Problem with ssoadm add-svc-realm

This topic contains 1 reply, has 2 voices, and was last updated by  jamie.mcdowell@capgemini.com 6 months, 2 weeks ago.

  • Author
    Posts
  • #19701
     mtuhin 
    Participant

    Hi, I am evaluating AM 5.5.1 and as part of configuring OAuth2Provider, I use ssoadm dobatch option. In the dobatch file, I have a command like below:

    add-svc-realm -e FR -s OAuth2Provider -a “forgerock-oauth2-provider-jwt-token-lifetime=7200” “forgerock-oauth2-provider-keypair-name=oidc-signing-key” “moduleMessageEnabledInPasswordGrant=True” “forgerock-oauth2-provider-issue-refresh-token-on-refreshing-token=True” “forgerock-oauth2-provider-saved-consent-attribute=” “forgerock-oauth2-provider-amr-mappings=” “MapValueValidator=com.sun.identity.common.configuration.MapValueValidator” “forgerock-oauth2-provider-code-verifier-enforced=false” “forgerock-oauth2-provider-claims-parameter-supported=false” “storeOpsTokens=False” “forgerock-oauth2-provider-access-token-lifetime=7200” “forgerock-oauth2-provider-oidc-claims-extension-script=36863ffb-40ec-48b9-94b1-9a99f71cc3b5” “forgerock-oauth2-provider-loa-mapping=” “tokenSigningHmacSharedSecret=gU3qocfMKdb5jIbOlcq7D5iJEBOJc1sRPcqrjzNOP/0=” “forgerock-oauth2-provider-id-token-signing-algorithms-supported=HS256” “forgerock-oauth2-provider-id-token-signing-algorithms-supported=HS384” “forgerock-oauth2-provider-id-token-signing-algorithms-supported=HS512” “forgerock-oauth2-provider-id-token-signing-algorithms-supported=RS256” “supportedIDTokenEncryptionMethods=A128CBC-HS256” “supportedIDTokenEncryptionMethods=A256CBC-HS512” “forgerock-oauth2-provider-scope-implementation-class=org.forgerock.openam.oauth2.OpenAMScopeValidator” “forgerock-oauth2-provider-created-attribute-name=” “displayNameAttribute=cn” “forgerock-oauth2-provider-refresh-token-lifetime=604800” “devicePollInterval=5” “forgerock-oauth2-provider-issue-refresh-token=True” “forgerock-oauth2-provider-response-type-map-class=code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler” “forgerock-oauth2-provider-response-type-map-class=id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler” “forgerock-oauth2-provider-response-type-map-class=token|org.forgerock.oauth2.core.TokenResponseTypeHandler” “forgerock-oauth2-provider-authentication-attributes=uid” “forgerock-oauth2-provider-generate-registration-access-tokens=False” “forgerock-oauth2-provider-supported-scopes=address|Your postal address” “forgerock-oauth2-provider-supported-scopes=email|Your email address” “forgerock-oauth2-provider-supported-scopes=openid|” “forgerock-oauth2-provider-supported-scopes=phone|Your telephone number(s)” “forgerock-oauth2-provider-supported-scopes=profile|Your personal information” “forgerock-oauth2-provider-supported-scopes=session|Minimum data for session” “forgerock-oauth2-provider-supported-scopes=srv2srv|Service to service access” “completionUrl=” “idTokenInfoClientAuthenticationEnabled=True” “tokenSigningECDSAKeyAlias=” “statelessTokensEnabled=True” “forgerock-oauth2-provider-modified-attribute-name=” “supportedIDTokenEncryptionAlgorithms=RSA1_5” “clientsCanSkipConsent=True” “forgerock-oauth2-provider-authorization-code-lifetime=120” “forgerock-oauth2-provider-allow-open-dynamic-registration=false” “forgerock-oauth2-provider-default-scopes=address” “forgerock-oauth2-provider-default-scopes=email” “forgerock-oauth2-provider-default-scopes=openid” “forgerock-oauth2-provider-default-scopes=phone” “forgerock-oauth2-provider-default-scopes=profile” “alwaysAddClaimsToToken=True” “customLoginUrlTemplate=https://auth.devstage-aws.company_name.fr/login?goto=${goto}” “forgerock-oauth2-provider-hash-salt=nHNPmwZAedg7” “deviceCodeLifetime=300” “forgerock-oauth2-provider-supported-claims=address|Postal address” “forgerock-oauth2-provider-supported-claims=email|Email address” “forgerock-oauth2-provider-supported-claims=family_name|Family name” “forgerock-oauth2-provider-supported-claims=given_name|Given name” “forgerock-oauth2-provider-supported-claims=locale|Locale” “forgerock-oauth2-provider-supported-claims=name|Full name” “forgerock-oauth2-provider-supported-claims=phone_number|Phone number” “forgerock-oauth2-provider-supported-claims=profile|Your personal information” “forgerock-oauth2-provider-supported-claims=zoneinfo|Time zone” “verificationUrl=” “forgerock-oauth2-provider-default-acr=” “tokenSigningAlgorithm=RS256” “forgerock-oauth2-provider-subject-types-supported=public”

    But when I execute the command I get the error: “Incorrect data format, postal.” Has anyone encountered such error?

    I noticed that I get similar errors for all the property values with ‘|’ in them.

    #20363

    Hi, did you get a response for this? I am having having a similar issue however when i run the command

    “add-svc-realm -e / -u <adminuser> -f /path/to/pwdfile -s OAuth2Provider -D /opt/openam-config/oidcprovider.config”

    i get a blank line (doesnt look like this has failed). Normally i would see this (AM5)

    Service, OAuth2Provider was added to realm, /.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?