Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8668

Fresh install of OpenAM doesn't load the login page on some Tomcat versions

    XMLWordPrintable

    Details

    • Support Ticket IDs:

      Description

      Commit 1d53d85f545c9343985fa4bf477ab919debfe065

      When you install a fresh instance of OpenAM on Tomcat 9, the login page failed to load.

      The request /openam/json/authenticate? returns a 500.

      No exception is logged, but in debug mode, I found out the root cause:

      java.lang.reflect.InvocationTargetException
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      	at java.lang.reflect.Method.invoke(Method.java:498)
      	at org.forgerock.openam.http.annotations.AnnotatedMethod.invoke(AnnotatedMethod.java:81)
      	at org.forgerock.openam.http.annotations.Endpoints$1.handle(Endpoints.java:72)
      	at org.forgerock.http.routing.Router.handle(Router.java:92)
      	at org.forgerock.http.handler.Chain.handle(Chain.java:57)
      	at org.forgerock.openam.audit.AbstractHttpAccessAuditFilter.filter(AbstractHttpAccessAuditFilter.java:73)
      	at org.forgerock.http.handler.Chain.handle(Chain.java:55)
      	at org.forgerock.http.routing.Router.handle(Router.java:92)
      	at org.forgerock.http.handler.Chain.handle(Chain.java:57)
      	at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:84)
      	at org.forgerock.http.handler.Chain.handle(Chain.java:55)
      	at org.forgerock.http.routing.Router.handle(Router.java:92)
      	at org.forgerock.http.handler.Chain.handle(Chain.java:57)
      	at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:64)
      	at org.forgerock.http.handler.Chain.handle(Chain.java:55)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:220)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$400(AuthenticationFramework.java:65)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:212)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:205)
      	at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:221)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:168)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$100(AuthenticationFramework.java:65)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework$1.apply(AuthenticationFramework.java:155)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework$1.apply(AuthenticationFramework.java:152)
      	at org.forgerock.util.promise.PromiseImpl$7.handleStateChange(PromiseImpl.java:445)
      	at org.forgerock.util.promise.PromiseImpl.handleCompletion(PromiseImpl.java:521)
      	at org.forgerock.util.promise.PromiseImpl.addOrFireListener(PromiseImpl.java:509)
      	at org.forgerock.util.promise.PromiseImpl.thenAsync(PromiseImpl.java:438)
      	at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:146)
      	at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:96)
      	at org.forgerock.http.handler.Chain.handle(Chain.java:55)
      	at org.forgerock.openam.http.HandlerProvider.handle(HandlerProvider.java:50)
      	at org.forgerock.openam.http.HttpRoute$3.handle(HttpRoute.java:142)
      	at org.forgerock.http.routing.Router.handle(Router.java:92)
      	at org.forgerock.http.handler.Chain.handle(Chain.java:57)
      	at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:61)
      	at org.forgerock.http.handler.Chain.handle(Chain.java:55)
      	at org.forgerock.http.handler.Chain.handle(Chain.java:57)
      	at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:60)
      	at org.forgerock.http.handler.Chain.handle(Chain.java:55)
      	at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:222)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      	at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
      	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:192)
      	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:165)
      	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
      	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:108)
      	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:522)
      	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
      	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
      	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:620)
      	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
      	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
      	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:1096)
      	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
      	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:760)
      	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1480)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
      	at java.lang.Thread.run(Thread.java:745)
      Caused by: java.lang.IllegalArgumentException: An invalid domain [.example.com] was specified for this cookie
      	at org.apache.tomcat.util.http.Rfc6265CookieProcessor.validateDomain(Rfc6265CookieProcessor.java:181)
      	at org.apache.tomcat.util.http.Rfc6265CookieProcessor.generateHeader(Rfc6265CookieProcessor.java:123)
      	at org.apache.catalina.connector.Response.generateCookieString(Response.java:989)
      	at org.apache.catalina.connector.Response.addCookie(Response.java:937)
      	at org.apache.catalina.connector.ResponseFacade.addCookie(ResponseFacade.java:391)
      	at javax.servlet.http.HttpServletResponseWrapper.addCookie(HttpServletResponseWrapper.java:58)
      	at org.forgerock.openam.validation.ResponseValidationFilter$ValidationWrapper.addCookie(ResponseValidationFilter.java:63)
      	at com.sun.identity.shared.encode.CookieUtils.addCookieToResponse(CookieUtils.java:412)
      	at com.sun.identity.authentication.service.AuthUtils.setlbCookie(AuthUtils.java:741)
      	at org.forgerock.openam.core.CoreServicesWrapper.setLbCookie(CoreServicesWrapper.java:217)
      	at org.forgerock.openam.core.rest.authn.core.LoginAuthenticator.startLoginProcess(LoginAuthenticator.java:159)
      	at org.forgerock.openam.core.rest.authn.core.LoginAuthenticator.getLoginProcess(LoginAuthenticator.java:95)
      	at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:165)
      	at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.initiateAuthentication(RestAuthenticationHandler.java:98)
      	at org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:142)
      	... 75 more
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                chris.lee Chris Lee
                Reporter:
                quentin.castel Quentin CASTEL
                QA Assignee:
                Alex Walker [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: