OpenAM Authentication issue with openDJ datastore.

Tagged: ,

This topic has 8 replies, 5 voices, and was last updated 3 years, 3 months ago by [email protected].

  • Author
  • #20742

    We had installed openAM with data store as openDJ, And it was working for past few months.

    But we are facing authentication issue for past few days frequently.

    Authentication is working when openAM restart and will get issue after some time, and its happening frequently.

    There is no error log available in both openAM and openDJ.

    Please see the noted points,

    1- Getting following memory leak issue in tomcat log.

    SEVERE: The web application [/sso] created a ThreadLocal with key of type [$1] (value [[email protected]]) and a value of type [java.lang.Object[]] (value [[Ljava.lang.Object;@1898b332]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.
    Jan 31, 2018 2:37:31 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks

    2- Found following log in activity.csv of openAM


    3- We noted that after issue came, we are getting ‘{"code": 401,"reason": "Unauthorized", "message": "Authentication Failed"}‘ response from openAM API and also we are getting no configuration found message while accessing openAM UI.

    • This topic was modified 4 years, 6 months ago by jamsheer.

    We are getting following errors in debug/session log.

    CTS: Operation failed:
    Result Code: Connect Error
    Diagnostic Message: No operational connection factories available
    Matched DN:
            at org.forgerock.openam.cts.impl.query.reaper.ReaperConnection.initConnection(
            ... 10 more
    Caused by: org.forgerock.opendj.ldap.ConnectionException: Connect Error: The connection attempt to server localhost/ has failed because the connection timeout period of 10000 ms was exceeded
            at org.forgerock.opendj.ldap.LdapException.newLdapException(
            at org.forgerock.opendj.ldap.LdapException.newLdapException(
            at org.forgerock.opendj.ldap.LdapException.newLdapException(
            at org.forgerock.opendj.ldap.LDAPConnectionFactory.newConnectTimeoutError(
            at org.forgerock.opendj.ldap.LDAPConnectionFactory.access$600(
            at org.forgerock.opendj.ldap.LDAPConnectionFactory$
            at java.util.concurrent.Executors$
            at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(
            at java.util.concurrent.ScheduledThreadPoolExecutor$
            ... 3 more
    amCTSReaper:02/02/2018 04:35:21:179 AM UTC: Thread[pool-6-thread-1,5,main]: TransactionId[8be447be-7c2b-4f17-96c8-8d2f0d48971d-2]
    ERROR: CTS Reaper failed

    any update regarding this


    Did you increase your open file limits?

     Scott Heger

    It appears that you have configured your CTS store as an instance of DJ running on port 389 locally to your AM server. Are you able to run local ldapsearch queries to that instance? Is the instance up and running? Is that instance separate from your config store and user data store?


    OpenDJ was UP while checking and also it connecting from the control panel.


    Is the CTS, datastore and the OpenAM configuration store all on the same OpenDJ?

    Have you tried doing a telnet from the OpenAM machine to the (CTS)OpenDJ machine on the configured port ???


    Data store is external openDJ and telnet also working fine.


    Hi All ,

    we are also facing this same issue . we are using MSAD ( LDAP ) as user Data store . suddenly OpenAM starts throwing this Authentication Exception and Idrepo log shows “No operational connection factories available” . But MSAD LB shows nothing unusual . we got MSAD LB metrics from AWS . all the metrics are perfect and no notwork issue and no time out . the response time is less than 10 to 20 ms.

    we don’t know why OpenAM throwing time out exception . I Opened OpenAM support ticket but not able to find anything concrete solution . we are suspecting OPENAM-12920 causing this issue .

    After OpenAM restarts the issue will be resolved . this is more frequently happening after upgrade from 13.5.2 from 13.5.0 .

    please let me know if any one have solution


Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?