Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-11890

Amster - Installing AM with External Config Store and SSL connection (LDAPS) fails

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Not a defect
    • Affects Version/s: 14.0.0, 14.1.0, 14.5.0
    • Fix Version/s: None
    • Component/s: Amster
    • Labels:
      None
    • Environment:
      AM 5.1.1
      OpenDJ 4.0.0
      Amster 5.0
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      No (add reasons in the comment)

      Description

      Bug description

      Installing OpenAM via Amster commands fails when creating the demo user. 

      How to reproduce the issue

      Following this guide

      1. Setup a DS (OpenDJ 4.0.0)
      2. Create a backend and import appropriate ldif files as per the guide describes
      3. Import the DS cert into truststore( guide)
      4. Run the Amster install-openam command e.g
        install-openam --serverUrl http://openam.example.com:8080/openam --adminPwd sameAstheDirMgrPwd --policyAgentPwd forgerock01 --acceptLicense --cfgStore dirServer --cfgStoreHost opendj.example.com --cfgStoreAdminPort 4444 --cfgStorePort 636 --cfgStoreRootSuffix dc=example,dc=com --cfgStoreSsl SSL

        (adminPwd must be the same as the cfgStoreDirMgrPwd (due to OPENAM-11469)

      Expected behaviour
      03/20/2017 02:30:25:805 PM GMT: Checking license acceptance...
      03/20/2017 02:30:25:806 PM GMT: License terms accepted.
      03/20/2017 02:30:25:808 PM GMT: Checking configuration directory /tomcat/openam.
      03/20/2017 02:30:25:809 PM GMT: ...Success.
      03/20/2017 02:30:25:811 PM GMT: Tag swapping schema files.
      03/20/2017 02:30:25:822 PM GMT: ...Success.
      03/20/2017 02:30:25:822 PM GMT: Loading Schema odsee_config_schema.ldif
      03/20/2017 02:30:25:849 PM GMT: ...Success.
      ...
      03/20/2017 02:30:29:421 PM GMT: Registering service amAuthAmster.xml
      03/20/2017 02:30:29:457 PM GMT: ...Success.
      03/20/2017 02:30:29:485 PM GMT: Configuring system.
      03/20/2017 02:30:30:248 PM GMT: ...Done
      03/20/2017 02:30:30:249 PM GMT: Configuring server instance.
      03/20/2017 02:30:30:281 PM GMT: ...Done
      03/20/2017 02:30:31:201 PM GMT: Creating demo user.
      03/20/2017 02:30:31:213 PM GMT: ...Done
      03/20/2017 02:30:31:214 PM GMT: Setting up monitoring authentication file.
      Configuration complete!
      
      Current behaviour
      am> install-openam --serverUrl http://openam.example.com:8080/openam --adminPwd sameAstheDirMgrPwd --policyAgentPwd forgerock01 --acceptLicense --cfgStore dirServer --cfgStoreHost opendj.example.com --cfgStoreAdminPort 4444 --cfgStorePort 636 --cfgStoreRootSuffix dc=example,dc=com --cfgStoreSsl SSL
      10/02/2017 12:32:42:749 PM BST: Checking license acceptance...
      10/02/2017 12:32:42:755 PM BST: License terms accepted.
      10/02/2017 12:32:42:759 PM BST: Checking configuration directory /root/openam.
      10/02/2017 12:32:42:762 PM BST: ...Success.
      10/02/2017 12:32:42:778 PM BST: Tag swapping schema files.
      
      ...............
      
      
      10/02/2017 12:32:54:409 PM BST: Configuring system.
      10/02/2017 12:32:57:020 PM BST: ...Done
      10/02/2017 12:32:57:029 PM BST: Configuring server instance.
      10/02/2017 12:32:57:155 PM BST: ...Done
      10/02/2017 10:14:51:964 AM BST: Creating demo user.
      <html><head><title>Apache Tomcat/7.0.81 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 500 - AMSetupFilter.doFilter</h1><HR size="1" noshade="noshade"><p><b>type</b> Exception report</p><p><b>message</b> <u>AMSetupFilter.doFilter</u></p><p><b>description</b> <u>The server encountered an internal error that prevented it from fulfilling this request.</u></p><p><b>exception</b> <pre>javax.servlet.ServletException: AMSetupFilter.doFilter
      	com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:141)
      	org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:43)
      </pre></p><p><b>root cause</b> <pre>com.sun.identity.setup.ConfiguratorException: Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception.  ldap errorcode=65, refer to install.log under /root/openam for more information.
      	com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:607)
      	com.sun.identity.setup.AMSetupServlet.doPost(AMSetupServlet.java:461)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
      	javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
      	org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      	org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:36)
      	org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
      	com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:125)
      	org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:43)
      </pre></p><p><b>note</b> <u>The full stack trace of the root cause is available in the Apache Tomcat/7.0.81 logs.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.81</h3></body></html>
      

      install.log:

      10/02/2017 12:32:59:653 PM BST: Creating demo user. 
      AMSetupServlet.processRequest: errorMessage:Initialization error. Unable to perform any operation.         
      at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.newIdRepoException(DJLDAPv3Repo.java:2488)         
      at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.createConnection(DJLDAPv3Repo.java:2547)        
      at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.create(DJLDAPv3Repo.java:661)         
      at com.sun.identity.idm.server.IdServicesImpl.create(IdServicesImpl.java:427)

      Now, if you run the Amster command again, it will complete the installation (without the demo user - no connection to the external config):

      am> install-openam --serverUrl http://openam.example.com:8080/openam --adminPwd sameAstheDirMgrPwd--policyAgentPwd forgerock01 --acceptLicense --cfgStore dirServer --cfgStoreHost opendj.example.com --cfgStoreAdminPort 4444 --cfgStorePort 636 --cfgStoreRootSuffix dc=example,dc=com --cfgStoreSsl SSL 
      10/02/2017 12:53:47:078 PM BST: Checking license acceptance... 
      10/02/2017 12:53:47:078 PM BST: License terms accepted. 
      10/02/2017 12:53:47:084 PM BST: Checking configuration directory /root/openam. 
      10/02/2017 12:53:47:084 PM BST: ...Success. 
      10/02/2017 12:53:47:085 PM BST: Reinitializing system properties. 
      10/02/2017 12:53:47:169 PM BST: ...Done 
      10/02/2017 12:53:47:171 PM BST: Configuring server instance. 
      10/02/2017 12:53:47:173 PM BST: ...Done 
      10/02/2017 12:53:48:740 PM BST: Setting up monitoring authentication file. 
      Configuration complete!

      Logging in OpenAM there are the amAdmin and anonymous users created.

      Work around

      None.

      Code analysis

      None.

       

        Attachments

        1. Configuration
          14 kB
        2. IdRepo
          90 kB
        3. install1.log
          21 kB
        4. install2.log
          5 kB

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                anastasios.kampas Tasos Kampas
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: