-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Expired
-
Affects Version/s: 6.5.0
-
Fix Version/s: None
-
Component/s: self-service
-
Labels:
-
Rank:1|hzx6s7:
Bug description
From OpenAM 13.5 onwards we default to using a JCEKS keystore rather than a JKS keystore. Support for JCEKS is needed to allow symmetric keys to be stored. If upgrading from a version of OpenAM earlier than 13.5, OpenAM/AM will continue to use the JKS keystore rather than switching to using the JCEKS keystore.
This was a conscious decision as admins should have moved away from using the default JKS keystore in favour of one they create for themselves.
How to reproduce the issue
- Install AM 13.0.x
- Upgrade to AM 6.5.0-M17
- Run the functional test com.forgerock.openam.functionaltest.ui.uss.pages.AnswerSecurityQuestionPageTest
Expected behaviour
All tests should pass.
Current behaviour
Tests fail as the User Self-Service cannot be created. This is because the signing key alias required by User Self-Service is not found in the JKS keystore.
Work around
Configure AM to use the JCEKS keystore rather then the JSK keystore.
- Login to the admin console
- Select Configure > Server Defaults
- Select Security
- Select the "Key Store" tab
- Update "Keystore File" to %BASE_DIR%/%SERVER_URI%/keystore.jceks
- Update "Keystore Type" to JCEKS
- Restart AM
- is duplicated by
-
OPENAM-14025 User Self Service alias placeholder values are incorrect when upgraded from 13.0.0
-
- Closed
-