[OPENAM-12080] OAuth2 Stateless Session Signing Key lost during upgrade Created: 10/Nov/17 Updated: 21/Aug/19 Resolved: 06/Dec/17
|Fix Version/s:||6.0.0, 5.5.2|
|Reporter:||Craig McDonnell||Assignee:||Dipu Seminlal|
|Labels:||AME, Must-Fix, NEWTON|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Sprint:||Sprint 2017.15 Curie, Sprint 2017.16 Newton|
|Needs QA verification:||
|Are the reproduction steps defined?:||
Yes and I used the same an in the description
OAuth2 Provider service's "Token Signing HMAC Shared Secret" is lost during the upgrade from OpenAM 13.5.0 to AM 6.0.0. I would assume that this affects others upgrade paths between.
Manually re-entering the value for OAuth2 Provider service's "Token Signing HMAC Shared Secret" fixes the configuration.
|Comment by Ľubomír Mlích [ 21/Aug/19 ]|
Reproduced with ForgeRock Access Management 5.5.1 Build 96b47ad4f1 (2017-October-26 15:41), introspect endpoint returned HTTP 500 until HMAC signing key was entered into configuration
Verified as fixed in ForgeRock Access Management 5.5.2-M7 Build 965200a558 (2019-August-20 08:11), no such problem was found