Tuesday, August 2, 2011

Weird behavior in OpenAM 9.5.3 RC1 when configured with external configuration data store

OpenAM 9.5.3 stable release was released today. The download link is here.


Prior to this stable release, I was using 9.5.3 RC1 for a demo and discovered a weird behavior. Luckily,  it's gone in 9.5.3 stable release.

The issue only happened when an external configuration data store is used. In my case, I was using OpenDJ 2.4.2.

As with any default OpenAM installation, the log level was set to ERROR. I wanted to debug my deployment, thus I went ahead to set the log level from ERROR to MESSAGE via the OpenAM Administration Console.



Set Debug Level to "Message".




Everything ran fine. The verbose logging was output. However, once I restarted the web container, I'll not be able to get to the Login page anymore.

The Session log threw the following error:

**********************************************
amSSOProvider:08/02/2011 04:48:45:718 PM SGT: Thread[main,5,main]
SSO token ldap auth successful for AuthPrincipal: cn=dsameuser,ou=DSAME Users,dc=opensso,dc=java,dc=net
amSession:08/02/2011 04:48:45:777 PM SGT: Thread[main,5,main]
ERROR: SessionService.SessionService(): Initialization Failed
com.iplanet.services.naming.ServerEntryNotFoundException
at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:730)
at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:618)
at com.iplanet.dpro.session.service.SessionService.(SessionService.java:1772)
at com.iplanet.dpro.session.service.SessionService.getSessionService(SessionService.java:448)
at com.sun.identity.authentication.service.AuthD.getSS(AuthD.java:905)
at com.sun.identity.authentication.service.AuthD.initAuthSessions(AuthD.java:938)
at com.sun.identity.authentication.service.AuthD.(AuthD.java:273)
at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:560)
at com.sun.identity.authentication.UI.LoginLogoutMapping.initializeAuth(LoginLogoutMapping.java:100)
at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:75)


The fastest workaround was to change the LDAP value in the external configuration data store from MESSAGE back to ERROR.


Change to "ERROR".

Restarted web container. Solved. Everything back to normal. Very weird.  ( I tried Tomcat 6 and Glassfish 2.1, both threw the same error if external configuration data store is used )

Today, I tried OpenAM 9.5.3 with embedded and external config data store. Both work!

Out of curiousity, I tried OpenAM 9.5.3 RC1 with embedded config data store. It works! So it's only with external config data store, then it fails. Hmmmm....


.
 

No comments:

Post a Comment