Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14471

Failed to create root realm for data store (External Policy | Application)


    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s:
    • Fix Version/s: 6.5.1, 7.0.0
    • Component/s: console
    • Labels:
    • Sprint:
      AM Sustaining Sprint 60
    • Story Points:
    • Needs backport:
    • Support Ticket IDs:
    • Needs QA verification:
    • Functional tests:
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description


      Bug description

      Adding a secondary configuration for which the connection details are correct, SSL is not used (see OPENAM-14426) and for which the baseDn in the new secondary store does not match that in use, will result in the error '_Failed to create root realm for data store DataStoreId{id='NAME!'}', followed by 'Internal Server Error', but the secondary configuration is saved and can then be used in subsequent operations, e.g. to select as the data store for Policy and Configuration._

      How to reproduce the issue

      Details steps outlining how to recreate the issue (remove this text)

      1. Setup AM and DS as an external Data Store.
      2. Goto CONFIGURE>Global Services>External Data Stores>Secondary Configurations
      3. Click [Add a Secondary Configuration]
      4. Provide the same info you have for DS (./status --trustAll output)
      5. Ensure SSL and Start TLS are disabled.
      6. Click on Create.
      7. See the two error pop-ups displayed in the Browser/console
      8. Click on Cancel
      9. Click on the Secondary Configuration TAB!
      10. Find the DS you just created, edit, save and no issue.
      11. On the Realm Default, change one or both of the Data Stores to the one created.
      12. Add an application and see if it makes it into the Data Store.
      Expected behaviour
      The data store should only be selectable if the connection and secondary configuration created successfully.
      Current behaviour
      After the internal server error, the secondary configuration has been saved and can be selected for the Policy and Configuration stores.

      Work around

      Ensure that the new secondary configuration store has the same Base DN as that already in use.  See https://backstage.forgerock.com/docs/am/6.5/install-guide/#install-prepare-opendj-external-policy-and-application for documentation note re this.

      Code analysis

      The SMSGlobalConfigDataStoreProvider.validateDataStoreConnection checks that a connection can be made to the new secondary store, but does not also check that the base DN is available/present.  If this was done at this point, the error returned could be Bad Request and the secondary configuration would fail to save.


          Issue Links



              • Assignee:
                lawrence.yarham Lawrence Yarham
                lawrence.yarham Lawrence Yarham
              • Votes:
                0 Vote for this issue
                3 Start watching this issue


                • Created: