Exception: Unable to add security token for identity

Similar Messages

• WS-Security and proxy service: Unable to add security token for identity

  What the reason of "Unable to add security token for identity" fault in this situation (10.3.1):
  I did simple "hello word" proxy service and tried to apply custom policy binding.
  WS-Policy is next:
  <wsp:Policy wsu:Id="WS-Policy-Siebel"
       xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
       xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
       <wssp:Identity
            xmlns:wssp="http://www.bea.com/wls90/security/policy">
            <wssp:SupportedTokens>
                 <wssp:SecurityToken
                      TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken">
                      <wssp:UsePassword
                           Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" />
                 </wssp:SecurityToken>
            </wssp:SupportedTokens>
       </wssp:Identity>
  </wsp:Policy>
  Process WS-Security is setted to "yes".
  While debugging I see that all works fine - I can authenticate with defined credentials and breakpoints in proxy service flow works fine.
  But at the end I get the fault:
  Soap fault:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Header/>
  <env:Body>
  <env:Fault>
  <faultcode>env:Server</faultcode>
  <faultstring>Unable to add security token for identity</faultstring>
  </env:Fault>
  </env:Body>
  </env:Envelope>
  In console:
  <09.06.2010 17:39:18 MSD> <Error> <OSB Security> <BEA-387023> <An error ocurred during web service security inbound response processing [error-code: F
  ault, message-id: 1721282272521583996--57dc4ccc.1291cc2282d.-7fab, proxy: OSB Project WS-Security/WSSecurityService, operation: NewOperation]
  --- Error message:
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Header/><env:Body><env:Fault><faultcode>env:Server</faultcode><faultstring>Un
  able to add security token for identity</faultstring></env:Fault></env:Body></env:Envelope>
  weblogic.xml.crypto.wss.WSSecurityException: Unable to add security token for identity
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processIdentity(SecurityPolicyDriver.java:175)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:73)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:64)
  at weblogic.wsee.security.WssServerHandler.processOutbound(WssServerHandler.java:88)
  at weblogic.wsee.security.WssServerHandler.processResponse(WssServerHandler.java:70)
  Truncated. see log file for complete stacktrace
  Incoming soap message is:
  <soapenv:Envelope      xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header      xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <wsse:Security      soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken      wsu:Id="unt_TNNp0cBwU7HyPKoq" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsse:Username>testuser</wsse:Username>
  <wsse:Password      Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">testuser</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </soap:Header>
  <soapenv:Body>
  <wss:NewOperation      xmlns:wss="http://www.troika.ru/Enterprise/WSSecurityService/">
  <in>string</in>
  </wss:NewOperation>
  </soapenv:Body>
  </soapenv:Envelope>
  Edited by: Andrey L. on Jun 9, 2010 5:55 PM

  I thought you were getting that exception when accessing the proxy.
  No. Authentification works fine. Proxy body works fine. But at the end of proxy appears the exception.
  Sorry for my english - I tried to show this situation on image: http://imglink.ru/show-image.php?id=9c0e0c1719f00289faf11696c6703bc3
  Are you getting this exception when routing to a business service which is configured for WS-Security ??
  I don't use business service in this test project - only simple proxy service with all logic inside.
  PS transformation in replace action is very simple too:
  (:: pragma bea:global-element-parameter parameter="$newOperation1" element="ns0:NewOperation" location="WSSecurityService.wsdl" ::)
  (:: pragma bea:global-element-return element="ns0:NewOperationResponse" location="WSSecurityService.wsdl" ::)
  declare namespace ns0 = "http://www.troika.ru/Enterprise/WSSecurityService/";
  declare namespace xf = "http://tempuri.org/OSB%20Project%20WS-Security/Hello/";
  declare function xf:Hello($newOperation1 as element(ns0:NewOperation))
  as element(ns0:NewOperationResponse) {
  <ns0:NewOperationResponse>
  <out>Hello, { data($newOperation1/in) }!</out>
  </ns0:NewOperationResponse>
  declare variable $newOperation1 as element(ns0:NewOperation) external;
  xf:Hello($newOperation1)
  Edited by: Andrey L. on Jun 10, 2010 12:21 PM

• Unable to add security token for identity

  Hi all,
  I am trying to implement a web service with username token authentication. I have defined the ws -policies in the wsdl, and checked the Process Security Header checkbox in the proxy configuration. But when I invoke the proxy through test console and pass the full soap envelope , I am getting an "Unable to add security token for identity" error
  This is how the soap header looks from the request document part of the test console:
       <soap:Header>
       <wsse:Security>
       <wsse:UsernameToken>
       <wsse:Username>xxxxx</wsse:Username>
       <wsse:Password      Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yyyyyy</wsse:Password>
       </wsse:UsernameToken>
       </wsse:Security>
       </soap:Header>
       <soap:Body>
  I have configured the user at alsb security configuration and added an acces policy stating that the proxy can be accessed only by user "xxxx"
  Please help
  -Atheek

  Mostafa ,
  This points to a misconfiguration of your security. Possible causes are:
  * There is not a valid RSA key to sign the SAML token with.
  * The SAML CredentialMapper is missing
  * There is no Relying Party (rp) configured for SAML Credential Mapper that matches your producer
  * The producer is using User Name Token and you have no configured the DefaultCredentialMapper to allow for UserNameToken.
  Good Luck,
  Nate
  Edited by: user650654 on Sep 9, 2008 4:31 AM

• Unable to find security data for sender

  Hello, does anybody know what this message means. The problem appear when I send an Idoc to XI. Other interfaces (Master data) are working properly. My question is, do I need to make some extra settings for the transactional data interfaces (SHPMNT)?
    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
  - <!--  Technical Routing
    -->
  - <SAP:ErrorHeader xmlns:SAP="http://sap.com/exchange/MessageFormat">
    <SAP:Context />
    <SAP:Code p1="sapdev222,SHPMNT.SHPMNT05/urn:sap-com:document:sap:idoc:messages" p2="VENDORMASTER_WOLTERKLUWER_ERP_BE,IDZ0001_DeliveryReplicate_IB/http://wolterskluwer.com/xi/midas_deliveries" p3="" p4="">PHYROU.UNDEFINED_SECURITY</SAP:Code>
    <SAP:Text language="EN">Technical routing: Unable to find security data for sender sapdev222,SHPMNT.SHPMNT05/urn:sap-com:document:sap:idoc:messages for receiver VENDORMASTER_WOLTERKLUWER_ERP_BE,IDZ0001_DeliveryReplicate_IB/http://wolterskluwer.com/xi/midas_deliveries</SAP:Text>
    </SAP:ErrorHeader>
  regards
  Ernesto Duran

  HI,
  i am also getting the same error in my scenario. Could u plz inform me what is the solution?
  Rgds,
  Ram Sri

• Unable to add POP Account for Outlook 2011 for Mac.

  Hi, I have bought the Outlook 2011 for Mac recently, but I am unable to add an account for my email
  Here is what I did:
  Tools > Accounts> (a window pops out) > click "Email Account" and the thing just froze.
  Tried restarting and reinstalling.. but does not work.
  However, when I tried clicking  "Exchange account" a window requesting email information slides down, which is what I need to setup my POP account!!!

  Hi, I have bought the Outlook 2011 for Mac recently, but I am unable to add an account for my email
  This forum is for Windows based Outlook. Suggest you post the question to the Mac based Outlook forum for quicker/relevant responses to your question
  Office for Mac (Outlook)
  http://answers.microsoft.com/en-us/mac/forum/macoffice2011-macoutlook?sort=lastreplydate&dir=desc&tab=Threads&status=&mod=&modAge=&advFil=&postedAfter=&postedBefore=&threadType=All&tm=1416101390880
  Karl Timmermans [Outlook MVP] "Outlook Contact Import/Export/Data Mgmt" http://www.contactgenie.com

• Unable to "Add Rule Policies for Rule Builder"

  Hi,
  I have requirement to implmenet territory management. But I am unable to add 'Rule Policies for Rule Builder' in WebUI. When I go to Rule Policies(under the section 'Sales Operations') and Click on 'New'. A Pop up comes up with ID- 'TM' (Territory Management) as selection option. But when i click on it nothing happens. Please let me know the reason and solution of the same.
  Please note that I have already implemented below mentioned steps:
  1. Copy Rule Attributes in Client 000 to Transport request
  2. These services are Active:
  u2022 md110empbp_job
  u2022 md110fdt_tmgmt
  u2022 md110h_tmgmt
  u2022 md110m_tmgmt
  u2022 md110simu_tmgmt
  u2022 md110s_tmgmt
  3. Assign authorization object CRM_FDT to business role.
  4. Tried checking in firefox, as it was not working on IE.
  Please suggest a fix for this.
  Regards,
  Amit

  Hi Amit
  Hope this documentation link helps you
  http://help.sap.com/saphelp_crm70/helpdata/en/1e/606658bed54f8eb2d00a34991d85d5/frameset.htm
  thanks & Regards
  Raj

• Exception: Unable to add a URI or prefix string to dictionary

  I'm getting the "Unable to add a URI or prefix string to dictionary" exception when I was trying to import a 570MB XML document to the container. The exception goes away if I delete my indexes in the container and import the document again. I wonder if the exception implies that I'm out of space for the indexes? Does anyone have any suggestion for this problem if I don't want to remove the indexes? The queries are running too slow if I remove the indexes.
  Thank you very much!

  Hi,
  That's a bug in DB XML, which may be masking another error. To find out what the other error is, can you make a small change to DB XML, recompile and try to load the document again? In dbxml/src/dbxml/nodeStore/NsDoc.cpp can you find this function:
  int
  NsDoc::addIDForString(const char *strng, size_t len)
       DBXML_ASSERT(dict_);
       DBXML_ASSERT(::strlen(strng) == len);
       NameID id;
       int err = dict_->lookupIDFromStringName(oc_, strng, len, id, true);
       if (err != 0) {
            std::string error =  "Unable to add a URI or prefix string to dictionary: ";
            error += (std::string)strng;
            NsUtil::nsThrowException(XmlException::DATABASE_ERROR,
                            error.c_str(),
                            __FILE__, __LINE__);
       return (int)id.raw();
  }and change it to this:
  int
  NsDoc::addIDForString(const char *strng, size_t len)
       DBXML_ASSERT(dict_);
       DBXML_ASSERT(::strlen(strng) == len);
       NameID id;
       int err = dict_->lookupIDFromStringName(oc_, strng, len, id, true);
       if (err != 0) {
            throw XmlException(err);
       return (int)id.raw();
  }Thanks,
  John

• How to add Security Token / Username/Password on WSDL?

  Hello,
  I have made a BPEL process i.e. exposed as a http WebService. I want to use Security Token on it. Because of Security reason I don't want anyone able to call my WebService unless they provide us the username and password.
  Thanks.

  See
  Disabling
  Remote Development Services
  If you use Macromedia Dreamweaver MX or Macromedia HomeSite+ to
  develop your applications, you can access a remote ColdFusion MX 7
  server using HTTP. However, you must configure Remote Development
  Services (RDS) in your integrated development environment (IDE),
  and RDS must be enabled in ColdFusion MX 7. Using RDS, IDE users
  can securely access remote files and data sources, build SQL
  queries from these data sources, and debug CFML code.
  Note: The ColdFusion Report Builder uses RDS for the Query
  Builder and for charting support.
  However, for security reasons, Macromedia recommends that you
  disable RDS on a production server. To disable it, you must disable
  the RDSServlet mapping.
  You actually configure your data sources through the
  ColdFusion Administrator (and I guess through Dreamweaver too,
  although I have never used it myself), but RDS lets you work with
  them. Bottom line, if you allow your developer access to ColdFusion
  via RDS, then they will have all of the privileges that are allowed
  to the data source for the account that is configured in the
  ColdFusion administrator for that database.
  Phil

• Unable to purchase game tokens for games downloaded under old Apple ID

  My old email account was high jacked and then my apple account.  i cancelled the credit card on file and created a new Apple ID.  I could not recover control of the old account because the password, security questions and birthdate were changed.  Now, I cannot purchase game tokens for games downloaded under the old account.  Any ideas?

  You'll have to redownload the game(s) using your new ID.
   Cheers, Tom

• Unable to add body text for Purchase Order

  Hi,
  If this question has been posted before request send me the link .
  We are sending PO as a PDF attachment to email.
  To add body text to this I copied the print program SAPFM06P and modified the fm06pe04 program.
  DATA : l_mail_text TYPE bcsy_text,
                   l_mail_text_row TYPE soli.
            CONCATENATE 'Please check the' ' Attached file' INTO l_mail_text_row.
            APPEND l_mail_text_row TO l_mail_text.
              document = cl_document_bcs=>create_document(
                  i_type    = 'PDF' " cf. RAW, DOC
                  i_hex     = pdf_content
                  i_text    = l_mail_text               "added by me
                  i_length  = lp_pdf_size
                  i_subject = lv_subject ).                   "#EC NOTEXT
  But it does not show in the body text.
  But if I use the add_attachment method the text comes as an attachment.
  I am not sure what is the error here.
  Regards,
  Narayani

  DATA: send_request       TYPE REF TO cl_bcs.
    DATA: text               TYPE bcsy_text.
    DATA: binary_content     TYPE solix_tab.
    DATA: document           TYPE REF TO cl_document_bcs.
    DATA: sender             TYPE REF TO cl_sapuser_bcs.
    DATA: recipient          TYPE REF TO if_recipient_bcs.
    DATA: bcs_exception      TYPE REF TO cx_bcs.
    DATA: sent_to_all        TYPE os_boolean.
           Convert the OTF file format ino the PDF format.
            CALL FUNCTION 'CONVERT_OTF_2_PDF'
              IMPORTING
                bin_filesize           = lwa_bin_filesize
              TABLES
                otf                    = lt_otf
                doctab_archive         = lt_doctab_archive
                lines                  = lt_pdf_lines
              EXCEPTIONS
                err_conv_not_possible  = 1
                err_otf_mc_noendmarker = 2
                OTHERS                 = 3.
            REFRESH lt_objbin.
           get the pdf data into the attachment table .
            CALL FUNCTION 'SX_TABLE_LINE_WIDTH_CHANGE'
              EXPORTING
                line_width_dst              = 255
              TABLES
                content_in                  = lt_pdf_lines
                content_out                 = lt_objbin
              EXCEPTIONS
                err_line_width_src_too_long = 1
                err_line_width_dst_too_long = 2
                err_conv_failed             = 3
                OTHERS                      = 4.
           Refresh the local tables and workareas.
            REFRESH: lt_reclist,
                     lt_objtxt,
                     lt_objpack.
            TRY.
                CLEAR send_request.
      -------- create persistent send request ------------------------
                send_request = cl_bcs=>create_persistent( ).
      -------- create and set document with attachment ---------------
      create document from internal table with text
                REFRESH text.
                APPEND 'Body1.' TO text.
                APPEND 'Body2.'TO text.
                APPEND 'Body3.'TO text.
                CLEAR document.
                document = cl_document_bcs=>create_document(
                                i_type    = 'RAW'
                                i_text    = text
                                i_length  = '12'
                                i_subject = 'Electronic Payment Notification' ).
                FIELD-SYMBOLS <fs_x> TYPE x.
                DATA lv_content  TYPE xstring.
                CLEAR lv_content.
                LOOP AT lt_objbin INTO lwa_objbin.
                  ASSIGN lwa_objbin TO <fs_x> CASTING.
                  CONCATENATE lv_content <fs_x> INTO lv_content IN BYTE MODE.
                ENDLOOP.
                CLEAR pdf_content.
                pdf_content = cl_document_bcs=>xstring_to_solix(
                        ip_xstring = lv_content ).
      add attachment to document
      BCS expects document content here e.g. from document upload
      binary_content = ...
                CONCATENATE 'Remittance_' sy-datum sy-uzeit '.pdf' INTO lv_filename_cl.
                CALL METHOD document->add_attachment
                  EXPORTING
                    i_attachment_type    = 'PDF'
                    i_attachment_subject = lv_filename_cl
                    i_att_content_hex    = pdf_content.
      add document to send request
                CALL METHOD send_request->set_document( document ).
      --------- set sender -------------------------------------------
      note: this is necessary only if you want to set the sender
            different from actual user (SY-UNAME). Otherwise sender is
            set automatically with actual user.
                CLEAR sender.
                sender = cl_sapuser_bcs=>create( sy-uname ).
                CALL METHOD send_request->set_sender
                  EXPORTING
                    i_sender = sender.
                CALL METHOD send_request->set_status_attributes(
                  EXPORTING
                  i_requested_status = 'N'
                  i_status_mail = 'N' ).
           Fill the receiver for the email with PDF attachemnt.
                CLEAR : lwa_reclist,
                        lwa_lfa1,
                        lwa_adr6.
                CLEAR lwa_lfa1.
                READ TABLE lt_lfa1
                      INTO lwa_lfa1
                      WITH KEY lifnr = lwa_reguh-lifnr.
                IF sy-subrc EQ 0.
                  CLEAR lwa_adr6.
                  READ TABLE lt_adr6
                        INTO lwa_adr6
                        WITH KEY addrnumber = lwa_lfa1-adrnr.
                  IF ( sy-subrc EQ 0 )
                    AND ( lwa_adr6-smtp_addr IS NOT INITIAL ).
      --------- add recipient (e-mail address) -----------------------
      create recipient - please replace e-mail address !!!
                    CLEAR recipient.
                    recipient = cl_cam_address_bcs=>create_internet_address(
                                                     lwa_adr6-smtp_addr ).
                  ELSE.
                    CLEAR lv_fax.
                    lv_fax = lwa_lfa1-telfx.
                    recipient = cl_cam_address_bcs=>create_fax_address(
                    i_country = lwa_lfa1-land1
                     i_number = lv_fax ).
                  ENDIF.
                ENDIF.
      add recipient with its respective attributes to send request
                CALL METHOD send_request->add_recipient
                  EXPORTING
                    i_recipient = recipient
                    i_express   = 'X'.
      ---------- send document ---------------------------------------
                CALL METHOD send_request->send(
                  EXPORTING
                    i_with_error_screen = 'X'
                  RECEIVING
                    result              = sent_to_all ).
                IF sent_to_all = 'X'.
                  WRITE text-003.
                ENDIF.
                COMMIT WORK.
              CATCH cx_bcs INTO bcs_exception.
                WRITE: 'Error Occured'.
                WRITE: 'Error', bcs_exception->error_type.
                EXIT.
            ENDTRY.

• Unable to access secured site for some

  Greetings.
  I have setup a secured website on a 10.4 server. The site is the default page in the WebServer\Documents folder.
  I can access it fine from work and have had others access it without issue from computers at their homes using typical ISPs. However, when I try to have other access it from other locations using the same login and password, such as a business with its own networks, they are unable to connect. They get back an error message saying the password is in correct.
  Everyone can access the site when I have the security settings turned off.
  I have set up a realm to handle accessing the site. I have the following also enabled:
  WebDAV
  IP addess is set
  domain is set
  I am using Port 80
  Realm authorization is set to "Basic"
  Performance Cache is on
  I DO NOT have the following on or active:
  SSL
  SSI
  I am sure I am missing something else.
  Any input would be greatly appreciated.
  Thanks in advance for your help.

  Open the terminal window in the iMac and enter the following command:
  traceroute \[domain name here\]
  That will trace the route from your computer to their site and you will be able to see where it stops. There are a number of things that might cause this kind of problem:
  1. The website is down
  2. There's a network problem between your ISP and them
  3. They are blocking your IP address or your ISP for some reason
  4. Content filtering or the firewall in your router is blocking the website

• Unable to add security.core to used DC

  Hi all
  I am trying to add the DC "com.sap.security.core.sda" and I can't ..
  it gives me the error message "Illegal dependency: Access list doesn't allow use of sap.com/com.sap.security.core.sda for ....."
  any help please?
  Thanks & Regards

  Hi Ali,
  Navigate to this path:
  <b>C:\Program Files\SAP\IDE\IDE70</b>\eclipse\plugins\com.sap.tc.ap_2.0.0\comp\SAP-JEE\DCs\sap.com\com.sap.security.core.sda\_comp
  The path in bold may differ as per your installation.
  Open the .dcdef file in notepad and make this entry(in bold) in that file
  <access-control-list>
  <b><grant>
                 <dc-ref>
                      <name>*</name>
                      <vendor>sap.com</vendor>
                 </dc-ref>               
            </grant></b></access-control-list>
  Close your NWDS and restart it once again.
  Now you would be able to access that required DC.
  Warm Regards,
  Murtuza

• Unable to add XML support for the jws created

  Hi,
  I have created a web service, with a method called "Query".
  I would like add an input parameter to this method using XML bean types.
  I am following the weblogic workshop tutorials(http://edocs.bea.com/workshop/docs81/doc/en/core/index.html), topic Tutorial:Web Services.
  I was able to complete steps 1,2,3 described.
  However Step 4 Point 7, i fail to see the schema elements.
  Could you pls let me know the reason for the above.
  Pls find attached the screen shot of the failure of step 4.
  Regards
  Vidya

  Please open a case with BEA customer support. Give them the URL for this posting
  http://forums.bea.com/bea/thread.jspa?threadID=400003485&tstart=0&mod=1177942950176
  I believe the problem you see is addressed in CR296902

• Maps 3.09 unable to add NEW location for check-in

  3.09 no longer support Checkin, I re-flashed my phone and I totaly lost Checkin :-(

  I just found this link, saying add place feature in Nokia Map may disabled in some country, what are the countries which had been disabled to use add place feature?
  Anyone know does add place feature in Nokia Map was disable in Malaysia? If yes, why disables it? It's useless for check in if this add place featue is disabled, you cant even add a new place if your check in place not found in the list.
  Anyone has clue for this?
  If you find this post helpful, please show your appreciation by clicking the Kudos star at the left. If it provides you the solution, please click on the GREEN Accept as Solution button at below

• It doesn't allow me to add security excerption for intranet site I need to use

  It happens only after downloading the latest Firefox. When I try to added a website we use for testing, I got a failure due to the certificate being self-signed. Your system is not allowing me to added as trusted site either.
  Please help is an intranet site

  An iPod (and iPad) ony have a phone number for Messages (and FaceTime) if there is an iPhone with Messages/Facetime using the same ID for Messages and facetime.
  iOS and OS X: Link your phone number and Apple ID for use with FaceTime and iMessage
  If you can't change the Settings that means that the Restrictions that prevent changing accounts is set. Settings>General>Restrictions