Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11457

When importing session.json with amster --clean a failure occurs and sesson.json is not imported



    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 14.1.0, 6.0.0, 6.5.0,, 6.5.3
    • None
    • Amster
    • Rank:


      Bug description

      When importing a full configuration set which contains Session.json in one Realm, a failure message is displayed while importing the Session.json:
      "500 Internal Server Error: Unable to create SMS config: No plug-ins configured for this operation"

      The other json files are imported successfully and the instance works, but Session parameters for the realms are not set!
      We have to create the service manually via the ui.

      An import without --clean parameter works without any errors and the service is created successfully.

      It seems that this bug is caused by the fact, that the session parameters are stored at the Datastore OUs of a Realm at the config store. My assumption is: As clean import does remove datastores, the session parameters cannot be imported (the datastore was not created yet).

      How to reproduce the issue

      1. Install AM
      2. Configure Realm-level Session Service Settings on the top level realm
      3. export-config with Amster
      4. Remove the Session Service from the realm (otherwise, the --clean on the next step will fail because the Identity Store is deleted first, see the report at the end). If you will import the files in a different (empty) AM, then ignore this step.
      5. Import the exported files from step 3 with --clean. It fails with:
        Failed to import /opt/export/realms/root/Session.json : 500 Internal Server Error: Unable to create SMS config: No plug-ins configured for this operation

        when looking at the report, the Session Service in the 3rd file we import on the realm (before we import the Identities Store):

        Cleaning realm /
        Deleting AuthenticationChains: amsterService
        Deleting AuthenticationChains: ldapService
        Deleting OATH: OATH
        Deleting HOTP: HOTP
        Deleting Data Store: DataStore
        Deleting ForgeRock Amster: Amster
        Deleting Federation: Federation
        Deleting SAE: SAE
        Deleting LDAP: LDAP
        Deleting sunIdentityRepositoryService
        Deleting Policy Configuration
        Deleting Session Property Whitelist Service
        Deleting Applications: iPlanetAMWebAgentService
        Deleting Applications: oauth2Scopes
        Deleting ResourceTypes: 76656a38-5f8e-401b-83aa-4ccb74ce88d2
        Deleting ResourceTypes: d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b
        Imported /opt/export/realms/root/SessionPropertyWhiteList.json
        Imported /opt/export/realms/root/PolicyConfiguration.json
        [main] ERROR org.forgerock.amster.org.forgerock.openam.sdk.http.DefaultErrorHandler - Unhandled server error: [Status: 500 Internal Server Error] <-- Session Service
      Expected behaviour

      Successful import of the Session.json and creation of the service

      Current behaviour

      Failure message and Session parameters are not imported.

      Work around

      Not possible. Amster import succeeds, but the Session parameters will not be imported.

      Code analysis


      sun-idrepo-ldapv3-config-service-attributes=<result xsi:type="ns1:hashMap" enc:arrayType="ns1:mapEntry[1]"><item xsi:type="ns1:mapEntry"><key xsi:type="xsd:string">iPlanetAMSessionService</key><value xsi:type="ns1:hashMap" enc:arrayType="ns1:mapEntry[6]"><item xsi:type="ns1:mapEntry"><key xsi:type="xsd:string">iplanet-am-session-service-status</key><value xsi:type="ns1:hashSet" enc:arrayType="xsd:anyType[1]"><item xsi:type="xsd:string">Active</item></value></item><item xsi:type="ns1:mapEntry"><key xsi:type="xsd:string">iplanet-am-session-max-session-time</key><value xsi:type="ns1:hashSet" enc:arrayType="xsd:anyType[1]"><item xsi:type="xsd:string">600</item></value></item><item xsi:type="ns1:mapEntry"><key xsi:type="xsd:string">iplanet-am-session-max-idle-time</key><value xsi:type="ns1:hashSet" enc:arrayType="xsd:anyType[1]"><item xsi:type="xsd:string">120</item></value></item><item xsi:type="ns1:mapEntry"><key xsi:type="xsd:string">iplanet-am-session-quota-limit</key><value xsi:type="ns1:hashSet" enc:arrayType="xsd:anyType[1]"><item xsi:type="xsd:string">5</item></value></item><item xsi:type="ns1:mapEntry"><key xsi:type="xsd:string">objectclass</key><value xsi:type="ns1:hashSet" enc:arrayType="xsd:anyType[1]"><item xsi:type="xsd:string">iplanet-am-session-service</item></value></item><item xsi:type="ns1:mapEntry"><key xsi:type="xsd:string">iplanet-am-session-max-caching-time</key><value xsi:type="ns1:hashSet" enc:arrayType="xsd:anyType[1]"><item xsi:type="xsd:string">3</item></value></item></value></item></result>



          Issue Links



              Unassigned Unassigned
              daniel.franke Daniel Franke
              0 Vote for this issue
              10 Start watching this issue