Skip Headers
Oracle® Fusion Middleware Administrator's Guide for Oracle Access Manager with Oracle Security Token Service
11g Release 1 (11.1.1)

Part Number E15478-06
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
PDF · Mobi · ePub

21 Troubleshooting Oracle Security Token Services

This chapter provides troubleshooting tips for Oracle Security Token Service:

Authorization Issues

Problem: Authorization Failure during Token Issuance operation

During a WS-Trust request issuance operation, the Oracle Security Token Service returns an error.

Error Message

The following are sample error messages that can be seen in the logs:

<Error> <> <STS-12064> <Exception: {0} Authorization Failure for Relying Party=%RELYING_PARTY_ID%, Requester=%REQUESTER_ID% and User=%USER_ID%



The Token Issuance Policy evaluation failed due to one of the following reasons:

Endpoint Issues

Problem: Endpoint not found

When accessing an Oracle Security Token Service endpoint that has been added via the OAM/OSTS console, the server returns an error indicating that the page does not exist when retrieving the WSDL policy or that the endpoint does not exist.

Error Message

The following are possible error messages:


The Oracle Security Token Service application is deployed but not enabled. To enable Oracle Security Token Service, perform the following operations:

  1. Go to the OAM Admin console.

  2. Navigate to System Configuration, select Common Configuration, then select Available Services.

  3. Enable Oracle Security Token Service.

Oracle Security Token Service will detect the change and will publish the endpoints. No restart is required.

Mapping Operation Issues

Problem: Failure to map the AppliesTo element to a Relying Party Partner

When Oracle Security Token Service processes a WS-Trust request with an AppliesTo element referencing the Web Service Provider, the server will attempt to map the location contained in the AppliesTo element to an Oracle Security Token Service Relying Party Partner using the Resource URL defined in the Partner entry. If such a mapping fails, the server will log an Info message in the logs indicating that the operation failed and indicating what was the AppliesTo address used.

Error Message

The following is a sample of an error message:

[2011-04-22T15:08:12.632-07:00] [oam_server1] [NOTIFICATION] [STS-15542] 
[] [tid: [ACTIVE].ExecuteThread: '0' for 
queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 
f00aacae2d3f3ded:125005ed:12f7f412274:-8000-0000000000000016,0] [ wssuser-port] [APP: 
oam_server] [ sts] [ wssuser-serviceSoap12] [ oam_server] The mapping 
of the AppliesTo element from the WS-Trust Request to a Relying Party Partner failed: could not map


If the AppliesTo location should have been mapped to a Relying Party Partner, then the Partner settings should be verified to ensure that the Resource URLs are correctly defined to:

In certain cases, failure to correctly map the AppliesTo address to a Relying Party Partner will result in errors due to: