Skip Headers
Oracle® OpenSSO STS Administrator's Guide
Release 11gR1. Version

Part Number E17844-01
Go to Documentation Home
Go to Table of Contents
Go to Feedback page
Contact Us

Go to previous page
View PDF

B Debugging and Troubleshooting OpenSSO STS

This chapter contains the following topics:

B.1 Debugging OpenSSO STS

Set debug properties when you configure an OpenSSO STS server instance. See Section, "To Configure OpenSSO STS Server General Properties."

OpenSSO Security Token Service (OpenSSO STS) debug files are stored in the WebServices file.

B.2 Troubleshooting OpenSSO STS Issues

The following are error conditions or error messages and troubleshooting tips you can try:

Time stamp is invalid.

Make sure that all host systems are in sync. The default skew allowed is 10 seconds. You can reconfigure this setting.

Unsupported security mechanism

The security mechanism identified in the request does not match with one of the configured security mechanisms.

Authentication failed.

Make sure that your credentials are correctly provisioned in OpenSSO STS under User Credential. If configured to authenticate at Oracle Internet Directory or at Oracle Virtual Directory, then make sure the authentication chain is enabled in OpenSSO STS.

Decryption failed, or signing validation failed.

The encryption/decryption settings should be identical among client and server. The following are typical recommendations:

  • For asymmetric or symmetric binding, enable request and response signing of both body and header, and enable request decryption and response encyrption.

  • For transport-layer binding, disable signature validation when SSL is used; disable encryption when SSL is used.