Solutions
Archived

Compatibility errors on startup when OpenAM 11.x or 12.x is deployed on IBM WebSphere 8.5.x

Last updated Jan 5, 2021

The purpose of this article is to provide assistance if you see a "java.lang.ClassCastException: com.ibm.ws.security.jaspi.ProviderRegistry incompatible with javax.security.auth.message.config.AuthConfigFactory" error on startup when OpenAM 11.x or 12.x is deployed on IBM® WebSphere® 8.5.x and is running on an IBM JVM.


Archived

This article has been archived and is no longer maintained by ForgeRock.

Symptoms

The following error is shown in the SystemOut.log on startup:

[5/10/16 15:17:22:441 EEST] 0000000d http E WSSERVLET11: failed to parse runtime descriptor: java.lang.ClassCastException: com.ibm.ws.security.jaspi.ProviderRegistry incompatible with javax.security.auth.message.config.AuthConfigFactory java.lang.ClassCastException: com.ibm.ws.security.jaspi.ProviderRegistry incompatible with javax.security.auth.message.config.AuthConfigFactory at javax.security.auth.message.config.AuthConfigFactory.getFactory(AuthConfigFactory.java:206) at com.sun.xml.wss.provider.wsit.SecurityTubeAppender$1.run(SecurityTubeAppender.java:436) at java.security.AccessController.doPrivileged(AccessController.java:276) at com.sun.xml.wss.provider.wsit.SecurityTubeAppender.initializeJMAC(SecurityTubeAppender.java:428) at com.sun.xml.wss.provider.wsit.SecurityTubeAppender.appendTube(SecurityTubeAppender.java:83) at com.sun.xml.ws.assembler.TubelineAssemblerFactoryImpl$WsitTubelineAssembler.createServer(TubelineAssemblerFactoryImpl.java:101) at com.sun.xml.ws.server.WSEndpointImpl.<init>(WSEndpointImpl.java:152) at com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:218) at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:467) ...

Recent Changes

Upgraded to WebSphere 8.5.x.

Causes

The legacy com.sun.identity.wss.sts.STSContextListener class (SOAP-STS) is not used and is conflicting with the ProviderRegistry class in the IBM JRE. This error is harmless and is only seen on startup.

This legacy class has been removed in OpenAM 13 along with the legacy SOAP-STS libraries and has been replaced with a new SOAP-STS implementation.

Solution

This issue can be resolved by upgrading to OpenAM 13.0 or later; you can download this from BackStage.

Alternatively, you can resolve this issue as follows:

  1. Extract the openam war file.
  2. Navigate to the WEB-INF directory: $ cd WEB-INF
  3. Edit the web.xml file and remove the following lines: <listener> <listener-class>com.sun.identity.wss.sts.STSContextListener</listener-class> </listener>
  4. Re-create the openam war file with the amended web.xml file.
  5. Deploy the modified openam war file.

See Also

OpenAM Installation Guide › Preparing For Installation › Preparing IBM WebSphere

OpenAM Installation Guide › Preparing For Installation › Settings For IBM Java Environments

Java Agents, AM 5.x and 6.x fail to install on IBM WebSphere when SSL is enabled

How do I get the WDSSO authentication module to work in AM 5.x or 6.x with the IBM Kerberos implementation?

Related Training

N/A

Related Issue Tracker IDs

OPENAM-7458 (Compatibility errors on WAS Startup log with OpenAM deployed on WAS 8.5.5 + IBM JDK)


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.