OpenAM Authentication issue with openDJ datastore.

Tagged: ,

This topic contains 6 replies, has 4 voices, and was last updated by  rayyanjaweedms 2 months, 1 week ago.

  • Author
    Posts
  • #20742
     jamsheer 
    Participant

    We had installed openAM with data store as openDJ, And it was working for past few months.

    But we are facing authentication issue for past few days frequently.

    Authentication is working when openAM restart and will get issue after some time, and its happening frequently.

    There is no error log available in both openAM and openDJ.

    Please see the noted points,

    1- Getting following memory leak issue in tomcat log.

    SEVERE: The web application [/sso] created a ThreadLocal with key of type [com.google.inject.internal.InjectorImpl$1] (value [com.google.inject.internal.InjectorImpl$1@18a71901]) and a value of type [java.lang.Object[]] (value [[Ljava.lang.Object;@1898b332]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.
    Jan 31, 2018 2:37:31 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks

    2- Found following log in activity.csv of openAM

    “26341d5b-b176-47d8-9ee9-725bbf93e36e-2418″,”2018-02-01T04:38:06.000Z”,”AM-SESSION-DESTROYED”,”26341d5b-b176-47d8-9ee9-725bbf93e36e-2195″,,”[“”86489d968cd61d3001″”]”,”id=dsameuser,ou=user,dc=*****,dc=*******,dc=com”,”86489d968cd61d3001″,”DELETE”,,,,,”Session”,

    3- We noted that after issue came, we are getting ‘{"code": 401,"reason": "Unauthorized", "message": "Authentication Failed"}‘ response from openAM API and also we are getting no configuration found message while accessing openAM UI.

    • This topic was modified 9 months, 2 weeks ago by  jamsheer.
    #20765
     jamsheer 
    Participant

    We are getting following errors in debug/session log.

    CTS: Operation failed:
    Result Code: Connect Error
    Diagnostic Message: No operational connection factories available
    Matched DN:
            at org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider$LdapConnectionFactory.create(LdapConnectionFactoryProvider.java:158)
            at org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider$LdapConnectionFactory.create(LdapConnectionFactoryProvider.java:126)
            at org.forgerock.openam.cts.impl.query.reaper.ReaperConnection.initConnection(ReaperConnection.java:98)
            ... 10 more
    Caused by: org.forgerock.opendj.ldap.ConnectionException: Connect Error: The connection attempt to server localhost/127.0.0.1:389 has failed because the connection timeout period of 10000 ms was exceeded
            at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:163)
            at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:124)
            at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:75)
            at org.forgerock.opendj.ldap.LDAPConnectionFactory.newConnectTimeoutError(LDAPConnectionFactory.java:579)
            at org.forgerock.opendj.ldap.LDAPConnectionFactory.access$600(LDAPConnectionFactory.java:132)
            at org.forgerock.opendj.ldap.LDAPConnectionFactory$3.run(LDAPConnectionFactory.java:461)
            at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
            at java.util.concurrent.FutureTask.run(FutureTask.java:266)
            at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
            at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
            ... 3 more
    
    amCTSReaper:02/02/2018 04:35:21:179 AM UTC: Thread[pool-6-thread-1,5,main]: TransactionId[8be447be-7c2b-4f17-96c8-8d2f0d48971d-2]
    ERROR: CTS Reaper failed
    #21092
     jamsheer 
    Participant

    any update regarding this

    #21096
     handat 
    Participant

    Did you increase your open file limits?

    #21117
     Scott Heger 
    Participant

    It appears that you have configured your CTS store as an instance of DJ running on port 389 locally to your AM server. Are you able to run local ldapsearch queries to that instance? Is the instance up and running? Is that instance separate from your config store and user data store?

    #21121
     jamsheer 
    Participant

    OpenDJ was UP while checking and also it connecting from the control panel.

    #23164
     rayyanjaweedms 
    Participant

    Is the CTS, datastore and the OpenAM configuration store all on the same OpenDJ?

    Have you tried doing a telnet from the OpenAM machine to the (CTS)OpenDJ machine on the configured port ???

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?