[6/16/16 10:31:59:459 IST] 000002d8 ServletWrappe I com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0242I: [WebSphereOIDCRP] [/oidcclient] [RelyingPartyServlet]: Initialization successful. [6/16/16 10:32:00:228 IST] 000002d8 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/WebSphere/AppServer/profiles/bclab86node04/logs/ffdc/server1_b6c07ec6_16.06.16_10.32.00.2187698425774508849739.txt com.ibm.ws.security.openidconnect.token.JWT.verify 792 [6/16/16 10:32:00:228 IST] 000002d8 JWT E CWWKS1758E: Validation failed for the ID token requested by the [netact] due to [key is invalid]. This might have been caused by either the current time [2016-06-16T05:02:00.228Z] being after the token expiration time [2016-06-16T05:07:00.000Z] or the issue time [2016-06-16T05:02:00.000Z] being too far away from the current time [2016-06-16T05:02:00.228Z]. [6/16/16 10:32:00:283 IST] 000002d8 RelyingParty E CWTAI2007E: The OpenID Connect relying party (RP) encountered a failure during the login. The exception is [Failed to validate id token, exception thrown during verify [key is invalid]]. Check the logs for details that lead to this exception. [6/16/16 10:32:00:289 IST] 000002d8 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/WebSphere/AppServer/profiles/bclab86node04/logs/ffdc/server1_b6c07ec6_16.06.16_10.32.00.2874201786066817583029.txt com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation 440 [6/16/16 10:32:00:289 IST] 000002d8 WebAuthentica E SECJ0126E: Trust Association failed during validation. The exception is com.ibm.websphere.security.WebTrustAssociationFailedException: CWTAI2007E: The OpenID Connect relying party (RP) encountered a failure during the login. The exception is [Failed to validate id token, exception thrown during verify [key is invalid]]. Check the logs for details that lead to this exception. at com.ibm.ws.security.oidc.client.RelyingParty.handleSigninCallback(RelyingParty.java:472) at com.ibm.ws.security.oidc.client.RelyingParty.negotiateValidateandEstablishTrust(RelyingParty.java:244) at com.ibm.ws.security.web.TAIWrapper.negotiateAndValidateEstablishedTrust(TAIWrapper.java:101) at com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation(WebAuthenticator.java:421) at com.ibm.ws.security.web.WebAuthenticator.authenticate(WebAuthenticator.java:3087) at com.ibm.ws.security.web.WebCollaborator.SetAuthenticatedSubjectIfNeeded(WebCollaborator.java:3231) at com.ibm.ws.security.web.WebCollaborator.authorize(WebCollaborator.java:715) at com.ibm.ws.security.web.EJSWebCollaborator.preInvoke(EJSWebCollaborator.java:446) at com.ibm.ws.webcontainer.collaborator.WebAppSecurityCollaboratorImpl.preInvoke(WebAppSecurityCollaboratorImpl.java:230) at com.ibm.wsspi.webcontainer.collaborator.CollaboratorHelper.preInvokeCollaborators(CollaboratorHelper.java:436) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1089) at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3926) at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1007) at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817) at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:200) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:463) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:530) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:316) at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:88) at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1818) at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175) at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1881) Caused by: com.ibm.ws.security.oidc.client.RelyingPartyException: Failed to validate id token, exception thrown during verify [key is invalid] at com.ibm.ws.security.oidc.client.SessionCache.updateEntryUsingStateId(SessionCache.java:373) at com.ibm.ws.security.oidc.client.RelyingParty.handleSigninCallback(RelyingParty.java:455) ... 28 more Caused by: java.lang.IllegalStateException: key is invalid at net.oauth.jsontoken.crypto.RsaSHA256Verifier.(RsaSHA256Verifier.java:45) at com.ibm.ws.security.openidconnect.token.JWT.getJsonTokenParser(JWT.java:1017) at com.ibm.ws.security.openidconnect.token.JWT.verify(JWT.java:881) at com.ibm.ws.security.openidconnect.token.IDToken.verify(IDToken.java:578) at com.ibm.ws.security.oidc.client.SessionData.setIdToken(SessionData.java:351) at com.ibm.ws.security.oidc.client.SessionData.update(SessionData.java:180) at com.ibm.ws.security.oidc.client.SessionCache.updateEntryUsingStateId(SessionCache.java:364) ... 29 more Caused by: java.security.InvalidKeyException: No installed provider supports this key: (null) at java.security.Signature$Delegate.chooseProvider(Signature.java:1139) at java.security.Signature$Delegate.engineInitVerify(Signature.java:1172) at java.security.Signature.initVerify(Signature.java:462) at net.oauth.jsontoken.crypto.RsaSHA256Verifier.(RsaSHA256Verifier.java:41) ... 35 more . Make sure that the setup is correct and that the user credentials are valid. [6/16/16 10:32:00:290 IST] 000002d8 WebCollaborat A SECJ0056E: Authentication failed for reason CWTAI2007E: The OpenID Connect relying party (RP) encountered a failure during the login. The exception is [Failed to validate id token, exception thrown during verify [key is invalid]]. Check the logs for details that lead to this exception.