Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-10689

Installing AM using Amster failed when using an external data store

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 14.0.0
    • Fix Version/s: 14.5.0
    • Component/s: Amster
    • Environment:
      OpenAM 14.0.0-M20 Build 59f588ba4e (2017-February-15 11:05)
      Amster 14.0.0-M20
    • Needs backport:
      No
    • Support Ticket IDs:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes but I used my own steps. (If so, please add them in a new comment)

      Description

      Installation OpenAM using Amster failed, if it used external data store.

      Steps to reproduce

      1.) Install OpenDJ and Only Create Base Entry (dc=openam,dc=forgerock,dc=com)
      2.) Deploy AM and start container
      3.) Start Amster and install OpenAM

      am> install-openam --serverurl http://riso-centos7.test.forgerock.com:8080/openam --adminpwd f0rg3r0ck --acceptLicense true --BASE_DIR /root/openam --DIRECTORY_PORT 389 --DIRECTORY_ADMIN_PORT 4444 --DS_DIRMGRPASSWD f0rg3r0ck --DATA_STORE dirServer --ROOT_SUFFIX dc=openam,dc=forgerock,dc=com
      

      Observed result

      Entry uid=demo,ou=people,dc=openam,dc=forgerock,dc=com cannot be added because its parent entry ou=people,dc=openam,dc=forgerock,dc=com does not exist in the server
      Installation failed, because it tries to create a demo user in specified Data Store and this data store does not have Usres Store's entries ou=people and ou=groups. Currently it is not possible to specify user store in Amster's installation (see OPENAM-10664).

      02/21/2017 12:23:24:024 PM GMT: ...Done
      02/21/2017 12:23:26:390 PM GMT: Creating demo user.
      <html><head><title>Apache Tomcat/7.0.64 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - AMSetupFilter.doFilter</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>AMSetupFilter.doFilter</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>javax.servlet.ServletException: AMSetupFilter.doFilter
      	com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:141)
      	org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
      </pre></p><p><b>root cause</b> <pre>com.sun.identity.setup.ConfiguratorException: Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo: Unable to find entry: Entry uid=demo,ou=people,dc=openam,dc=forgerock,dc=com cannot be added because its parent entry ou=people,dc=openam,dc=forgerock,dc=com does not exist in the server, refer to install.log under /root/openam for more information.
      	com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:599)
      	com.sun.identity.setup.AMSetupServlet.doPost(AMSetupServlet.java:453)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
      	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      	org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
      	org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:88)
      	com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:125)
      	org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
      </pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.64 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.64</h3></body></html>
      

      I tried to prepare OpenDJ as an User Store, created ou pople, groups + all sachems and try to provide this DJ as a data store for installation(the same command like in the steps for reproduce). The installation was successful, but I am not able to login to AM as an amAdmin and also as a demo user which was created during installation. I am getting:
      User name/password combination is invalid.
      I can see that session were created in CTS. In Authentication debug log I observed:

      amAuthUtils:02/21/2017 01:23:01:353 PM GMT: Thread[http-bio-8080-exec-9,5,main]: TransactionId[9b3129d0-5119-4ef2-b3c8-f466a31f2b10-100]
      ERROR: AuthUtils:getAuthContext(): Invalid Session Timed out
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                emma.rumsey Emma Rumsey
                Reporter:
                richard.hruza Richard Hruza
                QA Assignee:
                Richard Hruza
              • Votes:
                1 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: