WS-Security and proxy service: Unable to add security token for identity

Similar Messages

• Unable to add security token for identity

  Hi all,
  I am trying to implement a web service with username token authentication. I have defined the ws -policies in the wsdl, and checked the Process Security Header checkbox in the proxy configuration. But when I invoke the proxy through test console and pass the full soap envelope , I am getting an "Unable to add security token for identity" error
  This is how the soap header looks from the request document part of the test console:
       <soap:Header>
       <wsse:Security>
       <wsse:UsernameToken>
       <wsse:Username>xxxxx</wsse:Username>
       <wsse:Password      Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">yyyyyy</wsse:Password>
       </wsse:UsernameToken>
       </wsse:Security>
       </soap:Header>
       <soap:Body>
  I have configured the user at alsb security configuration and added an acces policy stating that the proxy can be accessed only by user "xxxx"
  Please help
  -Atheek

  Mostafa ,
  This points to a misconfiguration of your security. Possible causes are:
  * There is not a valid RSA key to sign the SAML token with.
  * The SAML CredentialMapper is missing
  * There is no Relying Party (rp) configured for SAML Credential Mapper that matches your producer
  * The producer is using User Name Token and you have no configured the DefaultCredentialMapper to allow for UserNameToken.
  Good Luck,
  Nate
  Edited by: user650654 on Sep 9, 2008 4:31 AM

• Exception: Unable to add security token for identity

  Hi Friends,
  I was trying to add SAML tokens(Sender-Voucher Profile) to my web services. I configured WLS and ALSB with all Authentication settings but I get a SOAPFaultException when i run the client.
  javax.xml.rpc.soap.SOAPFaultException: Unable to add security token for identity
  I tried the following samples:
  https://codesamples.projects.dev2dev.bea.com/servlets/Scarab/remcurreport/true/template/ViewIssue.vm/id/S10/eventsubmit_dosetissueview/foo/resultpos/-1/nbrresults/0/action/ViewIssue/tab/2/readonly/false
  https://codesamples.projects.dev2dev.bea.com/servlets/Scarab/remcurreport/true/template/ViewIssue.vm/id/S203/nbrresults/39
  Is there any configuration on WLS that needs to be verified when we get this Exception "Unable to add security token for identity"??
  Any help is appreciated in this regard.
  Thanks,
  Kiran

  Hello Kiran,
  Is this problem resolved?. I am facing the same problem when i was trying to call a service .
  The exception i got is as follows:
  (D-113003875) server (IBwlpAdminServer) Method (com.zurich.ep.global.produc
  metadata.impl.ProductMetaDataServiceImpl.getAllProducts:234) ==> Host (D-113003
  75) server (IBwlpAdminServer) Method (com.zurich.ep.service.delegate.AbstractEx
  eptionHandler.logException:67)
  om.zurich.ep.exception.ServiceFailureException: SOAPFaultException - FaultCode
  {http://schemas.xmlsoap.org/soap/envelope/}Server] FaultString [Unable to add s
  curity token for identity] FaultActor [null]No Detail; nested exception is:
  javax.xml.rpc.soap.SOAPFaultException: Unable to add security token for
  dentity
  at com.zurich.ep.global.productmetadata.impl.ProductMetaDataServiceImpl.
  etAllProducts(ProductMetaDataServiceImpl.java:234)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
  ava:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  orImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.zurich.ep.service.delegate.ServiceDelegateProxy.invoke(ServiceDel
  gateProxy.java:135)
  at $Proxy62.getAllProducts(Unknown Source)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
  ava:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  orImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.zurich.ep.service.delegate.ServiceAdapter.invoke(ServiceAdapter.j
  va:97)
  at $Proxy63.getAllProducts(Unknown Source)
  at com.zurich.ep.global.productmetadata.v20090601.ProductMetaDataService
  ortTypeImpl.getAllProducts(ProductMetaDataServicePortTypeImpl.java:119)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
  ava:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  orImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at weblogic.wsee.component.pojo.JavaClassComponent.invoke(JavaClassCompo
  ent.java:99)
  at weblogic.wsee.ws.dispatch.server.ComponentHandler.handleRequest(Compo
  entHandler.java:64)
  at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.j
  va:127)
  at weblogic.wsee.ws.dispatch.server.ServerDispatcher.dispatch(ServerDisp
  tcher.java:85)
  at weblogic.wsee.ws.WsSkel.invoke(WsSkel.java:80)
  at weblogic.wsee.server.servlet.SoapProcessor.handlePost(SoapProcessor.j
  va:66)
  at weblogic.wsee.server.servlet.SoapProcessor.process(SoapProcessor.java
  44)
  at weblogic.wsee.server.servlet.BaseWSServlet$AuthorizedInvoke.run(BaseW
  Servlet.java:173)
  at weblogic.wsee.server.servlet.BaseWSServlet.service(BaseWSServlet.java
  92)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run
  StubSecurityHelper.java:223)
  at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecuri
  yHelper.java:125)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
  :283)
  at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.jav
  :175)
  at weblogic.servlet.internal.WebAppServletContext$ServletInvocationActio
  .run(WebAppServletContext.java:3245)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
  Subject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
  21)
  at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppS
  rvletContext.java:2003)
  at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletC
  ntext.java:1909)
  at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.j
  va:1359)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
  aused by: java.rmi.RemoteException: SOAPFaultException - FaultCode [{http://sch
  mas.xmlsoap.org/soap/envelope/}Server] FaultString [Unable to add security toke
  for identity] FaultActor [null]No Detail; nested exception is:
  javax.xml.rpc.soap.SOAPFaultException: Unable to add security token for
  dentity
  at com.zurich.ep.service.delegate.AbstractExceptionHandler.logException(
  bstractExceptionHandler.java:67)
  at com.zurich.ep.service.delegate.client.WebServiceBusinessDelegate.invo
  e(WebServiceBusinessDelegate.java:260)
  at $Proxy61.getProductFunctionality(Unknown Source)
  at com.zurich.ep.global.productmetadata.impl.ProductMetaDataServiceImpl.
  etAllProducts(ProductMetaDataServiceImpl.java:201)
  ... 39 more
  aused by: javax.xml.rpc.soap.SOAPFaultException: Unable to add security token f
  r identity
  at weblogic.wsee.codec.soap11.SoapCodec.decodeFault(SoapCodec.java:265)
  at weblogic.wsee.ws.dispatch.client.CodecHandler.decodeFault(CodecHandle
  .java:106)
  at weblogic.wsee.ws.dispatch.client.CodecHandler.decode(CodecHandler.jav
  :91)
  at weblogic.wsee.ws.dispatch.client.CodecHandler.handleFault(CodecHandle
  .java:79)
  at weblogic.wsee.handler.HandlerIterator.handleFault(HandlerIterator.jav
  :254)
  at weblogic.wsee.handler.HandlerIterator.handleResponse(HandlerIterator.
  ava:224)
  at weblogic.wsee.ws.dispatch.client.ClientDispatcher.handleResponse(Clie
  tDispatcher.java:161)
  at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDisp
  tcher.java:116)
  at weblogic.wsee.ws.WsStub.invoke(WsStub.java:89)
  at weblogic.wsee.jaxrpc.StubImpl._invoke(StubImpl.java:335)
  at com.zurich.ep.global.chassisauthorisation.v20090601.ChassisAuthorisat
  onServicePortType_Stub.getProductFunctionality(ChassisAuthorisationServicePortT
  pe_Stub.java:145)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
  ava:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
  orImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at com.zurich.ep.service.delegate.client.WebServiceBusinessDelegate.invo
  e(WebServiceBusinessDelegate.java:225)
  ... 41 more
  aused by: weblogic.xml.crypto.wss.WSSecurityException: Unable to add security t
  ken for identity
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processIdentity(Secur
  tyPolicyDriver.java:175)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(Secur
  tyPolicyDriver.java:73)
  at weblogic.wsee.security.WssClientHandler.processOutbound(WssClientHand
  er.java:69)
  at weblogic.wsee.security.WssClientHandler.processRequest(WssClientHandl
  r.java:53)
  at weblogic.wsee.security.WssHandler.handleRequest(WssHandler.java:72)
  at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.j
  va:127)
  at weblogic.wsee.handler.HandlerIterator.handleRequest(HandlerIterator.j
  va:100)
  at weblogic.wsee.ws.dispatch.client.ClientDispatcher.dispatch(ClientDisp
  tcher.java:101)
  ... 49 more
  Thanks,
  JK

• Can anyone help me what is the use of business and proxy service in osb?

  Hi,
  I am new in Osb what is the use of business service and proxy service in osb.
  I know little bit proxy service is used for actual message flow. I saw some project proxy service invoking the (using service callout,routing and publish) service,but the wsdl of the services of the proxy and business service is same.
  Please can anyone explain the flow while executing through soapUI?(that means it will hit 1st business services or proxy service)
  I have this project structure
  business service
  1.reference.biz----> this is the wsdl of ex:reference.wsdl
  2.external.biz----> this is the wsdl of ex:external.wsdl
  proxy service
  1.referece.proxy--->this is the wsdl of ex:reference.wsdl(in this proxy we are routing to reference.biz proxy service both contains same wsdls why?)
  xqueries of request and response.
  Best Regards,
  Raju.
  Edited by: 996674 on Apr 2, 2013 10:53 PM

  Hi Raju,
  Proxy Service - It is the starting point of you OSB application which deal with receiving messages, inducing logic in it like transformation, if-else, replace, java call outs,etc. You can put in your program logic here and then invoke a business service to route it to your Database or to any other queue as per your requirement.
  Business Service - It is generally used for routing purposes, like inserting the input in your Database or sending it to a different queue or BPEL process, etc..
  Cheers,
  Rit

• Opening for Lead Web Programmer in IT Security and allied services at Mumbai

  Currently we are looking for Lead Web Programmer with US based leading organization engaged in IT Security and allied services at Mumbai.. Here are the job profile as well the company profile.
  Job Profile ::
  We are looking for an experienced high-level programmer to join our growing team. This position will be to manage a portfolio of client web-sites and the server platform it resides on. The candidate will be the primary point of for the clients and will collaborate with other team members while reporting directly to the Operations Manager. We are looking for a true “team player” to join our growing organization. THIS POSITION IS LOCATED IN OUR MUMBAI/BANDRA, INDIA OFFICE.
  Job Location : Mumbai – Bandra(West)
  Company Profile ::
  It is a Data Security and Compliance Consulting company, headquartered in California for over 16 years.
  It consults, recommends, deploys and maintains an array of IT solutions. It works with a wide range of commercial, financial, health-care, banking, education and state government entities. It is committed to developing leading-edge technological solutions for our clients’ business problems, and it has been recognized for our innovative approach to listening to our clients and providing true consultation to resolve real business problems with tried and true technical solutions.
  This is an opportunity for a Lead Web Developer/Programmer to enhance and further develop their current advanced skills, in a challenging work environment with responsibility for sophisticated and complex special projects on an on-going basis.
  Summary ::
  We are looking for an experienced high-level programmer to join our growing team. This position will be to manage a portfolio of client web-sites and the server platform it resides on. The candidate will be the primary point of for the clients and will collaborate with other team members while reporting directly to the Operations Manager. We are looking for a true “team player” to join our growing organization. THIS POSITION IS LOCATED IN OUR CLIENT’S MUMBAI/BANDRA, INDIA OFFICE.
  Requirements:
  BS in Computer Science/Engineering or equivalent
  10+ years Experience required in programming PHP + MYSQL + MSSQL + .NET, HTML + JAVA HTM L, Java script
  10+ years Experience required in IIS & Apache Environment
  5+years experience working with various CMS (ex:Word Press)
  5+years experience of CSS
  Experience working with Web Hosting Management Tools (ex: c Panel, Parallels),preferred but not required
  Experience managing large portfolio of web-sites, preferred but not required.
  Excellent English communication skills.
  Ability to work effectively in a team-based environment and a demonstrated
  willingness to support team on all levels to get the job done.
  Working Hours : NIGHT HOURS for PERMANANT BASIS.
  If you are interested for this profile, kindly send your updated resume on [email protected] with Current CTC & Expected CTC.
  Click here for more details
  Regards,
  TheindiaJobs.com
  Like us on Facebook
  Follow us on Twitter

  Please note the name of this board "LabVIEW Job Openings", not general IT or programming openings. While there are people who's skill sets might overlap your requirements and those of a LabVIEW programmer, the vast majority coming to this board are looking for LabVIEW specific jobs, which is what the board is set up for.
  Putnam
  Certified LabVIEW Developer
  Senior Test Engineer
  Currently using LV 6.1-LabVIEW 2012, RT8.5
  LabVIEW Champion

• I just detatched a first generation I pad from an old Apple ID and am now unable to add the device to my current ID.  What ight the problem be

  I just detatched a first generation I pad from and old Apple ID and an now unable to add this ipad to my account and of course I cannot download my updates

  In iTunes on your computer, select the Purchased section under STORE in the left column. Click on the first track and choose "Get Info" from the "File" menu.
  In the "Summary" tab you'll see details of the purchaser of the track. Click Next to go through all your purchased music one by one until you find the ones you need to get rid of.
  Unfortunately, there are no smart playlist rules that can filter tracks by the purchaser that I know of.

• Unable to "Add Rule Policies for Rule Builder"

  Hi,
  I have requirement to implmenet territory management. But I am unable to add 'Rule Policies for Rule Builder' in WebUI. When I go to Rule Policies(under the section 'Sales Operations') and Click on 'New'. A Pop up comes up with ID- 'TM' (Territory Management) as selection option. But when i click on it nothing happens. Please let me know the reason and solution of the same.
  Please note that I have already implemented below mentioned steps:
  1. Copy Rule Attributes in Client 000 to Transport request
  2. These services are Active:
  u2022 md110empbp_job
  u2022 md110fdt_tmgmt
  u2022 md110h_tmgmt
  u2022 md110m_tmgmt
  u2022 md110simu_tmgmt
  u2022 md110s_tmgmt
  3. Assign authorization object CRM_FDT to business role.
  4. Tried checking in firefox, as it was not working on IE.
  Please suggest a fix for this.
  Regards,
  Amit

  Hi Amit
  Hope this documentation link helps you
  http://help.sap.com/saphelp_crm70/helpdata/en/1e/606658bed54f8eb2d00a34991d85d5/frameset.htm
  thanks & Regards
  Raj

• Unable to add POP Account for Outlook 2011 for Mac.

  Hi, I have bought the Outlook 2011 for Mac recently, but I am unable to add an account for my email
  Here is what I did:
  Tools > Accounts> (a window pops out) > click "Email Account" and the thing just froze.
  Tried restarting and reinstalling.. but does not work.
  However, when I tried clicking  "Exchange account" a window requesting email information slides down, which is what I need to setup my POP account!!!

  Hi, I have bought the Outlook 2011 for Mac recently, but I am unable to add an account for my email
  This forum is for Windows based Outlook. Suggest you post the question to the Mac based Outlook forum for quicker/relevant responses to your question
  Office for Mac (Outlook)
  http://answers.microsoft.com/en-us/mac/forum/macoffice2011-macoutlook?sort=lastreplydate&dir=desc&tab=Threads&status=&mod=&modAge=&advFil=&postedAfter=&postedBefore=&threadType=All&tm=1416101390880
  Karl Timmermans [Outlook MVP] "Outlook Contact Import/Export/Data Mgmt" http://www.contactgenie.com

• SSL Inbound Security in Proxy service

  Hi All,
  I have a requirement as follows:
  I am developing a proxy service which can be consumed by external client. I need to implement SSL security for the client to consume the proxy. Any docs which explains step by step implementation of SSL in Proxy service. Thanks in advance.
  Regards,
  Rohan.

  SSL is not enabled at proxy level. You need to enable SSL at your OSB servers. Please refer -
  http://docs.oracle.com/cd/E17904_01/web.1111/e13707/ssl.htm#i1200848
  Regards,
  Anuj

• HT4528 i have a verizon iphone 3G; apple recently upgraded the operating system.  PROBLEM: calendar has wiped out all entries and i am unable to add new entries.  Help!

  have verizon iphone 3g; recent upgrade of operating system.  suddenly calendar has wiped out all entries and am unable to add new ones. 

  Please define "tried to add the Image"?
  OS Installer Packages do not point to "images". They point to the complete set of source files including the directory structure from the media.
  Is there a specific reason you are using OS Installer packages though? In general, there is no reason to use them anymore (unless you are actually still deploying XP).
  Jason | http://blog.configmgrftw.com | @jasonsandys

• The JMS proxy service unable to route to another Proxy Service

  Hello,
  I have a JMS proxy service. Inside its pipeline, I am routing to another Proxy Service of Service Type "Messaging", protocol: "Local" & Request Message Type: "XML"
  It's printing the message correctly from inside the routing node in the pipeline of JMS proxy. However, it's not invoking the Proxy Service that I am routing to, since I am not seeing the log message that I am trying to print from inside the pipeline of Local Proxy. Could someone please point out the error in my configuration?
  Any help will be greatly appreciated.
  Thanks much,
  Mamta Kansal

  OSB/ALSB use the SOA Suite forum
  SOA Suite

• Where did the securables go? Created Databse Role add Securables and Permission but it disappeared.

  Hello my friends:
  Create a Database Role, added Securables and set the Permissions. These are all stored Procedures.
  When I clicked Okay I get a message that the role was created successfully.
  Now I go back to the database role, click properties and the securables are not showing?
  Is this normal behavior? Where did they go?
  Thanks!

  I have sufficient rights: The DB Role is working because Users who I have assigned the Role Are able to do what they need. I just cannot see the securables when I go to properties. I also have a SYS Admin account, I log in as SYS Admin and still cannot see
  the securables.
  However, if I click on an individual user who is assigned to the role, I can see the securables from the properties tab.
  Hi,
  First check that you can see the role using a query:
  USE AdventureWorks2012;
  GO
  CREATE ROLE ArielyRole322
  GO
  Select * from sys.database_principals where name = 'ArielyRole322' and type = 'R'
  GO
  and now you can use the GUI interface as well:
  open the database -> security -> Roles -> Database Roles -> and here it is :-)
    Ronen Ariely
   [Personal Site]    [Blog]    [Facebook]

• Proxy Service giving "Cannot Compute Effective WSDL for: Proxy Service"

  Hi,
  After updating the wsdl and schema, our proxy service is complaining with error : "Cannot Compute Effective WSDL for: Proxy Service " <ProxyService_Location_Name> when I launch a test console or access the Proxy Endpoint on IE.
  Proxy and Business Services are pointing to the same WSDL. From Business Service, I am able to launch the test console. . Before updating the wsdl and schema, it was working fine. We tried to check in JDeveloper to see whether there are any issues with WSDL or Schema, but they are working fine.
  Security Settings on Proxy Service are : Basic Authentication, User-Name Token Policy and also applied Transport Access Control. Security worked fine earlier before update.
  From log file :
  Root cause of ServletException.
  java.io.IOException: Can not compute effective WSDL for : ProxyService ********
  at com.bea.wli.sb.transports.http.ResourceRequestProcessor.securedInvoke(ResourceRequestProcessor.java:93)
  at com.bea.wli.sb.transports.http.ResourceRequestProcessor.process(ResourceRequestProcessor.java:65)
  at com.bea.wli.sb.transports.http.generic.RequestHelperBase.handleMetadataRequest(RequestHelperBase.java:181)
  at com.bea.wli.sb.transports.http.generic.RequestHelperBase.service(RequestHelperBase.java:83)
  at com.bea.wli.sb.transports.http.wls.HttpTransportServlet.service(HttpTransportServlet.java:127)
  at weblogic.servlet.FutureResponseServlet.service(FutureResponseServlet.java:24)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
  at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
  Any suggestions/ideas on why this error is happening is much appreciated.
  Thanks,
  Srithi

  There must be definitely some issue in the Policy Configuration, due to which it is not able to Compute Effective WSDL.
  Can you please do the following and capture the logs:
  - set the transports debug flag to true in the alsbdebug.xml in your domain directory :
  <java:alsb-transports-debug>true</java:alsb-transports-debug>
  <java:alsb-service-security-manager-debug>true</java:alsb-service-security-manager-debug>
  <java:alsb-service-validation-debug>true</java:alsb-service-validation-debug>
  <java:alsb-wspolicy-repository-debug>true</java:alsb-wspolicy-repository-debug>
  - set the WLS log level to debug
  - Then restart the servers
  This should give some additional details on the specific error.
  It is considered good etiquette to reward answerers with points (as "helpful" - 5 pts - or "correct" - 10pts).
  https://forums.oracle.com/forums/ann.jspa?annID=893

• Essbase services abnoraml shutdown with Get token for user

  Hi,
  We are facing essbase services abnormal shutdown, with a .xcp file
  in XCP file showing below given error, for this issue we have added __GETUSERTOKEN TRUE value in our .cfg files but it's not working.
  Exception Log File: /ap01/gema/hyperion/essbase/log00042.xcp
  Current Thread Id: 42949552
  Signal Number: 0x11=Segmentation Violation
  Signal Code: 0x19178024=Unknown
  8:23 PM
  Thread Id 42949552:
  Request Name: Get token for user
  Database Name:
  User Name:
  Start Time: Fri Jun 15 08:20:39 2012
  End Time: Pending
  Please suggest some solutions on this.
  Regards,
  Srinivas

  See if these doc help you
  E-IB: SAML Authentication Failed For Service Operation XXXX. (158,456) error when invoking PS web service with SAML token [ID 1464489.1]
  https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=PROBLEM&id=1464489.1
  E-IB: Setup and Troubleshooting Guide for SAML Inbound Security [ID 1322740.1]
  https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&doctype=HOWTO&id=1322740.1

• Unable to purchase game tokens for games downloaded under old Apple ID

  My old email account was high jacked and then my apple account.  i cancelled the credit card on file and created a new Apple ID.  I could not recover control of the old account because the password, security questions and birthdate were changed.  Now, I cannot purchase game tokens for games downloaded under the old account.  Any ideas?

  You'll have to redownload the game(s) using your new ID.
   Cheers, Tom