Support Article
WSSecurityException: The signature or decryption was invalid
SA-14545
Summary
WSSecurityException occurs when requesting a SAML token from the OpenAM STS server (from a Pega SOAP Connector trying to call a SAML enabled externalservice).
The issue occurs sporadically, and is usually resolved after a restart.
Error Messages
2015-06-25 01:34:52,421 [ PegaRULES-Batch-2] [ STANDARD] [ ] [ Designs:01.03] ( axis2.engine.AxisEngine) ERROR Rule-Connect-SOAP.IPA-IntSecurityTokenService-.IssueToken - The signature or decryption was invalid
com.pega.apache.axis2.AxisFault: The signature or decryption was invalid
at com.pega.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:186)
at com.pega.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:95)
...
at com.pega.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
...
at com.pega.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:555)
at com.pega.apache.rahas.client.STSClient.requestSecurityToken(STSClient.java:160)
...
Caused by: com.pega.apache.ws.security.WSSecurityException: The signature or decryption was invalid
at com.pega.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:451)
at com.pega.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:232)
...
at com.pega.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:248)
at com.pega.apache.rampart.RampartEngine.process(RampartEngine.java:155)
at com.pega.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
.
.
.
Steps to Reproduce
Not Applicable
Root Cause
A defect or configuration issue in the operating environment.
Sporadically JBOSS would use incorrect provider to decrypt the response and this would result in the error. To prevent this, Pega provided libraries should be modified to register the Security provider with a unique name to avoid clashing with incorrect class loading by JBOSS.
Resolution
Install HFix-22870.
Published October 5, 2015 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.