Giter VIP home page Giter VIP logo

Comments (15)

rlogue avatar rlogue commented on August 22, 2024

Wondering if you have any idea yet what the issue is? i.e. will it require a release or maybe I can alter my configuration? We want to start performance testing our solution soon but don't want to have to update OpenAM after this point. Thanks.

from openam.

rlogue avatar rlogue commented on August 22, 2024

Also noticed that the openam global services page is blank i.e. /openam/XUI/?realm=/#configure/global-services, see attached screenshot. From reading document i.e. https://backstage.forgerock.com/knowledge/kb/article/a94724800 in this screen I should see some configuration. Potentially this is causing the issue?

OpenAM-GlobalServices

from openam.

rlogue avatar rlogue commented on August 22, 2024

Seen in the CoreSystem log the following error when I try to access the Global Services page

frRest:04/17/2019 02:54:01:034 PM BST: Thread[http-nio-8801-exec-5,5,main]: TransactionId[30057191-bb78-4bbe-ad71-b74480c08471-481]
ERROR: A runtime exception occurred during the CREST request handling
java.lang.IllegalStateException: Exception from invocation expected to be handled by promise
at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:100)
at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:64)
at org.forgerock.json.resource.AnnotatedSingletonHandler.handleRead(AnnotatedSingletonHandler.java:63)
at org.forgerock.json.resource.Router.handleRead(Router.java:328)
at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:113)
at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter$6.apply(AuthorizationFilters.java:378)
at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter$6.apply(AuthorizationFilters.java:374)
at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:223)
at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.filterRead(AuthorizationFilters.java:374)
at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:111)
at org.forgerock.json.resource.FilterChain.handleRead(FilterChain.java:260)
at org.forgerock.json.resource.Router.handleRead(Router.java:328)
at org.forgerock.openam.core.rest.sms.tree.SmsRouteTree.handleRead(SmsRouteTree.java:400)
at org.forgerock.openam.core.rest.sms.tree.SmsRouteTree.getSingletonInstance(SmsRouteTree.java:350)
at org.forgerock.openam.core.rest.sms.tree.SmsRouteTree.readInstances(SmsRouteTree.java:340)
at org.forgerock.openam.core.rest.sms.tree.SmsRouteTree.handleAction(SmsRouteTree.java:269)
at org.forgerock.json.resource.Router.handleAction(Router.java:245)
at org.forgerock.openam.core.rest.sms.tree.SmsRouteTree.handleAction(SmsRouteTree.java:300)
at org.forgerock.openam.core.rest.sms.SmsRequestHandler.handleAction(SmsRequestHandler.java:647)
at org.forgerock.json.resource.Router.handleAction(Router.java:245)
at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:63)
at org.forgerock.openam.rest.fluent.AuditFilter.filterAction(AuditFilter.java:89)
at org.forgerock.openam.rest.fluent.AuditFilterWrapper.filterAction(AuditFilterWrapper.java:60)
at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:61)
at org.forgerock.openam.rest.fluent.CrestLoggingFilter.filterAction(CrestLoggingFilter.java:74)
at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:61)
at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:57)
at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:61)
at org.forgerock.openam.rest.AuthenticationEnforcer.filterAction(AuthenticationEnforcer.java:137)
at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:61)
at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:230)
at org.forgerock.json.resource.InternalConnection.actionAsync(InternalConnection.java:37)
at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:147)
at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:93)
at org.forgerock.json.resource.Requests$ActionRequestImpl.accept(Requests.java:185)
at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:139)
at org.forgerock.json.resource.http.HttpAdapter$1.apply(HttpAdapter.java:710)
at org.forgerock.json.resource.http.HttpAdapter$1.apply(HttpAdapter.java:707)
at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
at org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:707)
at org.forgerock.json.resource.http.HttpAdapter.doAction(HttpAdapter.java:612)
at org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:276)
at org.forgerock.http.handler.Handlers$HandlerDescribableAsDescribableHandler.handle(Handlers.java:154)
at org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:77)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:64)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:220)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$400(AuthenticationFramework.java:65)
at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:212)
at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:205)
at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:170)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$100(AuthenticationFramework.java:65)
at org.forgerock.caf.authentication.framework.AuthenticationFramework$1.apply(AuthenticationFramework.java:155)
at org.forgerock.caf.authentication.framework.AuthenticationFramework$1.apply(AuthenticationFramework.java:152)
at org.forgerock.util.promise.PromiseImpl$7.handleStateChange(PromiseImpl.java:485)
at org.forgerock.util.promise.PromiseImpl.handleCompletion(PromiseImpl.java:567)
at org.forgerock.util.promise.PromiseImpl.addOrFireListener(PromiseImpl.java:555)
at org.forgerock.util.promise.PromiseImpl.thenAsync(PromiseImpl.java:477)
at org.forgerock.util.promise.PromiseImpl.thenAsync(PromiseImpl.java:468)
at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:147)
at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:96)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61)
at org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:59)
at org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:214)
at org.forgerock.http.routing.Router.handle(Router.java:100)
at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:69)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61)
at org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:122)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61)
at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:70)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61)
at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:60)
at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61)
at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:237)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:96)
... 115 more
Caused by: org.forgerock.json.JsonException: Unable to validate attributes
at org.forgerock.openam.core.rest.sms.SmsJsonConverter.toJson(SmsJsonConverter.java:198)
at org.forgerock.openam.core.rest.sms.SmsJsonConverter.toJson(SmsJsonConverter.java:167)
at org.forgerock.openam.core.rest.sms.SmsJsonConverter.toJson(SmsJsonConverter.java:141)
at org.forgerock.openam.core.rest.sms.SmsGlobalSingletonProvider.addOrganisationAttributes(SmsGlobalSingletonProvider.java:148)
at org.forgerock.openam.core.rest.sms.SmsResourceProvider.getJsonValue(SmsResourceProvider.java:452)
at org.forgerock.openam.core.rest.sms.SmsResourceProvider.getJsonValue(SmsResourceProvider.java:440)
at org.forgerock.openam.core.rest.sms.SmsSingletonProvider.handleRead(SmsSingletonProvider.java:154)
... 119 more
Caused by: Message:Data validation failed for the attribute, selfServiceSigningSecretKeyAlias

    at com.sun.identity.sm.ServiceSchemaImpl.throwInvalidAttributeValuesException(ServiceSchemaImpl.java:741)
    at com.sun.identity.sm.ServiceSchemaImpl.validatePlugin(ServiceSchemaImpl.java:722)
    at com.sun.identity.sm.ServiceSchemaImpl.serverEndAttrValidation(ServiceSchemaImpl.java:692)
    at com.sun.identity.sm.ServiceSchemaImpl.validatePlugin(ServiceSchemaImpl.java:650)
    at com.sun.identity.sm.ServiceSchemaImpl.validateAttrValues(ServiceSchemaImpl.java:597)
    at com.sun.identity.sm.ServiceSchemaImpl.validateAttributes(ServiceSchemaImpl.java:345)
    at com.sun.identity.sm.ServiceSchemaImpl.validateAttributes(ServiceSchemaImpl.java:314)
    at com.sun.identity.sm.ServiceSchema.validateAttributes(ServiceSchema.java:749)
    at org.forgerock.openam.core.rest.sms.SmsJsonConverter.toJson(SmsJsonConverter.java:191)
    ... 125 more

from openam.

rlogue avatar rlogue commented on August 22, 2024

Seems like the attribute is added in the upgrade. I seen the following in the upgrade log

Services Upgrade Report

New Services

  • AuthenticatorPush
  • PushNotificationService
  • iPlanetAMAuthAmsterService
  • iPlanetAMAuthAuthenticatorPushRegistrationService
  • iPlanetAMAuthAuthenticatorPushService
  • sunAMAuthWSSAuthModuleService
  • sunAMAuthReCaptchaService
  • sunFAMSTSService

Modified Services

  • selfService
    Added attributeselfServiceEncryptionKeyPairAlias
    Added attributeKeyAliasValidator
    Added attributeselfServiceSigningSecretKeyAlias
    Added attributeselfServiceUserRegistrationDestination

I also see in the embedded opendj the following

../opends/db/userRoot/00000008.jdb: </AttributeSchema><AttributeSchema cosQualifier="default" i18nKey="signing.secret.key.alias" isSearchable="no" listOrder="natural" name="selfServiceSigningSecretKeyAlias" order="10" resourceName="signingSecretKeyAlias" syntax="string" type="single" validator="KeyAliasValidator" >

Does any of this stand out as being incorrect?

from openam.

rlogue avatar rlogue commented on August 22, 2024

Is there any other information I gather here to help out?

from openam.

rlogue avatar rlogue commented on August 22, 2024

If I do a fresh install of OpenAM 14.2.2 I can see that the Global Services tab is populated with configuration like you would expect. It would seem maybe this is an upgrade issue? If we can pin point the config that is causing the issue maybe there is a manual step that can be applied to allow this tab to work?

openam-fresh-globalservices

from openam.

rlogue avatar rlogue commented on August 22, 2024

Seems potentially related to this (Do you agree?)

https://backstage.forgerock.com/knowledge/kb/book/b37078014#a62372040

But everytime I run ssoadm, using the following command

./ssoadm get-attr-defs -s selfService -t organization -u amadmin -f pwd.txt

I get an error saying

Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token. com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.

and in the authenticaiton debug log I see

ERROR: Failed to obtain auth service url from server:

I have followed the advice here
https://backstage.forgerock.com/knowledge/kb/article/a17894100
to trust all certs but still can't get ssoadm running to ee if it can help my issue.

Do you think this is a path worth pursuing?

from openam.

rlogue avatar rlogue commented on August 22, 2024

Followed the advice here

https://bugster.forgerock.org/jira/browse/OPENAM-10280

which talks about what to do here

https://backstage.forgerock.com/docs/openam/13.5/upgrade-guide/#upgrade-user-services

I can now see the data under Global Services but still have the issue with session quotas. So a user can login once but whe they try the second time the call just hangs

When I make the requests I do a grep on all the files in the debug log directory and see no messages.

Edit. Is there anywhere else I can look to get information why the call is hanging?

from openam.

rlogue avatar rlogue commented on August 22, 2024

Issue is present in a clean install of 14.2.2 also. Issue only happens when

Resulting behavior if session quota exhausted = org.forgerock.openam.session.service.DenyAccessAction

from openam.

rlogue avatar rlogue commented on August 22, 2024

Don't seem to be getting any response on Jira anymore on this is it possible to let me know if we can proceed to get a fix here?

from openam.

kumar1801 avatar kumar1801 commented on August 22, 2024

Hi @rlogue

For Also noticed that the openam global services page is blank i.e. /openam/XUI/?realm=/#configure/global-services, see attached screenshot

You can follow the below steps to visible Global Services.
Modify Keystore:

After upgrading we have to modify key store extension from JKS to JCEKS.

The following steps show how to set up the JCEKS Keystore for user self-service:

In the OpenAM console, navigate to Configure > Server Defaults > Security > Key Store.
Change the Keystore File property to %BASE_DIR%/%SERVER_URI%/keystore.jceks.
Change the Keystore Type property to JCEKS.
Restart the OpenAM server.

from openam.

rlogue avatar rlogue commented on August 22, 2024

Hello,

Yes we did that it was mentioned in the link I posted on 6th May ie

https://bugster.forgerock.org/jira/browse/OPENAM-10280

Thanks,
Robert

from openam.

kumar1801 avatar kumar1801 commented on August 22, 2024

@rlogue

Ok Thank you

from openam.

dairoca90 avatar dairoca90 commented on August 22, 2024

im having the same issue in the current version OpenAM 14.6.6

from openam.

sp193 avatar sp193 commented on August 22, 2024

Seen in the CoreSystem log the following error when I try to access the Global Services page

frRest:04/17/2019 02:54:01:034 PM BST: Thread[http-nio-8801-exec-5,5,main]: TransactionId[30057191-bb78-4bbe-ad71-b74480c08471-481] ERROR: A runtime exception occurred during the CREST request handling java.lang.IllegalStateException: Exception from invocation expected to be handled by promise at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:100) at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:64) at org.forgerock.json.resource.AnnotatedSingletonHandler.handleRead(AnnotatedSingletonHandler.java:63) at org.forgerock.json.resource.Router.handleRead(Router.java:328) at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:113) at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter$6.apply(AuthorizationFilters.java:378) at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter$6.apply(AuthorizationFilters.java:374) at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255) at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244) at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:223) at org.forgerock.authz.filter.crest.AuthorizationFilters$AuthorizationFilter.filterRead(AuthorizationFilters.java:374) at org.forgerock.json.resource.FilterChain$Cursor.handleRead(FilterChain.java:111) at org.forgerock.json.resource.FilterChain.handleRead(FilterChain.java:260) at org.forgerock.json.resource.Router.handleRead(Router.java:328) at org.forgerock.openam.core.rest.sms.tree.SmsRouteTree.handleRead(SmsRouteTree.java:400) at org.forgerock.openam.core.rest.sms.tree.SmsRouteTree.getSingletonInstance(SmsRouteTree.java:350) at org.forgerock.openam.core.rest.sms.tree.SmsRouteTree.readInstances(SmsRouteTree.java:340) at org.forgerock.openam.core.rest.sms.tree.SmsRouteTree.handleAction(SmsRouteTree.java:269) at org.forgerock.json.resource.Router.handleAction(Router.java:245) at org.forgerock.openam.core.rest.sms.tree.SmsRouteTree.handleAction(SmsRouteTree.java:300) at org.forgerock.openam.core.rest.sms.SmsRequestHandler.handleAction(SmsRequestHandler.java:647) at org.forgerock.json.resource.Router.handleAction(Router.java:245) at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:63) at org.forgerock.openam.rest.fluent.AuditFilter.filterAction(AuditFilter.java:89) at org.forgerock.openam.rest.fluent.AuditFilterWrapper.filterAction(AuditFilterWrapper.java:60) at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:61) at org.forgerock.openam.rest.fluent.CrestLoggingFilter.filterAction(CrestLoggingFilter.java:74) at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:61) at org.forgerock.openam.rest.ContextFilter.filterAction(ContextFilter.java:57) at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:61) at org.forgerock.openam.rest.AuthenticationEnforcer.filterAction(AuthenticationEnforcer.java:137) at org.forgerock.json.resource.FilterChain$Cursor.handleAction(FilterChain.java:61) at org.forgerock.json.resource.FilterChain.handleAction(FilterChain.java:230) at org.forgerock.json.resource.InternalConnection.actionAsync(InternalConnection.java:37) at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:147) at org.forgerock.json.resource.http.RequestRunner.visitActionRequest(RequestRunner.java:93) at org.forgerock.json.resource.Requests$ActionRequestImpl.accept(Requests.java:185) at org.forgerock.json.resource.http.RequestRunner.handleResult(RequestRunner.java:139) at org.forgerock.json.resource.http.HttpAdapter$1.apply(HttpAdapter.java:710) at org.forgerock.json.resource.http.HttpAdapter$1.apply(HttpAdapter.java:707) at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255) at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244) at org.forgerock.json.resource.http.HttpAdapter.doRequest(HttpAdapter.java:707) at org.forgerock.json.resource.http.HttpAdapter.doAction(HttpAdapter.java:612) at org.forgerock.json.resource.http.HttpAdapter.handle(HttpAdapter.java:276) at org.forgerock.http.handler.Handlers$HandlerDescribableAsDescribableHandler.handle(Handlers.java:154) at org.forgerock.http.filter.OptionsFilter.filter(OptionsFilter.java:77) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61) at org.forgerock.http.routing.Router.handle(Router.java:100) at org.forgerock.http.routing.Router.handle(Router.java:100) at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:64) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61) at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:220) at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$400(AuthenticationFramework.java:65) at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:212) at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:205) at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255) at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244) at org.forgerock.caf.authentication.framework.AuthenticationFramework.validateRequest(AuthenticationFramework.java:170) at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$100(AuthenticationFramework.java:65) at org.forgerock.caf.authentication.framework.AuthenticationFramework$1.apply(AuthenticationFramework.java:155) at org.forgerock.caf.authentication.framework.AuthenticationFramework$1.apply(AuthenticationFramework.java:152) at org.forgerock.util.promise.PromiseImpl$7.handleStateChange(PromiseImpl.java:485) at org.forgerock.util.promise.PromiseImpl.handleCompletion(PromiseImpl.java:567) at org.forgerock.util.promise.PromiseImpl.addOrFireListener(PromiseImpl.java:555) at org.forgerock.util.promise.PromiseImpl.thenAsync(PromiseImpl.java:477) at org.forgerock.util.promise.PromiseImpl.thenAsync(PromiseImpl.java:468) at org.forgerock.caf.authentication.framework.AuthenticationFramework.processMessage(AuthenticationFramework.java:147) at org.forgerock.caf.authentication.framework.AuthenticationFilter.filter(AuthenticationFilter.java:96) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61) at org.forgerock.openam.http.GuiceHandler.handle(GuiceHandler.java:59) at org.forgerock.openam.http.HttpRoute$6.handle(HttpRoute.java:214) at org.forgerock.http.routing.Router.handle(Router.java:100) at org.forgerock.http.swagger.OpenApiRequestFilter.filter(OpenApiRequestFilter.java:69) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61) at org.forgerock.openam.http.ApiDescriptorFilter.filter(ApiDescriptorFilter.java:122) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61) at org.forgerock.openam.http.OpenAMHttpApplication$1.filter(OpenAMHttpApplication.java:70) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61) at org.forgerock.http.filter.TransactionIdInboundFilter.filter(TransactionIdInboundFilter.java:60) at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61) at org.forgerock.http.servlet.HttpFrameworkServlet.service(HttpFrameworkServlet.java:237) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:88) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:617) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:518) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1091) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:668) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1521) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1478) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.GeneratedMethodAccessor92.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.forgerock.json.resource.AnnotatedMethod.invoke(AnnotatedMethod.java:96) ... 115 more Caused by: org.forgerock.json.JsonException: Unable to validate attributes at org.forgerock.openam.core.rest.sms.SmsJsonConverter.toJson(SmsJsonConverter.java:198) at org.forgerock.openam.core.rest.sms.SmsJsonConverter.toJson(SmsJsonConverter.java:167) at org.forgerock.openam.core.rest.sms.SmsJsonConverter.toJson(SmsJsonConverter.java:141) at org.forgerock.openam.core.rest.sms.SmsGlobalSingletonProvider.addOrganisationAttributes(SmsGlobalSingletonProvider.java:148) at org.forgerock.openam.core.rest.sms.SmsResourceProvider.getJsonValue(SmsResourceProvider.java:452) at org.forgerock.openam.core.rest.sms.SmsResourceProvider.getJsonValue(SmsResourceProvider.java:440) at org.forgerock.openam.core.rest.sms.SmsSingletonProvider.handleRead(SmsSingletonProvider.java:154) ... 119 more Caused by: Message:Data validation failed for the attribute, selfServiceSigningSecretKeyAlias

    at com.sun.identity.sm.ServiceSchemaImpl.throwInvalidAttributeValuesException(ServiceSchemaImpl.java:741)
    at com.sun.identity.sm.ServiceSchemaImpl.validatePlugin(ServiceSchemaImpl.java:722)
    at com.sun.identity.sm.ServiceSchemaImpl.serverEndAttrValidation(ServiceSchemaImpl.java:692)
    at com.sun.identity.sm.ServiceSchemaImpl.validatePlugin(ServiceSchemaImpl.java:650)
    at com.sun.identity.sm.ServiceSchemaImpl.validateAttrValues(ServiceSchemaImpl.java:597)
    at com.sun.identity.sm.ServiceSchemaImpl.validateAttributes(ServiceSchemaImpl.java:345)
    at com.sun.identity.sm.ServiceSchemaImpl.validateAttributes(ServiceSchemaImpl.java:314)
    at com.sun.identity.sm.ServiceSchema.validateAttributes(ServiceSchema.java:749)
    at org.forgerock.openam.core.rest.sms.SmsJsonConverter.toJson(SmsJsonConverter.java:191)
    ... 125 more

I believe @rlogue encounted some issue while upgrading. But this error may also appear if you attempted to utilize the user self-service API to reset the password, while the realm did not have the selfServiceSigningSecretKeyAlias/selfServiceEncryptionSecretKeyAlias set. This is perhaps a generic error that indicates a lack of required configuration.

So, if you are trying out the user self-service feature, do ensure that the specified realm (in the API call) has the User Self-Service feature completely configured. I'm mentioning this because I encounted this issue today and the error led me back to this Github issue.

On the other hand, if you get this error while upgrading, I am sorry to say that I have no idea why this happens. It may be because the old version of AM didn't have this attribute, the upgrade process doesn't include it, and the UI/backend does not correctly cover this. Perhaps a workaround would be to follow this article, to set the attributes with ssoadm (or maybe opendj itself): https://backstage.forgerock.com/knowledge/kb/article/a62372040
(In fact, could this even be the right article to address this problem in this specific situation? This OpenAM had some commit related to a pre-release of AM 5)

from openam.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.