OpamAM hangs after initial config with loading…

Tagged: ,

This topic has 12 replies, 6 voices, and was last updated 5 years ago by contactmayank33.

  • Author
    Posts
  • #9129
     hekun
    Participant

    Hi,
    I’m new comer of OpanAM from Talkingdata (www.talkingdata.com). We are looking for an open source solution to authentication and authorization so I tried OpenAM in recent days. This is the problem I encounter yesterday:
    When I finished deploy OpenAM 13 and config it with default. The login page hangs at “Loading…”
    But I have deployed same version of OpanAM in Windows last week and it works.(also with default config, that is, with embedded OpenDJ).
    Would you please help me to find the cause?

    Great thanks!!

    I used chrome to visit the openAM login page and it hangs, there is an 500 error found as:

    ===============>General
    Request URL:http://openam.example.com:8080/openam/json/authenticate?
    Request Method:POST
    Status Code:500
    Remote Address:10.10.67.54:8080
    ===============>Reaponse headers
    Connection:close
    Content-API-Version:resource=2.0
    Date:Wed, 30 Mar 2016 12:11:42 GMT
    Server:Apache-Coyote/1.1
    Transfer-Encoding:chunked
    ===============>Request headers
    Accept:application/json, text/javascript, */*; q=0.01
    Accept-API-Version:protocol=1.0,resource=2.0
    Accept-Encoding:gzip, deflate
    Accept-Language:zh-CN,zh;q=0.8
    Cache-Control:no-cache
    Connection:keep-alive
    Content-Length:0
    Content-Type:application/json
    Cookie:JSESSIONID=0A1282920CEF2B02E09B6BF013E6E8C8; i18next=zh-CN
    Host:openam.example.com:8080
    Origin:http://openam.example.com:8080
    Referer:http://openam.example.com:8080/openam/XUI/
    User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
    X-NoSession:true
    X-Password:anonymous
    X-Requested-With:XMLHttpRequest
    X-Username:anonymous

    The deploy environment is:
    1.OS
    Linux openam.example.com 2.6.32-358.el6.x86_64 #1 SMP Fri Feb 22 00:31:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
    2.IP 10.10.67.54
    3.content of /etc/hosts
    127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
    127.0.0.1 openam openam.example.com
    4.hostname output
    openam.example.com
    5.JAVA_HOME
    /home/openam/jdk1.8.0_73
    6.user
    openam
    7.deployment path
    /home/openam/openam (I renamed the war to openam.war)

    Fragment of the install log includes:
    ======>OpenDJ related
    Extracting OpenDJ, please wait…Complete
    Running OpenDJ setupSetup command: –cli –adminConnectorPort 4444 –baseDN dc=openam,dc=forgerock,dc=org –rootUserDN cn=Directory Manager –ldapPort 50389 –skipPortCheck –rootUserPassword xxxxxxx –jmxPort 1689 –no-prompt –doNotStart –hostname openam.example.com –noPropertiesFile
    See /home/openam/tomcat/temp/opendj-setup-234513421009258404.log for a
    detailed log of this operation.

    Configuring Directory Server ….. Done.

    To see basic server configuration status and configuration you can launch
    /home/openam/openam/opends/bin/status

    ================>Config param
    Dumping all configuration parameters…

    Request Parameters:
    acceptLicense = true
    actionLink = createDefaultConfig
    ADMIN_CONFIRM_PWD = #########
    ADMIN_PWD = #########
    AM_ENC_KEY = #########
    AMLDAPUSERPASSWD = #########
    AMLDAPUSERPASSWD_CONFIRM = #########
    BASE_DIR = /home/openam/openam
    COOKIE_DOMAIN = .example.com
    DATA_STORE = embedded
    DIRECTORY_ADMIN_PORT = 4444
    DIRECTORY_JMX_PORT = 1689
    DIRECTORY_PORT = 50389
    DIRECTORY_SERVER = openam.example.com
    DIRECTORY_SSL = SIMPLE
    DS_DIRMGRPASSWD = #########
    locale = zh_CN
    PLATFORM_LOCALE = en_US
    SERVER_HOST = openam.example.com
    SERVER_PORT = 8080
    SERVER_URI = /openam/config/defaultSummary.htm
    SERVER_URL = http://openam.example.com:8080/openam/config/defaultSummary.htm
    SESSION_ROOT_SUFFIX = ou=openam-session
    SESSION_STORE_TYPE = none

    Main configuration items:
    acceptLicense = true
    actionLink = createDefaultConfig
    ADMIN_PWD = #########
    AM_COEXIST = false
    AM_ENC_KEY = #########
    AM_REALM = true
    AMLDAPUSERPASSWD = #########
    AMSDK_I18N_KEY = a101
    AUTH_DEFAULT_CONFIG = ldapService
    AUTHNSVC_CRAMMD5_MECHANISM_HANDLER = com.sun.identity.liberty.ws.authnsvc.mechanism.CramMD5MechanismHandler
    AUTHNSVC_PLAIN_MECHANISM_HANDLER = com.sun.identity.liberty.ws.authnsvc.mechanism.PlainMechanismHandler
    AUTHNSVC_SSOTOKEN_MECHANISM_HANDLER = com.sun.identity.liberty.ws.authnsvc.mechanism.SSOTokenMechanismHandler
    BASE_DIR = /home/openam/openam
    CONFIGURATION_PROVIDER_CLASS = com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl
    CONSOLE_URI = /openam
    COOKIE_DOMAIN = .example.com
    COOKIE_ENCODE = false
    DATA_STORE = embedded
    DATASTORE_NOTIFICATION = true
    DATASTORE_PROVIDER_CLASS = com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider
    DB_NAME = userRoot
    DEBUG_DIR = debug
    DEBUG_SUBDIR = debug
    DEFAULT_AUTH_MODULE = DataStore
    DEFAULT_ORG = dc=openam,dc=forgerock,dc=org
    DIRECTORY_ADMIN_PORT = 4444
    DIRECTORY_JMX_PORT = 1689
    DIRECTORY_PORT = 50389
    DIRECTORY_SERVER = openam.example.com
    DIRECTORY_SSL = SIMPLE
    DISABLE_PERSISTENT_SEARCH = aci,um
    DISCO_AUTHORIZER = com.sun.identity.liberty.ws.disco.plugins.DefaultDiscoAuthorizer
    DISCO_ENTRY_HANDLER = com.sun.identity.liberty.ws.disco.plugins.UserDiscoEntryHandler
    DISCO_GLOBAL_ENTRY_HANDLER = com.sun.identity.liberty.ws.disco.plugins.GlobalDiscoEntryHandler
    DIT_LOADED = false
    DS_DIRMGRDN = cn=Directory Manager
    DS_DIRMGRPASSWD = #########
    DS_OBJECT_CLASS = ldap.SMSLdapObject
    DS_UM_SCHEMA = sms
    EMBEDDED_DS_OBJECT_CLASS = ldap.SMSEmbeddedLdapObject
    ENCADADMINPASSWD = #########
    ENCADMINPASSWD = #########
    ENCDSDIRMGRPASSWD = #########
    ENCLDAPUSERPASSWD = #########
    GlobalClientSideAuthModuleScriptId = c827d2b4-3608-4693-868e-bbcf86bd87c7
    GlobalClientSideDeviceIdMatchScriptId = 157298c0-7d31-4059-a95b-eeb08473b7e5
    GlobalEntitlementConditionScriptId = 9de3eb62-f131-4fac-a294-7bd170fd4acb
    GlobalOidcClaimsScriptId = 36863ffb-40ec-48b9-94b1-9a99f71cc3b5
    GlobalServerSideAuthModuleScriptId = 7e3d7067-d50f-4674-8c76-a3e13a810c33
    GlobalServerSideDeviceIdMatchScriptId = 703dab1a-1921-4981-98dd-b8e5349d8548
    HASHADMINPASSWD = #########
    HASHLDAPUSERPASSWD = #########
    IDPP_AUTHORIZER = com.sun.identity.liberty.ws.idpp.plugin.IDPPAuthorizer
    IS_INSTALL_VARDIR = baseDir
    IS_PRODNAME = /openam
    LDAP_CONNECTION_MODE = LDAP
    locale = zh_CN
    LOG_DIR = log
    LOG_PROVIDER_CLASS = com.sun.identity.plugin.log.impl.LogProvider
    MONAGENT_PROVIDER_CLASS = com.sun.identity.plugin.monitoring.impl.AgentProvider
    MONIDFF_PROVIDER_CLASS = com.sun.identity.plugin.monitoring.impl.FedMonIDFFSvcProvider
    MONSAML1_PROVIDER_CLASS = com.sun.identity.plugin.monitoring.impl.FedMonSAML1SvcProvider
    MONSAML2_PROVIDER_CLASS = com.sun.identity.plugin.monitoring.impl.FedMonSAML2SvcProvider
    NORMALIZED_ORGBASE = dc=openam,dc=forgerock,dc=org
    NORMALIZED_RS = dc=openam,dc=forgerock,dc=org
    NoScriptDefined = [Empty]
    OLDCON_DEPLOY_URI = /openam
    OPENDS_TRANSFORMATION = RSA/ECB/OAEPWithSHA1AndMGF1Padding
    ORG_BASE = dc=openam,dc=forgerock,dc=org
    ORG_NAMING_ATTR = o
    ORG_OBJECT_CLASS = sunismanagedorganization
    ORG_ROOT_SUFFIX = dc=openam,dc=forgerock,dc=org
    OUTPUT_DIR = basedir/uri
    PAM_SERVICE_NAME = other
    People_NM_ORG_ROOT_SUFFIX = People_dc=openam_dc=forgerock_dc=org
    PLATFORM_LOCALE = en_US
    ROOT_SUFFIX = dc=openam,dc=forgerock,dc=org
    RS_RDN = openam
    SERVER_HOST = openam.example.com
    SERVER_PORT = 8080
    SERVER_PROTO = http
    SERVER_URI = /openam
    SERVER_URL = http://openam.example.com:8080
    SESSION_PROVIDER_CLASS = com.sun.identity.plugin.session.impl.FMSessionProvider
    SESSION_ROOT_SUFFIX = ou=openam-session
    SESSION_STORE_TYPE = none
    SM_CONFIG_BASEDN = dc=openam,dc=forgerock,dc=org
    SM_CONFIG_BASEDN_RDNV = openam
    SM_CONFIG_ROOT_SUFFIX = dc=openam,dc=forgerock,dc=org
    SM_ROOT_SUFFIX_HAT = dc=openam^dc=forgerock^dc=org
    SMS_OBJECT_CLASS = flatfile.SMSEnhancedFlatFileObject
    SSHA512LDAPUSERPWD = #########
    UM_DIRECTORY_PORT = 50389
    UM_DIRECTORY_SERVER = openam.example.com
    UM_DS_DIRMGRDN = cn=Directory Manager
    UM_DS_DIRMGRPASSWD = #########
    UM_ENABLED = true
    UM_NORMALIZED_ORGBASE = dc=openam,dc=forgerock,dc=org
    UM_SSL = false
    USER_NAMING_ATTR = uid
    USER_OBJECT_CLASS = inetorgperson
    USER_PROFILE_CHOICE = false
    VERSION = OpenAM 13.0.0 (2016-January-14 21:15)
    WEB_SERVICE_AUTHENTICATOR = com.sun.identity.liberty.ws.soapbinding.WebServiceAuthenticatorImpl
    XML_ENCODING = ISO-8859-1

    There’s some exception messages in /home/openam/openam/openam/debug log
    In CoreSystem
    amMonitoring:03/30/2016 08:29:07:889 PM CST: Thread[localhost-startStop-1,5,main]: TransactionId[61ef858f-d8e6-4708-ba04-e36edbeb3292-2]
    ERROR: ConfigMonitoring.configureMonitoring: getMonServiceAttrs returns -1, monitoring disabled

    In Session
    amSession:03/30/2016 08:29:07:235 PM CST: Thread[localhost-startStop-1,5,main]: TransactionId[61ef858f-d8e6-4708-ba04-e36edbeb3292-2]
    ERROR: Invalid value for com.iplanet.am.session.failover.cluster.stateCheck.timeout defaulting to 1000
    amSession:03/30/2016 08:29:07:238 PM CST: Thread[localhost-startStop-1,5,main]: TransactionId[61ef858f-d8e6-4708-ba04-e36edbeb3292-2]
    ERROR: Invalid value for com.iplanet.am.session.failover.cluster.stateCheck.period defaulting to 1000

    In IdRepo
    DJLDAPv3Repo:03/30/2016 08:28:19:161 PM CST: Thread[localhost-startStop-2,5,main]: TransactionId[8ab4ea55-acb0-497a-9779-6a418c8c1885-158]
    ERROR: PSearch is already removed, unable to unregister

    But I can login and config Subjects, Polices and so on when I deploy OpenAM in Windows (I can visit OpenAM in windows via localhost)
    The differenece is that there’s no domain information in Windows get server info
    ================>sever info from Linux by /openam/json/serverinfo
    cookieName:
    “iPlanetDirectoryPro”
    domains
    :
    [“.example.com”]
    forgotPassword
    :
    “false”
    forgotUsername
    :
    “false”
    kbaEnabled
    :
    “false”
    lang
    :
    “zh-CN”
    protectedUserAttributes
    :
    []
    realm
    :
    “/”
    referralsEnabled
    :
    “false”
    secureCookie
    :
    false
    selfRegistration
    :
    “false”
    socialImplementations
    :
    []
    successfulUserRegistrationDestination
    :
    “default”
    xuiUserSessionValidationEnabled
    :
    true
    zeroPageLogin
    :
    {enabled: false, refererWhitelist: [], allowedWithoutReferer: true}

    =================>get server info
    cookieName
    :
    “iPlanetDirectoryPro”
    domains
    :
    [“”]
    forgotPassword
    :
    “false”
    forgotUsername
    :
    “false”
    kbaEnabled
    :
    “false”
    lang
    :
    “zh-CN”
    protectedUserAttributes
    :
    []
    realm
    :
    “/”
    referralsEnabled
    :
    “false”
    secureCookie
    :
    false
    selfRegistration
    :
    “false”
    socialImplementations
    :
    []
    successfulUserRegistrationDestination
    :
    “default”
    xuiUserSessionValidationEnabled
    :
    true
    zeroPageLogin
    :
    {enabled: false, allowedWithoutReferer: true, refererWhitelist: []}

    And the cookie is also different:
    =============>
    Request cookie in Linux
    JSESSIONID 0A1282920CEF2B02E09B6BF013E6E8C8
    i18next zh-CN
    Response Cookies
    =============>
    Request cookie in Windows
    amlbcookie 01
    i18next zh-CN
    Response Cookies

    #9158
     david.bate
    Participant

    Are you going to this URL? I don’t see it in the above capture:

    http://openam.example.com:8080/openam/XUI/#login

    I don’t see an entry for this IP in the /etc/hosts:
    10.10.67.54

    In the above trace, it shows:

    ===============>General
    Request URL:http://openam.example.com:8080/openam/json/authenticate?
    Request Method:POST
    Status Code:500
    Remote Address:10.10.67.54:8080

    Do you see anything in the container logs? If it’s Tomcat, that would be catalina.out log file?

    Is this after the initial configuration? Or after a restart? or does restarting not help?

    Since you can’t login to the OpenAM GUI, you can’t set the debug logs to Message to get a better idea of what might be happening. Can you try starting your Tomcat server like this, to get it to temporarily turn on Message level debug logging?

    export CATALINA_OPTS=”-Dcom.iplanet.services.debug.level=message -Dcom.iplanet.services.debug.directory=/tmp/openamdebug”; ./catalina.sh start

    You can then go to /tmp/openamdebug to get the Message level debug logs.

    Thanks,
    David

    #9186
     Peter Major
    Moderator

    Note that XUI has a bug when trying to use host only cookies, see OPENAM-5264.

    #9261
     hekun
    Participant

    Thank you David,

    1.Yes, I open openam.example.com:8080/openam and it is directed to http://openam.example.com:8080/openam/XUI/#login/
    I only paste the successive request the returns 500 error, that is, http://openam.example.com:8080/openam/json/authenticate?

    2. I visit OpenAM on 10.10.67.54 (this is the Linux server) from my PC (windows) and set following content in windows/system32/driver/etc/hosts
    10.10.67.54 openam.example.com
    Is it necessary to set entry for 10.10.67.54 in /etc/hosts at the Linux server?

    3.No explicit error message in tomcat’s log found.

    4.The login page cannot be displayed after initial default config. I restart tomcat, but still hang at loading… page

    5.I add debug options as you mentioned and I found following exceptions in logs under /tmp/openamdebug
    (btw: How can I upload the log files?)

    1)in Authentication
    ——————
    amAuth:04/04/2016 08:45:58:927 AM CST: Thread[http-nio-8080-exec-8,5,main]: TransactionId[4b32c8ef-98b2-43eb-b50f-71066b189beb-15]
    Failed to instantiate : com.sun.identity.authentication.service.AuthenticationPrincipalDataRetrieverImpljava.lang.ClassNotFoundException: com.sun.identity.authentication.service.AuthenticationPrincipalDataRetrieverImpl
    ——————
    amAuthClientUtils:04/04/2016 10:32:21:832 AM CST: Thread[http-nio-8080-exec-6,5,main]: TransactionId[4b32c8ef-98b2-43eb-b50f-71066b189beb-200]
    Error in getExistingValidSSOToken
    com.iplanet.sso.SSOException: Invalid session ID.
    at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:220)
    at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:184)
    at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:236)
    at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:367)
    at com.sun.identity.authentication.client.AuthClientUtils.getExistingValidSSOToken(AuthClientUtils.java:1811)
    at org.forgerock.openam.core.CoreServicesWrapper.getExistingValidSSOToken(CoreServicesWrapper.java:135)
    at org.forgerock.openam.core.rest.authn.core.LoginAuthenticator.getLoginProcess(LoginAuthenticator.java:86)
    at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:165)
    at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.initiateAuthentication(RestAuthenticationHandler.java:98)
    at org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:142)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)

    2)In session
    ———————-
    amSSOProvider:04/04/2016 10:32:21:255 AM CST: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4b32c8ef-98b2-43eb-b50f-71066b189beb-192]
    SSOProviderImpl.createSSOToken(tokenId, false, true) could not create SSOToken for token ID “null” (Invalid session ID.)
    amSession:04/04/2016 10:32:21:255 AM CST: Thread[http-nio-8080-exec-4,5,main]: TransactionId[4b32c8ef-98b2-43eb-b50f-71066b189beb-192]
    Could not get SSOToken from context
    com.iplanet.sso.SSOException: Invalid session ID.
    at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:220)
    at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:184)
    at com.iplanet.sso.providers.dpro.SSOProviderImpl.createSSOToken(SSOProviderImpl.java:236)
    at com.iplanet.sso.SSOTokenManager.createSSOToken(SSOTokenManager.java:367)
    at org.forgerock.openam.rest.resource.SSOTokenContext.getSsoToken(SSOTokenContext.java:128)
    at org.forgerock.openam.rest.resource.SSOTokenContext$4.get(SSOTokenContext.java:107)
    at org.forgerock.openam.rest.resource.SSOTokenContext$4.get(SSOTokenContext.java:103)
    at org.forgerock.guava.common.base.Suppliers$MemoizingSupplier.get(Suppliers.java:125)
    at org.forgerock.openam.rest.resource.SSOTokenContext.getCallerSSOToken(SSOTokenContext.java:138)
    at org.forgerock.openam.rest.resource.SSOTokenContext.getSsoToken(SSOTokenContext.java:126)
    at org.forgerock.openam.rest.fluent.CrestLoggingFilter.logAccess(CrestLoggingFilter.java:192)
    at org.forgerock.openam.rest.fluent.CrestLoggingFilter.filterRead(CrestLoggingFilter.java:165)
    at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:107)
    at org.forgerock.openam.rest.ContextFilter.filterRead(ContextFilter.java:87)
    at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:107)
    at org.forgerock.openam.rest.AuthenticationEnforcer.filterRead(AuthenticationEnforcer.java:182)
    at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:107)
    at org.forgerock.json.resource.FilterChain.handleRead(FilterChain.java:237)
    at org.forgerock.json.resource.Router.handleRead(Router.java:324)
    at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:109)
    at org.forgerock.openam.rest.ContextFilter.filterRead(ContextFilter.java:87)
    at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:107)
    at org.forgerock.json.resource.FilterChain.handleRead(FilterChain.java:237)
    at org.forgerock.json.resource.InternalConnection.readAsync(InternalConnection.java:89)
    ———————–
    3)In EmbeddedDJ
    —————————
    EmbeddedDJ:04/04/2016 08:45:13:477 AM CST: Thread[http-nio-8080-exec-8,5,main]: TransactionId[4b32c8ef-98b2-43eb-b50f-71066b189beb-15]
    WARNING: The extensions directory /home/openam/apache-tomcat-9.0.0.M4/bin/lib/extensions does not exist, therefore no extensions will be loaded
    EmbeddedDJ:04/04/2016 08:45:13:685 AM CST: Thread[http-nio-8080-exec-8,5,main]: TransactionId[4b32c8ef-98b2-43eb-b50f-71066b189beb-15]
    No such file or directory
    java.io.IOException: No such file or directory
    at java.io.UnixFileSystem.createFileExclusively(Native Method)
    at java.io.File.createNewFile(File.java:1012)
    at org.opends.server.core.LockFileManager.acquireExclusiveLock(LockFileManager.java:222)
    at org.opends.quicksetup.Status.isServerRunning(Status.java:81)
    at org.opends.quicksetup.CurrentInstallStatus.<init>(CurrentInstallStatus.java:66)
    at org.opends.server.tools.InstallDS.checkInstallStatus(InstallDS.java:606)
    at org.opends.server.tools.InstallDS.execute(InstallDS.java:364)
    at org.opends.server.tools.InstallDS.mainCLI(InstallDS.java:312)
    at com.sun.identity.setup.EmbeddedOpenDS.runOpenDSSetup(EmbeddedOpenDS.java:428)
    at com.sun.identity.setup.EmbeddedOpenDS.setupOpenDS(EmbeddedOpenDS.java:367)
    at com.sun.identity.setup.EmbeddedOpenDS.setup(EmbeddedOpenDS.java:259)
    at com.sun.identity.setup.AMSetupServlet.setupEmbeddedDS(AMSetupServlet.java:836)
    at com.sun.identity.setup.AMSetupServlet.setupSMDatastore(AMSetupServlet.java:884)
    at com.sun.identity.setup.AMSetupServlet.configure(AMSetupServlet.java:922)
    at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:594)
    at com.sun.identity.config.DefaultSummary.createDefaultConfig(DefaultSummary.java:128)
    ———————–
    EmbeddedDJ:04/04/2016 08:45:25:285 AM CST: Thread[http-nio-8080-exec-8,5,main]: TransactionId[4b32c8ef-98b2-43eb-b50f-71066b189beb-15]
    Entry ds-cfg-key-id=4F02C6EDDC944D05ED2E7BF08C3BB8E9,cn=instance keys,cn=admin data specified as the search base DN does not exist
    org.opends.server.types.DirectoryException: Entry ds-cfg-key-id=4F02C6EDDC944D05ED2E7BF08C3BB8E9,cn=instance keys,cn=admin data specified as the search base DN does not exist
    at org.opends.server.backends.LDIFBackend.search(LDIFBackend.java:916)
    at org.opends.server.workflowelement.localbackend.LocalBackendSearchOperation.processSearch(LocalBackendSearchOperation.java:234)
    at org.opends.server.workflowelement.localbackend.LocalBackendSearchOperation.processLocalSearch(LocalBackendSearchOperation.java:111)
    at org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement.execute(LocalBackendWorkflowElement.java:733)
    at org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement.executeOnNonRootDSE(LocalBackendWorkflowElement.java:1024)
    at org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement.execute(LocalBackendWorkflowElement.java:895)
    at org.opends.server.core.SearchOperationBasis.run(SearchOperationBasis.java:1015)
    at org.opends.server.protocols.internal.InternalClientConnection.processSearch(InternalClientConnection.java:1987)
    at org.opends.server.protocols.internal.InternalClientConnection.processSearch(InternalClientConnection.java:1962)
    at org.opends.server.crypto.CryptoManagerImpl.publishInstanceKeyEntryInADS(CryptoManagerImpl.java:600)
    at org.opends.server.crypto.CryptoManagerSync.<init>(CryptoManagerSync.java:143)
    at org.opends.server.core.DirectoryServer.startServer(DirectoryServer.java:1477)
    at org.opends.server.util.EmbeddedUtils.startServer(EmbeddedUtils.java:88)
    at com.sun.identity.setup.EmbeddedOpenDS.startServer(EmbeddedOpenDS.java:463)
    at com.sun.identity.setup.EmbeddedOpenDS.setup(EmbeddedOpenDS.java:263)
    at com.sun.identity.setup.AMSetupServlet.setupEmbeddedDS(AMSetupServlet.java:836)
    at com.sun.identity.setup.AMSetupServlet.setupSMDatastore(AMSetupServlet.java:884)

    ——————————-
    EmbeddedDJ:04/04/2016 08:45:25:285 AM CST: Thread[http-nio-8080-exec-8,5,main]: TransactionId[4b32c8ef-98b2-43eb-b50f-71066b189beb-15]
    Entry ds-cfg-key-id=4F02C6EDDC944D05ED2E7BF08C3BB8E9,cn=instance keys,cn=admin data specified as the search base DN does not exist
    org.opends.server.types.DirectoryException: Entry ds-cfg-key-id=4F02C6EDDC944D05ED2E7BF08C3BB8E9,cn=instance keys,cn=admin data specified as the search base DN does not exist
    at org.opends.server.backends.LDIFBackend.search(LDIFBackend.java:916)
    at org.opends.server.workflowelement.localbackend.LocalBackendSearchOperation.processSearch(LocalBackendSearchOperation.java:234)
    at org.opends.server.workflowelement.localbackend.LocalBackendSearchOperation.processLocalSearch(LocalBackendSearchOperation.java:111)
    at org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement.execute(LocalBackendWorkflowElement.java:733)
    at org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement.executeOnNonRootDSE(LocalBackendWorkflowElement.java:1024)
    at org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement.execute(LocalBackendWorkflowElement.java:895)
    at org.opends.server.core.SearchOperationBasis.run(SearchOperationBasis.java:1015)
    at org.opends.server.protocols.internal.InternalClientConnection.processSearch(InternalClientConnection.java:1987)
    at org.opends.server.protocols.internal.InternalClientConnection.processSearch(InternalClientConnection.java:1962)
    at org.opends.server.crypto.CryptoManagerImpl.publishInstanceKeyEntryInADS(CryptoManagerImpl.java:600)
    at org.opends.server.crypto.CryptoManagerSync.<init>(CryptoManagerSync.java:143)
    at org.opends.server.core.DirectoryServer.startServer(DirectoryServer.java:1477)
    at org.opends.server.util.EmbeddedUtils.startServer(EmbeddedUtils.java:88)
    at com.sun.identity.setup.EmbeddedOpenDS.startServer(EmbeddedOpenDS.java:463)
    at com.sun.identity.setup.EmbeddedOpenDS.setup(EmbeddedOpenDS.java:263)
    at com.sun.identity.setup.AMSetupServlet.setupEmbeddedDS(AMSetupServlet.java:836)
    at com.sun.identity.setup.AMSetupServlet.setupSMDatastore(AMSetupServlet.java:884)
    at com.sun.identity.setup.AMSetupServlet.configure(AMSetupServlet.java:922)
    at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:594)
    at com.sun.identity.config.DefaultSummary.createDefaultConfig(DefaultSummary.java:128)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    —————————————-

    #9262
     hekun
    Participant

    Thank you Peter,
    Would you please also tell me how can I find the post about OPENAM-5264? I cannot find it with the search button at right top corner.

    #9273
     skarmakar
    Participant

    Hi Hekun,

    I had the similar problem with OpenAM 12.0.2. Does not show the login page. Was stuck at “Loading” page.

    Did you define at least 1 GB jvm heap for your OpenAM deployment on Linux?

    OpenAM has some Memory requirements. You might want to look into the following.
    https://backstage.forgerock.com/#!/docs/openam/13/deployment-planning#ram-requirements

    You might have to set something similar
    CATALINA_OPTS=”-server -Xms1024m -Xmx1024m -XX:MaxPermSize=256m”

    Restart Tomcat and try to browse OpenAM again.

    The link to OPENAM-5264 bug is
    https://bugster.forgerock.org/jira/browse/OPENAM-5264

    Hope it helps

    Thanks

    #9275
     hekun
    Participant

    Hi Skarmakar,
    Thank you for your suggestion, but I changed the CATALINA_OPTS as you suggested, it still hangs at loading… page.
    But
    I opened the link you provided about the pre-requirements of OpenAM and find it says only support tomcat 7&8, so I changed the tomcat to 7.0.68 (I used tomcat 9 in previous deployment) and it works!

    Great thanks to you, David and Peter!

    btw:
    I used tomcat 9 in my PC (windows 10) to deploy OpenAM 13 and it works, so I think I can use tomcat 9 in Linux as well by mistake:(

    #16566
     KK
    Participant

    Thanks much @hekun for your reply here. You saved my day. Open AM 13 does not support all the versions of Tomcat. Even 8.5.12 was not supported by Open AM 13. I have deployed it on Tomcat 7.0.68 as suggested by you and started working. These things should be properly documented in Open AM installation guides to use only those versions of tomcat which are being supported.

    #16568
     Peter Major
    Moderator

    If OpenAM does not work for you on Tomcat 8.5, most likely you have configured a cookie domain with a leading dot character.

    #16576
     KK
    Participant

    Thanks @peter for your quick response. I have used default tomcat & Open AM configuration. Not changed anything related to cookie domain.

    • This reply was modified 5 years, 6 months ago by KK.
    • This reply was modified 5 years, 6 months ago by KK.
    #16579
     Peter Major
    Moderator

    The default options on 13 will generate a cookie domain with a leading dot. You should use the Custom configuration options. 13.5 and later versions automatically use the full FQDN as cookie domain instead.

    #16580
     KK
    Participant

    Thanks for this input @peter. Is it documented in the release/installation guide anywhere. This issue ate up my entire day as I am very new to Open AM.

    #18787
     contactmayank33
    Participant

    Thanks for the input Peter. I got stuck with same problem. I used FQDN while setting Cookie Domain and it solved the issue.

    Regards,
    Mayank Jain

Viewing 13 posts - 1 through 13 (of 13 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?