This topic has 8 replies, 3 voices, and was last updated 4 years, 5 months ago by 
-
Posts
-
Hello folks,
I am trying to install OpenAM 5.5.1 war file for the first time on tomcat7 instance. While trying to setup the first custom site, configuration wizard fails with below exception. I tried to look around this issue and it seems like most of them are pointing to configuration change of “ssoadm” as mentioned in below link. But I couldnt find where it exists. May be I couldnt find becoz my installation is not finished.
https://backstage.forgerock.com/knowledge/kb/article/a17894100#site
Can someone help me here to over come this issue?
–Thanks
Exception:
02/23/2018 08:06:48:488 AM UTC: Reinitializing system properties.
AMSetupServlet.processRequest: errorcom.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.
at com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:251)
at com.sun.identity.security.AdminTokenAction.run(AdminTokenAction.java:67)
at java.security.AccessController.doPrivileged(AccessController.java:638)
at com.iplanet.am.util.SystemProperties.initializeProperties(SystemProperties.java:439)
at com.sun.identity.setup.AMSetupServlet.reInitConfigProperties(AMSetupServlet.java:979)
at com.sun.identity.setup.AMSetupServlet.configure(AMSetupServlet.java:823)
at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:473)Are you configuring AM from the web admin console? If so, I’m not sure why you would get that error, but I think references to ssoadm are a red herring. The ssoadm executable is a command line tool that can be used to configure AM in scripts. If you don’t know about it, I’m guessing you aren’t using it. The KB article you mention describes the same symptoms, but is purely about altering the ssoadm script to cater for a site configuration, so won’t be your issue.
-Andy
Thanks Andy for the response.
I am configuring OpenAM for the first time through Web. I am not using any scripts to install OpenAM. Below are the steps I did.
1) Installed tomcat on linux vm
2) Deployed AM-eval-5.5.1.war as ROOT.war into webapps folder and restarted tomcat
3) Go to http://<tomcathost>:8080/
4) Went through “Custom Site Configuration” link
5) Went through all the screens by providing details for Local configuration OpenAM Store, User Store and Loadbalancer Site information.
6) Wizard started configuration and errored out with above exception.Do I still have to modify any properties in the WAR file to get around this issue?
Thanks.
As per the Note shown here: https://backstage.forgerock.com/docs/am/5.5/install-guide/#deploy-openam
To properly configure AM, AM requires a deployment URI with a non-empty string after /. Do not deploy AM at the root context. Do not rename the .war file to ROOT.war before deploying on Tomcat, for example.
Oh, and for best practice don’t deploy it as openam.war. Use something like Andy suggested like sso.war or other common choices are auth.war, login.war….mickeymouse.war…..j/k. Basically anything other than ROOT.war and openam.war.
Thanks for pointing that out Scott. Will try it and let you know how it goes with 5.5 version.
As I am trying to evaluate the product for a quick POC, I tried installing OpenAM 13.0 version and It is up and running. I installed it as openam.war according to documentation. It seems like version 13.0 doesn’t seem to have issues with the name as “openam.war”
Will have to integrate OpenAM with OpenIG 4.0 for a quick OpenIDConnect POC.
Thanks,
NavHi Nav
Unlike using ROOT.war, there’s no technical reason you can’t use openam.war. Scott’s advice was more around best practice. Using something generic like sso.war or auth.war doesn’t advertise the vendor of your SSO platform.
-Andy
You must be logged in to reply to this topic.
