Sunday, February 8, 2015

Weblogic Security Exception : Invalid Subject Principals

If you are seeing "Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals" error in weblogic server logs on RMI invocation of EJB(deployed on different Weblogic domain), this means the issue is in domain trust security settings.

Stack trace


Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:833)
at weblogic.security.service.SecurityServiceManager.getSealedSubjectFromWire(SecurityServiceManager.java:522)
at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:352)
at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:953)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:351)

To solve the above issues, enable trust between multiple Weblogic Server Domains and specify same credential in both the weblogic server domains. It can be fixed by -

  • Enabling Cross Domain Security between Weblogic Server Domains
  • Enabling Global Trust

I fixed it by enabling global trust between the weblogic server domains. By default, domain credentials are randomly generated and no two domains will have the same Domain credential. So, replace the generated credential and specify the same domain credential for each of the domains. In this way, identity is passed between WLS domains over an RMI connection without requiring authentication in the second domain.

Note: Don't confuse Domain credential with the credential for login to WLS console


Configuration Steps 


1. Log in to WLS console and click on Lock and Edit (top left pane)



2. In the left pane click on Domain name.



3. Select Security > General on the center pane. Click Advanced link.



4. Enter password in Credential and Confirm Credential fields.



5. Click on Activate Changes in the top left pane.

6 comments:

  1. Oracle Weblogic Portal --- "
    Oracle Weblogic 11g Portal Administration Online Training

    Send ur Enquiry to contact@21cssindia.com
    Portals & Enterprise Portals
    Advantages of Enterprise Portals
    Oracle Weblogic Portal Installation" more… Online Training- Corporate Training- IT Support U Can Reach Us On +917386622889 - +919000444287 http://www.21cssindia.com/courses/oracleweblogicportal-online-training-3.html

    ReplyDelete
  2. This information you provided in the blog that was really unique I love it!!, Thanks for sharing such a great blog !!Network Analytics Market Report | Enterprise Social Software (ESS) Market Report

    ReplyDelete
  3. Great post!I am actually getting ready to across this information,i am very happy to this commands.Also great blog here with all of the valuable information you have.Well done,its a great knowledge.
    Java Training in Chennai

    ReplyDelete
  4. I am really happy with your blog because your article is very unique and powerful for new reader.
    selenium training in chennai

    ReplyDelete
  5. Hi ,
    Home >myrealm >Users and Groups >OracleSystemUser >Summary of Security Realms >myrealm >Users and Groups >weblogic >Summary of Deployments >Summary of Security Realms >servicelayer_domain

    Do i need to change the NodeManager credentials also , when i want to change the domain password .

    ReplyDelete
  6. Thank you very much. This is helpful!

    ReplyDelete