There was a discussion in OpenAM mailing list few days ago with regard to an error - "No such Organization found".
When such an error occurs, there are a few possibilities. One of it is a mis-configuration in Realm/DNS Aliases, such that an identical alias is created in different Realm.
The following shows an alias "idp.azlabs.sg" being created in Top Level Realm.
The same alias "idp.azlabs.sg" is also being created in Realm "testrealm".
When such a setting is configured, "No such Organization found" error will be displayed when a user or administrator attempts to login via OpenAM login page. As such, you are stuck if you are an administrator! There is no way you can login via the GUI.
How to resolve this issue?
* Use a LDAP browser to explicitly delete the duplicate alias.
The following is the alias which we want to keep:
The following is the duplicate alias which we need to delete:
Delete the entry "sunxmlKeyValue=sunidentityrepositoryservice-sunOrganizationAliases=idp.azlabs.sg" will do the trick! Remember to restart OpenAM server.
By the way, the following error is captured in Authentication debug log - "Multiple mappings found for organization identifier: idp.azlabs.sg".
This is where a lot of people failed to check before posting their questions in the mailing list. If one could look at the Authentication debug log in detail, the root cause is pretty obvious.
.
Since the problem comes from a wrong DNS/Realm alias setting - unable to resolve the realm from the accessed URL - if you just add the realm=/ param to the login page, login would've worked just fine. ;)
ReplyDeletethanks , it works for me !
Delete