Opensso Fatal Error Cannot Obtain Application Sso Token
Contents |
OpenDJ OpenIDM OpenICF OpenIG Intro to Identity Downloads Forums General Discussion ForgeRock Projects OpenAM OpenIDM OpenDJ OpenIG OpenUMA DevOps Internet of Things Documentation Groups Resources Events Calendar Upcoming Event Map Add Event! AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token Home logging configuration class "com.sun.identity.log.s1is.logconfigreader" failed Forums ForgeRock Projects OpenAM AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token Learn openam admintokenaction fatal error cannot obtain application sso token more about our upcoming Identity Summits Tagged:openam, tomcat agent This topic contains 1 reply, has 2 voices, and was last ssoadm fatal error: cannot obtain application sso token updated by Scott Heger 1 year, 6 months ago. Author Posts April 17, 2015 at 12:00 pm #3914 sun.leo04@gmail.comParticipant Hi, I was trying to install openam 12 war with apache tomcat agent as configured
Check Amconfig.properties For The Following Properties
sso.But tried more than fifty times but am getting only error.Please help me to solve this issue.Thanks in advance. If I change below property value as amAdmin from webagent,while calling the protected application in tomcat second instance it countinously redirecting to same page again and again but didn't get any exception. amAdmin is my admin user of openam console. Please check this link for complete issue details. http://stackoverflow.com/questions/29676170/admintokenaction-fatal-error-cannot-obtain-application-sso-token April 17, 2015 at 4:54 pm #3918 Scott HegerParticipant Hi, Did you happen to catch this WARNING in the output of your Web Agent install: WARNING: Agent profile/User: webagent does not exist in OpenAM server! Either "Hit the Back button, and re-enter the correct agent profile name/user name", or "Create this agent profile when asked(available only in custom-install)", or "Continue without validating it because agent profile is in sub realm", or "Continue without validating/creating it, and manually validate/create it in OpenAM server after installation". Looks like you didn't create the agent profile in OpenAM. Or if you did, you created it in a sub-realm where you would then need to change the com.sun.identity.agents.config.organization.name value in the OpenSSOAgentBootstrap.properties file to reference the realm where the agent profile is. The com.sun.identity.agents.config.username property should be set to the name of your agent profile. Looking at your install output it looks like you originally put in "webagent". Does that profile exist? Author Posts Viewing 2 posts - 1 through 2 (of 2 total) You must be logged in to reply to this topic. Share this 0 likes Log In Username: Password: Remember Me Log In Register Lost Password Upcoming Tech Events Par
OpenDJ OpenIDM OpenICF OpenIG Intro to Identity Downloads Forums General Discussion ForgeRock Projects OpenAM OpenIDM OpenDJ OpenIG OpenUMA DevOps Internet of Things Documentation Groups Resources Events Calendar Upcoming Event Map Add Event! Issue with ssoadm tool after setting up OpenAM site. Home Forums ForgeRock Projects OpenAM Issue with ssoadm tool after setting up OpenAM site. Learn more about our upcoming Identity Summits This topic contains 4 replies, has 3 voices, and was last updated by gbairwa@scholastic.com 8 months ago. Author Posts March 26, https://forgerock.org/topic/admintokenaction-fatal-error-cannot-obtain-application-sso-token/ 2015 at 10:42 pm #3745 PareshParticipant Hi, We are setting up OpenAM instance. The setup is done using "openam-configurator" tool. We have specified the same password for amadmin (ADMIN_PWD) and embedded OpenDJ "cn=Directory Manager" user (DS_DIRMGRPASSWD) in the configuration file. After the setup is complete, then we create a realm and configure bunch of other https://forgerock.org/topic/issue-with-ssoadm-tool-after-setting-up-openam-site/ stuff using ssoadm tool. However, we have observed that after we setup a new OpenAM site and add the current OpenAM instance to this site, then we start getting an error for subsequent run of ssoadm tool. Here is the error message reported by ssoadm tool:
8.0 Release NotesPrevious: 4079: ssoadm import-svc-cfg command fails when using https://docs.oracle.com/cd/E19681-01/820-3745/ghtso/index.html Directory Server as the configuration data storeNext: 2905: jss4.jar http://azlabs.blogspot.com/2015/01/fatal-error-cannot-obtain-application.html entry is missing in the ssoadm classpath3955: Unable to execute the ssoadm command You are unable to execute the ssoadm command with the get-realm due to this exception. Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed fatal error com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token. Check AMConfig.properties for the following properties com.sun.identity.agents.app.username com.iplanet.am.service.password Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token. Check AMConfig.properties for the following properties com.sun.identity.agents.app.username com.iplanet.am.service.password AdminTokenAction: FATAL ERROR: Cannot cannot obtain application obtain Application SSO token. Check AMConfig.properties for the following properties com.sun.identity.agents.app.username com.iplanet.am.service.password Check if the amadmin password is different from the directory manager password for the service management data store. If yes, apply the following workaround. Workaround. Modify the server configuration XML as follows: Log in to the OpenSSO Console as amadmin. Use the ssoadm.jsp get-svrcfg-xml to get the server configuration XML. Use encode.jsp to encode the amadmin password. Set the encoded password in the two places represented by amadmin-password in the XML. For example:
and Taipei Fubon Marathon 2014. I kept my pace slow as these were supposed to be my built-up runs for a 100km race in Hong Kong next week. Back to OpenAM…. :) One could hit into this error fairly common - "FATAL ERROR: Cannot obtain Application SSO token". Just a moment ago while I was configuring SSO Admin Tool for a customer, I hit into the error. Prior to hitting the error, I added a site in OpenAM console and assigned the only OpenAM instance to this new site. I also made sure that site name was added as a -D parameter in ssoadm script. $ vi ssoadm -D"com.iplanet.am.naming.map.site.to.server=https://dsauth.abc.com:443/am=https://f50d.abc.com:3131/am" \ However, when the following command was executed, the error appeared! $ ./ssoadm list-servers -u amadmin -f .pwd.txt Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token. Check AMConfig.properties for the following properties com.sun.identity.agents.app.username com.iplanet.am.service.password Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token. Check AMConfig.properties for the following properties com.sun.identity.agents.app.username com.iplanet.am.service.password com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token. Check AMConfig.properties for the following properties com.sun.identity.agents.app.username com.iplanet.am.service.password Very strange indeed. Ah, maybe a restart of OpenAM will help. And yes, indeed! $ ./ssoadm list-servers -u amadmin -f .pwd.txt https://f50d.abc.com:3131/am . Posted by Chee Chong at 11:08 AM Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinteres