Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12156

Admin console shows no agents when there are many (5K+)

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 14.5.1
    • Fix Version/s: None
    • Component/s: console
    • Labels:
    • Environment:
      AM deployed on tomcat, using separate OpenDJ as a config store and user repo.
    • Target Version/s:
    • Sprint:
      Wonderful Minsky - 2018.9
    • Needs backport:
      No
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      No (add reasons in the comment)

      Description

      Bug description

      AM Console fails to show list of OAuth2 agents when there are 5K+ agents already created.

      This is related to testing performed for OPENAM-11944.

      How to reproduce the issue

      1. Deploy tomcat with default memory settings
      2. Deploy and configure a separate OpenDJ server with two backends, one for config and the other as a user repo.
      3. Deploy and configure AM, using the separate OpenDJ server (config backend) for the config store and the user repo backend for the user repo.
      4. Run a script to create 5K+ agents (e.g. see attached below).
      5. Login to console as amadmin and navigate to the top level realm, Applications and OAuth2.  The circle progress indicator is shown for 10 secs or so and then an empty red error box is displayed along with the message in the Clients list indicating that No OAuth2.0 clients are configured.
      6. Can confirm using an ldapsearch query to the separate config store that OAuth2 agents do actually exist.
      Expected behaviour
      A list of agents is shown.  Perhaps the first page of the list of agents is displayed and a means to navigate to the next page or filter the list based on partial name is provided?
      Current behaviour
      Empty red error box is shown and No OAuth2 clients are listed
      
      In the debug logs, following is seen:
      
      Caused by: java.lang.OutOfMemoryError: Java heap space
      at java.util.HashMap.newNode(HashMap.java:1742)
      at java.util.HashMap.putVal(HashMap.java:630)
      at java.util.HashMap.put(HashMap.java:611)
      at com.sun.identity.sm.SMSUtils.copyAttributes(SMSUtils.java:298)
      at com.sun.identity.sm.ServiceConfigImpl.getAttributes(ServiceConfigImpl.java:251)
      at com.sun.identity.sm.ServiceConfig.getAttributes(ServiceConfig.java:457)
      at com.sun.identity.idm.plugins.internal.AgentsRepo.getGroupNames(AgentsRepo.java:714)
      at com.sun.identity.idm.plugins.internal.AgentsRepo.getGroupName(AgentsRepo.java:706)
      at com.sun.identity.idm.plugins.internal.AgentsRepo.getAttributes(AgentsRepo.java:469)
      at com.sun.identity.idm.plugins.internal.AgentsRepo.search(AgentsRepo.java:970)
      at org.forgerock.openam.core.rest.sms.SmsAgentsEndpointFunctions$AgentQueryFunction.apply(SmsAgentsEndpointFunctions.java:104)
      at org.forgerock.openam.core.rest.sms.SmsAbstractAgentProvider.query(SmsAbstractAgentProvider.java:341)
      at org.forgerock.openam.core.rest.sms.SmsAgentsResource.query(SmsAgentsResource.java:165)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:96)
      at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:70)
      at org.forgerock.json.resource.AnnotatedCollectionHandler.handleQuery(AnnotatedCollectionHandler.java:58)
      at org.forgerock.json.resource.Router.handleQuery(Router.java:316)
      at org.forgerock.openam.core.rest.sms.tree.DescribedGeneralActionsHandler.handleQuery(DescribedGeneralActionsHandler.java:79)
      at org.forgerock.json.resource.FilterChain$Cursor.handleQuery(FilterChain.java:95)
      at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.lambda$filterQuery$4(AuthorizationFilters.java:325)
      at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter$$Lambda$239/1280872849.apply(Unknown Source)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:252)
      at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:216)
      at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.filterQuery(AuthorizationFilters.java:323)
      at org.forgerock.json.resource.FilterChain$Cursor.handleQuery(FilterChain.java:93)
      at org.forgerock.json.resource.FilterChain.handleQuery(FilterChain.java:246)
      at org.forgerock.json.resource.Router.handleQuery(Router.java:316)
      at org.forgerock.openam.core.rest.sms.tree.SmsRouteTree.handleQuery(SmsRouteTree.java:419)

      Work around

      Unknown.  It is still possible to create an OAuth2 agent using the rest api.  

      Note: Unknown as to whether this also affects the other Applications pages also in the admin console with large numbers of entries.  They each appear to provide a single page of all created relevant entities currently.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                lawrence.yarham Lawrence Yarham
              • Votes:
                0 Vote for this issue
                Watchers:
                9 Start watching this issue

                Dates

                • Created:
                  Updated: