This topic has 6 replies, 3 voices, and was last updated 3 years, 10 months ago by Fehmi M’Barek.

  • Author
    Posts
  • #4925
     devtry
    Participant

    Hello,

    I have accidentally removed the cookie domain value from an OpenAM 12.0.0 server configuration; as a consequence I cannot login to the console to restore the configuration and I am thus blocked.

    I tried to use ssoadm, but I cannot get it to work. Keeping in mind that I have root access to the machine where OpenAM is running, is there any manual way to fix this?

    Thanks a lot for your help!

    Lorenzo

    #4929
     Rogerio Rondini
    Participant

    Hi

    Did you tried following ?

    ssoadm set-attr-defs -u amadmin -f pwdfile -s iPlanetAMPlatformService -t global -a iplanet-am-platform-
    cookie-domains=.example.com

    Abs.
    Rogerio Rondini

    #4936
     devtry
    Participant

    Hi,

    Thanks for your answer.

    Yes, I tried it, but I have problems with ssoadm… first I was getting “AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token”, now I have maybe solved that problem, but I get a different error: “./ssoadm: com.sun.identity.cli.CommandManager: not found”.

    Do you have any idea about how I could solve this (the ssoadm problem) or change the cookie domain in some other way?

    Thanks again,

    Lorenzo

    #4937
     Rogerio Rondini
    Participant

    Hi Lorenzo,

    SO.. I’ve found a similar issue with SSOADM on the link https://bugster.forgerock.org/jira/browse/OPENAM-2886, related to IBM JVM.

    Anyway.. If you are unable to reinstall the OpenAM, you can try to edit the Config Store schema (I think Embedded OpenDJ) using an external LDAP tool or OpenDJ control-panel itself.

    In order to find the cookie domain config, you will need to navigate on “Base DN -> services -> iPlanetAMPlatformService -> 1.0” nodes. In the last node “1.0” in my case you will find an attribute “sunServiceSchema” which holds a XML similar to the following. You can try to edit the XML to add back the cookie domain and restart OpenAM Server.

    <?xml version="1.0" encoding="UTF-8"?>
    <ServicesConfiguration>
    	<Service name="iPlanetAMPlatformService" version="1.0">
    		<Schema i18nFileName="amPlatform" i18nKey="iplanet-am-platform-service-description"
    			propertiesViewBeanURL="../service/SCPlatform30" revisionNumber="30"
    			serviceHierarchy="/DSAMEConfig/iPlanetAMPlatformService">
    			<Global validate="yes">
    				<AttributeSchema cosQualifier="default" i18nKey=""
    					isSearchable="no" listOrder="natural" name="serviceObjectClasses"
    					syntax="string" type="list">
    					<DefaultValues>
    						<Value>iplanet-am-platform-service</Value>
    					</DefaultValues>
    				</AttributeSchema>
    				<AttributeSchema cosQualifier="default" i18nKey="a102"
    					isSearchable="no" listOrder="natural" name="iplanet-am-platform-locale"
    					syntax="string" type="single">
    					<DefaultValues>
    						<Value>en_US</Value>
    					</DefaultValues>
    				</AttributeSchema>
    				<AttributeSchema cosQualifier="default" i18nKey="a103"
    					isSearchable="no" listOrder="natural" name="iplanet-am-platform-cookie-domains"
    					syntax="string" type="list">
    					<DefaultValues>
    						<Value>.example.com</Value>
    					</DefaultValues>
    				</AttributeSchema>
    				<SubSchema inheritance="single" maintainPriority="no"
    					name="com-sun-identity-sites" supportsApplicableOrganization="no"
    					validate="yes">
    					<SubSchema inheritance="multiple" maintainPriority="no"
    						name="site" supportsApplicableOrganization="no" validate="yes">
    						<SubSchema inheritance="single" maintainPriority="no"
    							name="accesspoint" supportsApplicableOrganization="no" validate="yes">
    							<AttributeSchema cosQualifier="default"
    								isSearchable="no" listOrder="natural" name="primary-siteid"
    								syntax="string" type="single"></AttributeSchema>
    							<AttributeSchema cosQualifier="default"
    								isSearchable="no" listOrder="natural" name="primary-url" syntax="string"
    								type="single"></AttributeSchema>
    							<SubSchema inheritance="multiple" maintainPriority="no"
    								name="secondary-urls" supportsApplicableOrganization="no"
    								validate="yes">
    								<AttributeSchema cosQualifier="default"
    									isSearchable="no" listOrder="natural" name="secondary-siteid"
    									syntax="string" type="single"></AttributeSchema>
    							</SubSchema>
    						</SubSchema>
    					</SubSchema>
    				</SubSchema>
    				<SubSchema inheritance="single" maintainPriority="no"
    					name="com-sun-identity-servers" supportsApplicableOrganization="no"
    					validate="yes">
    					<SubSchema inheritance="multiple" maintainPriority="no"
    						name="server" supportsApplicableOrganization="no" validate="yes">
    						<AttributeSchema cosQualifier="default"
    							isSearchable="no" listOrder="natural" name="serverid" syntax="string"
    							type="single"></AttributeSchema>
    						<AttributeSchema cosQualifier="default"
    							isSearchable="no" listOrder="natural" name="parentsiteid" syntax="string"
    							type="single"></AttributeSchema>
    						<AttributeSchema cosQualifier="default"
    							isSearchable="no" listOrder="natural" name="serverconfigxml"
    							syntax="string" type="single"></AttributeSchema>
    						<AttributeSchema cosQualifier="default"
    							isSearchable="no" listOrder="natural" name="serverconfig" syntax="string"
    							type="list"></AttributeSchema>
    					</SubSchema>
    				</SubSchema>
    			</Global>
    		</Schema>
    	</Service>
    </ServicesConfiguration>

    You will need to find the following snippet of XML or add a similar one..

    `<AttributeSchema cosQualifier=”default” i18nKey=”a103″
    isSearchable=”no” listOrder=”natural” name=”iplanet-am-platform-cookie-domains”
    syntax=”string” type=”list”>
    <DefaultValues>
    <Value>.example.com</Value>
    </DefaultValues>
    </AttributeSchema>`

    I hope it can works!! :-)

    Abs.
    Rogerio Rondini

    #4940
     devtry
    Participant

    Awesome Rogerio, exactly what I was looking for, I needed to access the configuration directly, but I didn’t know how to do it.

    Problem solved, thank you very much.

    I will now try and troubleshoot the ssoadm problem, but without too much haste ;)

    Again, my sincere thanks

    Lorenzo

    #4946
     Rogerio Rondini
    Participant

    Ok..

    Good to hear!! :-)

    Abs.

    #23308
     Fehmi M’Barek
    Participant

    @rarondini
    Brilliant! That helped me a lot!

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?