Tagged: ,

This topic has 2 replies, 1 voice, and was last updated 7 years, 1 month ago by rplogue.

  • Author
  • #5298


    I am having some issues with my current OpenAM set up. Firstly I have set up a small dev environment with 1 OpenAM server and 1 openDJ and everything works fine. I am now trying to set up a more realistic environment with a load balancer with 2 openAM servers behind it, I followed the HA guides outlined here


    So I have a site with the load balancer as the primary URL and the two openam servers behind it. This seems fine. I also have two replicated openam servers as the data stores again all seems fine here.

    My application and openam agent communicate to openam via the load balancer.

    The application works fine when there is only one openam but on the environment with 2 openam behind the httpd load balancer I have errors. In this environment my application can register a user on openam and also log a user in but when the user then goes to a secure page the agent tries to get the attributes my app users from the server and fails with the following error

    AmFilter: Error while delegating to inbound handler: Profile Attribute Task Handler, access will be denied
    [AgentException Stack]
    com.sun.identity.agents.arch.AgentException: Unable to obtain attributes: {uid=suid, cn=cn}, for user: id=A22562,ou=user,o=saas,ou=services,dc=openam,dc=forgerock,dc=org

    I am not sure why this is happening and can’t find any help in any other forums etc.

    I am also seeing the following in the agent logs, not sure if it is related

    returned HTTP response code: 500 for URL /openam/jaxrpc/SMSObjectIF

    Any help would be greatly appreciated.




    I should have added the openam version we are using is

    OpenAM 12.0.0 Build 11961 (2014-December-17 21:16)


    Got this sorted. It was an error in my httpd load balancer config. Not sure why other URLs worked and only the /openam/jaxrpc/SMSObjectIF failed but once I updated the load balancer everything works as expected now.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?