OpenAM Authentication issue with openDJ datastore.

Tagged: ,

This topic contains 8 replies, has 5 voices, and was last updated by  bbadavenkatappagari@operative.com 1 week ago.

  • Author
    Posts
  • #20742
     jamsheer 
    Participant

    We had installed openAM with data store as openDJ, And it was working for past few months.

    But we are facing authentication issue for past few days frequently.

    Authentication is working when openAM restart and will get issue after some time, and its happening frequently.

    There is no error log available in both openAM and openDJ.

    Please see the noted points,

    1- Getting following memory leak issue in tomcat log.

    SEVERE: The web application [/sso] created a ThreadLocal with key of type [com.google.inject.internal.InjectorImpl$1] (value [com.google.inject.internal.InjectorImpl$1@18a71901]) and a value of type [java.lang.Object[]] (value [[Ljava.lang.Object;@1898b332]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.
    Jan 31, 2018 2:37:31 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks

    2- Found following log in activity.csv of openAM

    “26341d5b-b176-47d8-9ee9-725bbf93e36e-2418″,”2018-02-01T04:38:06.000Z”,”AM-SESSION-DESTROYED”,”26341d5b-b176-47d8-9ee9-725bbf93e36e-2195″,,”[“”86489d968cd61d3001″”]”,”id=dsameuser,ou=user,dc=*****,dc=*******,dc=com”,”86489d968cd61d3001″,”DELETE”,,,,,”Session”,

    3- We noted that after issue came, we are getting ‘{"code": 401,"reason": "Unauthorized", "message": "Authentication Failed"}‘ response from openAM API and also we are getting no configuration found message while accessing openAM UI.

    • This topic was modified 1 year, 2 months ago by  jamsheer.
    #20765
     jamsheer 
    Participant

    We are getting following errors in debug/session log.

    CTS: Operation failed:
    Result Code: Connect Error
    Diagnostic Message: No operational connection factories available
    Matched DN:
            at org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider$LdapConnectionFactory.create(LdapConnectionFactoryProvider.java:158)
            at org.forgerock.openam.sm.datalayer.providers.LdapConnectionFactoryProvider$LdapConnectionFactory.create(LdapConnectionFactoryProvider.java:126)
            at org.forgerock.openam.cts.impl.query.reaper.ReaperConnection.initConnection(ReaperConnection.java:98)
            ... 10 more
    Caused by: org.forgerock.opendj.ldap.ConnectionException: Connect Error: The connection attempt to server localhost/127.0.0.1:389 has failed because the connection timeout period of 10000 ms was exceeded
            at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:163)
            at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:124)
            at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:75)
            at org.forgerock.opendj.ldap.LDAPConnectionFactory.newConnectTimeoutError(LDAPConnectionFactory.java:579)
            at org.forgerock.opendj.ldap.LDAPConnectionFactory.access$600(LDAPConnectionFactory.java:132)
            at org.forgerock.opendj.ldap.LDAPConnectionFactory$3.run(LDAPConnectionFactory.java:461)
            at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
            at java.util.concurrent.FutureTask.run(FutureTask.java:266)
            at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
            at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
            ... 3 more
    
    amCTSReaper:02/02/2018 04:35:21:179 AM UTC: Thread[pool-6-thread-1,5,main]: TransactionId[8be447be-7c2b-4f17-96c8-8d2f0d48971d-2]
    ERROR: CTS Reaper failed
    #21092
     jamsheer 
    Participant

    any update regarding this

    #21096
     handat 
    Participant

    Did you increase your open file limits?

    #21117
     Scott Heger 
    Participant

    It appears that you have configured your CTS store as an instance of DJ running on port 389 locally to your AM server. Are you able to run local ldapsearch queries to that instance? Is the instance up and running? Is that instance separate from your config store and user data store?

    #21121
     jamsheer 
    Participant

    OpenDJ was UP while checking and also it connecting from the control panel.

    #23164
     rayyanjaweedms 
    Participant

    Is the CTS, datastore and the OpenAM configuration store all on the same OpenDJ?

    Have you tried doing a telnet from the OpenAM machine to the (CTS)OpenDJ machine on the configured port ???

    #25244
     jamsheer 
    Participant

    Data store is external openDJ and telnet also working fine.

    #25633

    Hi All ,

    we are also facing this same issue . we are using MSAD ( LDAP ) as user Data store . suddenly OpenAM starts throwing this Authentication Exception and Idrepo log shows “No operational connection factories available” . But MSAD LB shows nothing unusual . we got MSAD LB metrics from AWS . all the metrics are perfect and no notwork issue and no time out . the response time is less than 10 to 20 ms.

    we don’t know why OpenAM throwing time out exception . I Opened OpenAM support ticket but not able to find anything concrete solution . we are suspecting OPENAM-12920 causing this issue .

    After OpenAM restarts the issue will be resolved . this is more frequently happening after upgrade from 13.5.2 from 13.5.0 .

    please let me know if any one have solution

    Thanks
    Bhargava

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?