1 Reply Latest reply on Mar 19, 2013 6:39 PM by luisrcastillo

    DrmWebService FailedAuthentication Security token cannot be authenticated

    Benjamin Finkel

      I am trying to configure my DRM / EPMA integration and having trouble getting the web service to authenticate properly.

      The issue originally occurred when trying to create a new import profile in EPMA, using DRM. I received an FailedAuthentication error.

      1. My keystore (default-keystore.jks) has been created and the certificate loaded on both the foundation server and the DRM server.

      2. WebLogic security realm is configured to use MSAD authentication and I can see users in WebLogic.

      3. Enterprise Manager domain is configured for the keystore. Although the "path" is a little confusing. Where should the keystore be and how should I reference it in that path value? Right now it's just in EPMSystem/config/fmwconfig and is reference as ./default-keystore.jks

      I am now in the Enterprise Manager and trying to "Test Web Service" according to Oracle's documentation (here: http://www.oracle.com/webfolder/technetwork/tutorials/obe/hyp/DRM11.1.2-WebServicesAPI/index.htm) and still receiving the FailedAuthentication error.

      Even though I choose OWSM, and fill in the keystore values (Location: ./config/fmwconfig/default-keystore.jks) and I can click "Load Keys" without an error, when I try to test the webservice is does not work.

      What could my problem be?


      Edited by: 976059 on Mar 19, 2013 8:00 AM

      Edited by: 976059 on Mar 19, 2013 8:17 AM
        • 1. Re: DrmWebService FailedAuthentication Security token cannot be authenticated

          Setting up the DRM Web Service can be complicated. If you placed the default-keystore.jks under fmwconfig, the path used on EM "./default-keystore.jks" is fine as that is the default path.

          The MSAD provider you setup in WebLogic, make sure it is set to 'Sufficient' and also the first in the list of providers. Also, you need to make it the first in the search order in Shared Services.

          Have you created the policy set and added the saml11_* policy? If so, have you restarted the admin server and the weblogic managed server? I suggest you look at both the WL admin server logs and the logs for your managed server to see if you can find anything.