Support Article
The security token could not be authenticated or authorized
SA-6326
Summary
Connect-SOAP has been configured with WS Security enabled. The WS-Security Profile has a Configuration item defined in the InFlow tab. Both Keystore and Trustore have been correctly associated. When running the Connect-SOAP rule it fails with error:"The security token could not be authenticated or authorized"
Error Messages
"The security token could not be authenticated or authorized"
2015-02-10 10:40:20,595 [ WebContainer : 16] [ STANDARD] [ Financing:02.01.01] ( internal.mgmt.Executable) ERROR xxxxxxxxxxxxxxx.yyyyy.zzzzz.vv|xx.xxx.xxx.xxx abcdefg.hijklm - Exception
com.pega.pegarules.pub.services.RemoteApplicationException: SOAP service failed
at com.pegarules.generated.activity.ra_action_invokeaxis2_3a5581a813f83a8f15fe20dfd7facfa1.step17_circum0(ra_action_invokeaxis2_3a5581a813f83a8f15fe20dfd7facfa1.java:4201)
at com.pegarules.generated.activity.ra_action_invokeaxis2_3a5581a813f83a8f15fe20dfd7facfa1.perform(ra_action_invokeaxis2_3a5581a813f83a8f15fe20dfd7facfa1.java:342)
at com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:3375)
...........
Caused by:
com.pega.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed
at com.pega.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:217)
at com.pega.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:85)
at com.pega.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
............
Caused by:
com.pega.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
at com.pega.apache.ws.security.validate.SignatureTrustValidator.validate(SignatureTrustValidator.java:86)
at com.pega.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:187)
at com.pega.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
at com.pega.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:303)
at com.pega.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:248)
at com.pega.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:214)
Steps to Reproduce
1) Create a Connect SOAP with WS Security enabled
2) Create a Security Profile and associate it to the Connect-SOAP.
3) Specify a Security Configuration Item in the InFlow tab.
4) Associate Keystore and Truststore in the KeyStore tab.
4) Run the Connect-SOAP and the below error will be thrown:
"The security token could not be authenticated or authorized"
Root Cause
The error is throwing from Java code in step 7 of InvokeAxis2 Activity. The code is attempting to retrieve the SSL certificate from the Keystore, but since the certificate is not present in the Keystore, the error is thrown. Administrator has incorrectly included the SSL certificate in Truststore instead of KeyStore.
Resolution
Add the correct SSL certificate in the Keystore.
Published January 31, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.