Compatibility errors on startup when OpenAM 11.x or 12.x is deployed on IBM WebSphere 8.5.x
The purpose of this article is to provide assistance if you see a "java.lang.ClassCastException: com.ibm.ws.security.jaspi.ProviderRegistry incompatible with javax.security.auth.message.config.AuthConfigFactory" error on startup when OpenAM 11.x or 12.x is deployed on IBM® WebSphere® 8.5.x and is running on an IBM JVM.
Archived
This article has been archived and is no longer maintained by ForgeRock.
Symptoms
The following error is shown in the SystemOut.log on startup:
[5/10/16 15:17:22:441 EEST] 0000000d http E WSSERVLET11: failed to parse runtime descriptor: java.lang.ClassCastException: com.ibm.ws.security.jaspi.ProviderRegistry incompatible with javax.security.auth.message.config.AuthConfigFactory java.lang.ClassCastException: com.ibm.ws.security.jaspi.ProviderRegistry incompatible with javax.security.auth.message.config.AuthConfigFactory at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:206) at com.sun.xml.wss.provider.wsit.SecurityTubeAppender$1.run(SecurityTubeAppender.java:436) at java.security.AccessController.doPrivileged(AccessController.java:276) at com.sun.xml.wss.provider.wsit.SecurityTubeAppender.initializeJMAC(SecurityTubeAppender.java:428) at com.sun.xml.wss.provider.wsit.SecurityTubeAppender.appendTube(SecurityTubeAppender.java:83) at com.sun.xml.ws.assembler.TubelineAssemblerFactoryImpl$WsitTubelineAssembler.createServer(TubelineAssemblerFactoryImpl.java:101) at com.sun.xml.ws.server.WSEndpointImpl.<init>(WSEndpointImpl.java:152) at com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:218) at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:467) ...Recent Changes
Upgraded to WebSphere 8.5.x.
Causes
The legacy com.sun.identity.wss.sts.STSContextListener class (SOAP-STS) is not used and is conflicting with the ProviderRegistry class in the IBM JRE. This error is harmless and is only seen on startup.
This legacy class has been removed in OpenAM 13 along with the legacy SOAP-STS libraries and has been replaced with a new SOAP-STS implementation.
Solution
This issue can be resolved by upgrading to OpenAM 13.0 or later; you can download this from BackStage.
Alternatively, you can resolve this issue as follows:
- Extract the openam war file.
- Navigate to the WEB-INF directory: $ cd WEB-INF
- Edit the web.xml file and remove the following lines: <listener> <listener-class>com.sun.identity.wss.sts.STSContextListener</listener-class> </listener>
- Re-create the openam war file with the amended web.xml file.
- Deploy the modified openam war file.
See Also
OpenAM Installation Guide › Preparing For Installation › Preparing IBM WebSphere
OpenAM Installation Guide › Preparing For Installation › Settings For IBM Java Environments
Java Agents 5.x and AM 6.x fail to install on IBM WebSphere when SSL is enabled
How do I get the WDSSO authentication module to work in AM 6.x with the IBM Kerberos implementation?
Related Training
N/A
Related Issue Tracker IDs
OPENAM-7458 (Compatibility errors on WAS Startup log with OpenAM deployed on WAS 8.5.5 + IBM JDK)