..
[<date>] [WC_Collaboration1] [TRACE] [] [oracle.wsm.resources.security] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] [SRC_CLASS: oracle.wsm.common.logging.WsmMessageLogger] [SRC_METHOD: logSevere] [[
oracle.wsm.security.SecurityException: WSM-00423 : Web service authentication failed.
at oracle.wsm.security.jps.JpsManager.authenticate(JpsManager.java:248)
at oracle.wsm.security.jps.JpsManager.samlAuthenticate(JpsManager.java:416)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticateSamlToken(WssSaml11TokenProcessor.java:516)
at oracle.wsm.security.policy.scenario.processor.WssSaml11TokenProcessor.authenticate(WssSaml11TokenProcessor.java:356)
at oracle.wsm.security.policy.scenario.processor.WssSamlTokenProcessor.verify(WssSamlTokenProcessor.java:800)
...
Caused by: javax.security.auth.login.LoginException: Login Failure: all modules ignored
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:906)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
...
[<date>] [WC_Collaboration1] [ERROR] [WSM-07607] [oracle.wsm.resources.enforcement] [tid: [ACTIVE].ExecuteThread: '29' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: anonymous] [ecid: <ecid>,0:2:29:139:2] [APP: owc_discussions] [partition-name: DOMAIN] [tenant-name: GLOBAL] [J2EE_APP.name: owc_discussions] [J2EE_MODULE.name: owc_discussions] [WEBSERVICE.name: OWCDiscussionsServiceAuthenticated] [WEBSERVICE_PORT.name: OWCDiscussionsServiceAuthenticated] [oracle.wsm.policy.name: oracle/wss11_saml_token_with_message_protection_service_policy] Failure in execution of assertion {http://schemas.oracle.com/ws/2006/01/securitypolicy}wss11-saml-with-certificates executor class oracle.wsm.security.policy.scenario.executor.Wss11SamlWithCertsScenarioExecutor.
STEPS
The issue can be reproduced at will with the following steps:
- Connect to WebCenter Portal.
- Navigate to a Portal with Discussions Service Enabled.
- Select the Discussions page.
Here you will see the error.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Cause |
| Solution |
| References |