Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-1579

Encounter a Forbidden error when using AM_AGENT_REST_LOGIN=5 against AM 5.x

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 4.1.0-34
    • 4.2.0.0
    • None
    • agent 4.1.0-34 and AM 5.x

      Description

       When testing agent 4.1.0-34 against AM 5.x , if the following flag is used

      AM_AGENT_REST_LOGIN=5

      it is important to note that there should not have an extra slash in the naming.url

      com.sun.identity.agents.config.naming.url = http://openam.internal.example.com:8080/openam/   <====  

      The above naming.url used to work in the old PLL login for 4.1.0, however, when the new flag AM_AGENT_REST_LOGIN is used, it is using the new JSON call. That extra slash in the naming.url is causing a login failure as illustrated below.

      The following errors were observed when the agent fails to login

      2018-04-12 09:08:03.971 +0800 DEBUG [0x7f167fdaa700:22385][source/net_client.c:584] sync_connect(): connected to openam.internal.example.com:8080 (IPv4)
      2018-04-12 09:08:03.971 +0800 DEBUG [0x7f167fdaa700:22385][source/net_ops.c:323] send_restlogin_request(): sending 386 bytes to http://openam.internal.example.com:8080/openam//json/realms   /root/authenticate?authIndexType=module&authIndexValue=Application
      
      2018-04-12 09:08:03.975 +0800 DEBUG [0x7f167fdaa700:22385][source/net_ops.c:343] send_restlogin_request(): response status code: 400
      {"code":400,"reason":"Bad Request","message":"Resource path '/openam//json/realms/root/authenticate' contains empty path elements"}   <============== noticed the double slash 
      
      2018-04-12 09:08:03.975 +0800 DEBUG [0x7f167fdaa700:22385][source/net_ops.c:368] send_restlogin_request(): status: invalid argument
      2018-04-12 09:08:03.975 +0800 DEBUG [0x7f167fdaa700:22385][source/net_ops.c:1369] am_agent_login(): closing connection after failure
      2018-04-12 09:08:03.975 +0800 INFO [0x7f167fdaa700:22385] am_timer(): am_agent_login 4.60 msec
      
      2018-04-12 09:08:03.975 +0800 WARNING [0x7f167fdaa700:22385] get_config(): retry #2 (login failure)  <============== failure to login 
      
      
      2018-04-12 09:08:05.975 +0800 DEBUG [0x7f167fdaa700:22385][source/utility.c:2086] get_valid_openam_url(): active OpenAM service url: http://openam.internal.example.com:8080/openam/ (0)
      2018-04-12 09:08:05.975 +0800 INFO [0x7f167fdaa700:22385] am_timer(): getaddrinfo 0.08 msec
      2018-04-12 09:08:05.975 +0800 DEBUG [0x7f167fdaa700:22385][source/net_client.c:584] sync_connect(): connected to openam.internal.example.com:8080 (IPv4)
      2018-04-12 09:08:05.975 +0800 DEBUG [0x7f167fdaa700:22385][source/net_ops.c:323] send_restlogin_request(): sending 386 bytes to http://openam.internal.example.com:8080/openam//json/realms/root/authenticate?authIndexType=module&authIndexValue=Application
      2018-04-12 09:08:05.978 +0800 DEBUG [0x7f167fdaa700:22385][source/net_ops.c:343] send_restlogin_request(): response status code: 400
      {"code":400,"reason":"Bad Request","message":"Resource path '/openam//json/realms/root/authenticate' contains empty path elements"}
      2018-04-12 09:08:05.978 +0800 DEBUG [0x7f167fdaa700:22385][source/net_ops.c:368] send_restlogin_request(): status: invalid argument
      2018-04-12 09:08:05.978 +0800 DEBUG [0x7f167fdaa700:22385][source/net_ops.c:1369] am_agent_login(): closing connection after failure
      2018-04-12 09:08:05.978 +0800 INFO [0x7f167fdaa700:22385] am_timer(): am_agent_login 3.15 msec
      2018-04-12 09:08:05.978 +0800 WARNING [0x7f167fdaa700:22385] get_config(): retry #3 (login failure)
      2018-04-12 09:08:07.982 +0800 ERROR [0x7f167fdaa700:22385] get_config(): failed to fetch instance /work/openam5.5.1-4.1.0-34-Truven-29139/4.1.0-34v24/web_agents/apache24_agent/instances/agent_1/config/agent.conf configuration data (max 3 retries exhausted)
      
      2018-04-12 09:08:07.982 +0800 ERROR [0x7f167fdaa700:22385] amagent_auth_handler(): failed to get agent configuration instance, error: max number of retries exhausted    <=========== cannot get the agent configuration 

       

      Workaround

      ===========

      Change the naming.url from 

      com.sun.identity.agents.config.naming.url = http://openam.internal.example.com:8080/openam/   

      to

      com.sun.identity.agents.config.naming.url = http://openam.internal.example.com:8080/openam

        Attachments

          Activity

            People

            mareks Mareks Malnacs
            sam.phua Sam Phua
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: