Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

The security token could not be authenticated or authorized

SA-6326

Summary



Connect-SOAP has been configured with WS Security enabled. The WS-Security Profile has a Configuration item defined in the InFlow tab. Both Keystore and Trustore have been correctly associated. When running the Connect-SOAP rule it fails with error:"The security token could not be authenticated or authorized"






Error Messages



"The security token could not be authenticated or authorized"
2015-02-10 10:40:20,595 [   WebContainer : 16] [  STANDARD] [  Financing:02.01.01] (      internal.mgmt.Executable) ERROR xxxxxxxxxxxxxxx.yyyyy.zzzzz.vv|xx.xxx.xxx.xxx abcdefg.hijklm - Exception
com.pega.pegarules.pub.services.RemoteApplicationException: SOAP service failed
    at com.pegarules.generated.activity.ra_action_invokeaxis2_3a5581a813f83a8f15fe20dfd7facfa1.step17_circum0(ra_action_invokeaxis2_3a5581a813f83a8f15fe20dfd7facfa1.java:4201)
    at com.pegarules.generated.activity.ra_action_invokeaxis2_3a5581a813f83a8f15fe20dfd7facfa1.perform(ra_action_invokeaxis2_3a5581a813f83a8f15fe20dfd7facfa1.java:342)
    at com.pega.pegarules.session.internal.mgmt.Executable.doActivity(Executable.java:3375)
...........
Caused by: 
com.pega.apache.axis2.AxisFault: WSDoAllReceiver: security processing failed
    at com.pega.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:217)
    at com.pega.apache.rampart.handler.WSDoAllReceiver.processMessage(WSDoAllReceiver.java:85)
    at com.pega.apache.rampart.handler.WSDoAllHandler.invoke(WSDoAllHandler.java:72)
............
Caused by: 
com.pega.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized
    at com.pega.apache.ws.security.validate.SignatureTrustValidator.validate(SignatureTrustValidator.java:86)
    at com.pega.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:187)
    at com.pega.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
    at com.pega.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:303)
    at com.pega.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:248)
    at com.pega.apache.rampart.handler.WSDoAllReceiver.processBasic(WSDoAllReceiver.java:214)

Steps to Reproduce



1) Create a Connect SOAP with WS Security enabled
2) Create a Security Profile and associate it to the Connect-SOAP.
3) Specify a Security Configuration Item in the InFlow tab.
4) Associate Keystore and Truststore in the KeyStore tab.
4) Run the Connect-SOAP and the below error will be thrown:

"The security token could not be authenticated or authorized"

Root Cause



The error is throwing from Java code in step 7 of InvokeAxis2 Activity. The code is attempting to retrieve the SSL certificate from the Keystore, but since the certificate is not present in the Keystore, the error is thrown. Administrator has incorrectly included the SSL certificate in Truststore instead of KeyStore.  

Resolution



Add the correct SSL certificate in the Keystore.

Tags:

Pega Platform Pega Platform 7.1.7 Data Integration

Published January 31, 2016 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us