July 25, 2020 at 6:20 pm #28111
Running Apache and Tomcat in a Win 10 environment.
Have AM up and running and performed a policy config per QuickStart guide. Created the agent profile and installed the agent (at least I didn’t get an error when confirming config).
Not working in blocking access to my Apache home page, so now I’m troubleshooting.
1) Is there any way I can validate the agent install worked? I see nothing in the Apache logs.
2) I’m using port 8080 in my AM and agent config server URLs. Would this be an issue, as I thought SSL was not required to support this simple use case?
ThanksJuly 28, 2020 at 10:38 am #28129Andy CoryParticipant
In the bin folder of the agent install location, look for the
agentadminutility. If you run this with
agentadmin --Vi agent_1(where ‘agent_1’ is the instance of the agent – probably you will only have one, but it’s possible to have more) you should get some useful output with regard to checking the installation.E.g.:
Saving output to /opt/openam/agent/web_agents/apache24_agent/bin//../log/validate_20200226184019.log
Running configuration validation for agent_1:
Agent instance is configured with 1 naming.url value(s):
1. https://agent.example.com:8443/openam is valid
selected https://agent.example.com:8443/openam as naming.url value
Result: 6 out of 7 tests passed, 1 skipped.
The log file mentioned in the output will give a lot of more verbose info.
You should be fine with port 8080 non-SSL. THe agent logs are separate to the Apache logs, and should be fond in something like
instances/agent_1/logs/debug/debug.log. The verbosity of these logs is controlled in the agent profile in AM.July 28, 2020 at 12:29 pm #28130
Thanks for this. I found an agent specific install log and see the following:
2020-07-27 20:16:31 OpenAM Web Agent for Apache Server interactive installation
2020-07-27 20:16:31 license was accepted earlier
2020-07-27 20:17:03 server configuration file c:\xampp\Apache\conf\httpd.conf
2020-07-27 20:17:03 OpenSSL library status: trying ssleay32… found libssl-1_1-x64.dll, failed to load SSL_library_init, failed to load SSLv23_client_method, failed to load SSL_state, failed to load SSL_load_error_strings, trying libeay32… found libcrypto-1_1-x64.dll, failed to load CRYPTO_num_locks, failed to load CRYPTO_set_locking_callback, failed to load CRYPTO_set_id_callback, failed to load OPENSSL_add_all_algorithms_noconf, failed to load ERR_free_strings, failed to load ENGINE_cleanup, failed to load EVP_cleanup, failed to load CRYPTO_cleanup_all_ex_data, OpenSSL v1.1.x library support is available
2020-07-27 20:17:44 OpenAM URL http://www.belltestsite.com:8080/openam
2020-07-27 20:18:35 Agent URL http://www.belltestsite.com:80
2020-07-27 20:18:41 Agent Profile name WebAgent
2020-07-27 20:18:46 Agent realm/organization name /openam
2020-07-27 20:18:58 Agent password file c:\pwd.txt
2020-07-27 20:18:58 agent password file c:\pwd.txt opened successfully
2020-07-27 20:19:02 validating configuration parameters…
2020-07-27 20:19:02 error validating OpenAM agent configuration
2020-07-27 20:19:02 installation error
agent login to http://www.belltestsite.com:8080/openam fails
2020-07-27 20:19:02 installation exit
It appears the installer’s attempt to log into the AM instance is failing. The OpenAm URL in the log is correct. The WebAgent profile is set with ‘password’ as the password. And the file at ‘c:\pwd.txt’ (which I presume is being used to credential the login) has one line with the word ‘password’ in it. So, I would assume a match.
What could I be missing here? Is that in fact the validation path the installer is trying to use? What else might the installer login process be looking for?
ThanksJuly 29, 2020 at 12:37 pm #28134Andy CoryParticipant
Forgive the obvious question – was AM running at the time of the install?
Assuming it was, there’s nothing in the log file that suggests a cause – if the password file had incorrect content or couldn’t be opened by the agent install this would happen, but you’ve checked that, and the log says the file could be opened. The agent authenticates (pretty much) as an end user does, it needs the correct username and password. The username is the agent profile name, which looks like WebAgent in your case. This matches the actual profile name in AM? And the agent profile is defined in a realm called openam that is a sub-realm of the top level realm?
Could you try the agentadmin check I indicated earlier? That might give a bit more info. The log is verbose, as I said, but even the command line output gives a clear indication of the ‘validate_agent_login’ step results.July 29, 2020 at 2:30 pm #28135
Just to clarify, per the QuickStart guide I am using the Top Level realm. It shows an alias of ‘openam’, thus why I’m using that as the realm id in the installer. ThanksJuly 29, 2020 at 2:40 pm #28136
However, what is curious is that even though the Top realm shows active with an alias of ‘openam’, it appears I should be able to access it via ‘openam.belltestsite.com:8080’. But the link isn’t working. But ‘belltestsite.com:8080/openam’ works fine.
All other defaults when selecting the Top Realm were left the same per the QS guide. Am I missing something? ThanksJuly 29, 2020 at 6:55 pm #28140
Now I’m confused. I’m trying to install the 5.6.3 version of the web agent. In digging into the Agents Guide , it staes a few things:
– 5.6.3 agents require the WebSocket protocol (hassle to get working with Apache)
– 5.6.3 agents rely on SSL to communicate with AM via WebSocket
If true, the QuickStart steps just got alot more complex
You must be logged in to reply to this topic.