OpenAM Authentication issue with openDJ datastore.

Tagged: ,

This topic contains 6 replies, has 4 voices, and was last updated by  rayyanjaweedms 5 months, 1 week ago.

  • Author
  • #20742

    We had installed openAM with data store as openDJ, And it was working for past few months.

    But we are facing authentication issue for past few days frequently.

    Authentication is working when openAM restart and will get issue after some time, and its happening frequently.

    There is no error log available in both openAM and openDJ.

    Please see the noted points,

    1- Getting following memory leak issue in tomcat log.

    SEVERE: The web application [/sso] created a ThreadLocal with key of type [$1] (value [$1@18a71901]) and a value of type [java.lang.Object[]] (value [[Ljava.lang.Object;@1898b332]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak.
    Jan 31, 2018 2:37:31 PM org.apache.catalina.loader.WebappClassLoader checkThreadLocalMapForLeaks

    2- Found following log in activity.csv of openAM


    3- We noted that after issue came, we are getting ‘{"code": 401,"reason": "Unauthorized", "message": "Authentication Failed"}‘ response from openAM API and also we are getting no configuration found message while accessing openAM UI.

    • This topic was modified 1 year ago by  jamsheer.

    We are getting following errors in debug/session log.

    CTS: Operation failed:
    Result Code: Connect Error
    Diagnostic Message: No operational connection factories available
    Matched DN:
            at org.forgerock.openam.cts.impl.query.reaper.ReaperConnection.initConnection(
            ... 10 more
    Caused by: org.forgerock.opendj.ldap.ConnectionException: Connect Error: The connection attempt to server localhost/ has failed because the connection timeout period of 10000 ms was exceeded
            at org.forgerock.opendj.ldap.LdapException.newLdapException(
            at org.forgerock.opendj.ldap.LdapException.newLdapException(
            at org.forgerock.opendj.ldap.LdapException.newLdapException(
            at org.forgerock.opendj.ldap.LDAPConnectionFactory.newConnectTimeoutError(
            at org.forgerock.opendj.ldap.LDAPConnectionFactory.access$600(
            at org.forgerock.opendj.ldap.LDAPConnectionFactory$
            at java.util.concurrent.Executors$
            at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(
            at java.util.concurrent.ScheduledThreadPoolExecutor$
            ... 3 more
    amCTSReaper:02/02/2018 04:35:21:179 AM UTC: Thread[pool-6-thread-1,5,main]: TransactionId[8be447be-7c2b-4f17-96c8-8d2f0d48971d-2]
    ERROR: CTS Reaper failed

    any update regarding this


    Did you increase your open file limits?

     Scott Heger 

    It appears that you have configured your CTS store as an instance of DJ running on port 389 locally to your AM server. Are you able to run local ldapsearch queries to that instance? Is the instance up and running? Is that instance separate from your config store and user data store?


    OpenDJ was UP while checking and also it connecting from the control panel.


    Is the CTS, datastore and the OpenAM configuration store all on the same OpenDJ?

    Have you tried doing a telnet from the OpenAM machine to the (CTS)OpenDJ machine on the configured port ???

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?