Wednesday, December 21, 2011

OpenDJ Replication Server error during handshake phase




I have a pair of OpenDJ servers running in MMR mode. Customer has a sudden requirement to change IP addresses.

Simple request.. So I went ahead to modify the /etc/hosts. As simple as that.

No. The following error is observed in OpenDJ errors logs on both nodes:

[21/Dec/2011:12:46:32 +0800] category=SYNC severity=SEVERE_ERROR msgID=14942387 msg=Replication server 30809 was attempting to connect to replication server a125.az.com/172.8.8.125:8888 but has disconnected in handshake phase


[21/Dec/2011:12:46:32 +0800] category=SYNC severity=SEVERE_ERROR msgID=14942263 msg=In Replication server Replication Server 8888 30809: replication servers 200.2.2.125:8888 and 172.8.8.125:8888 have the same ServerId : 20398

:
:

[21/Dec/2011:12:46:36 +0800] category=SYNC severity=SEVERE_ERROR msgID=14942316 msg=Unable to send monitor data request for domain "cn=admin data" to replication server RS(30809) due to the following error: Socket closed

I resolved this by restarting both nodes.


.

Tuesday, December 20, 2011

OpenAM Fedlet

A customer asked me what's a OpenAM Fedlet and its usage. 



There isn't a lot of detailed document on OpenAM Fedlet. But this article from Oracle is great!

ForgeRock's documentation only has a section on Using Fedlets in Java Web Applications.

In layman term, this is my interpretation of Fedlet:

Basically, big organizations with budget will be using OpenAM Federation service.

e.g. One organization will install OpenAM to act as IdP (Identity Provider), while the rest of the organizations will enable their applications to be SAMLv2 -ready. These applications will then act as SP (Service Provider).

However, this takes time and effort and money.

Smaller organizations will definitely not be able to overhaul their applications to be SAMLv2-ready, as it is not cost-effective. So the way to go is to just deploy Fedlets (generated from OpenAM servers).


The Fedlet will act like a bridge between the OpenAM server (acting as IdP) and the applications.


It's simple and neat.

.

Friday, December 9, 2011

Overriding OpenAM classes


I was trying to change some behavior in OpenAM core components and I find the easiest way to do it is:
  • Modify the OpenAM source code
  • Compile the Java class
  • Deploy the compiled class in ../WEB-INF/classes
  • Restart OpenAM

The application container will let /WEB-INF/classes take priority over the class in the jar file residing in the /WEB-INF/lib directory. Nice!

In fact, it's not recommended to put back the modified class into the original jar file. I find that ugly in practice.

.