AM 7 Realm mode
When will portal support AM realm mode?
Portal planning to support AM 7 Realam mode in 7.x versions. This would be done using new Identity Repository API (IdRepoAPI) from AM rather than the AMSDK API that it uses now.
Similar Messages
-
Portal 7.1 + Access Manager in realm mode
OS Solaris SPARC 9.
Components already installed: SJES Directory Server + SJES5 Web Server + SJES5 Access Manager (configured in realm mode with 'Configure now' option selected).
Web Server is listenin on port 8088.
It is said in "SJES5 Installation Guide for UNIX) that Portal Server supports Realm mode only if Access Manager is configured with Directory Server, with AMSDK configured for the data store.
I've installed AMSDK at the same time when installed AM itself. No postinstallition configuration was made.
But when I try to install Portal 7.1 (using SJES5 GUI installer, in 'configure now' mode) in realm mode, i receive following errors during installition:
Sun enterprise system 5 - installed
Java DB - installed (configure after install)
System Registry 3.1 installed (configure after install)
Java System Portal - installed (configuration failed)
Exploring /var/opt/SUNWportal/logs/config/portal.fabric.0.0.log shows following errors:
WARNING SJS Portal Server debug.com.sun.portal.fabric.config "ThreadID=10; ClassName=com.sun.portal.fabric.config.ValidatePortalInputData; MethodName=validateSharedComponents; " PSFB_CSPFC0301:The Directory PrivateLibDir is *not* being validated.
SEVERE SJS Portal Server debug.com.sun.portal.fabric.config "ThreadID=10; ClassName=com.sun.portal.fabric.config.ValidatePortalInputData; MethodName=checkPSAMInstallData; " PSFB_CSPFC0061:The Access Manager Configuration File /etc/opt/SUNWam/config/AMConfig.properties exists with required permissions.
SEVERE SJS Portal Server debug.com.sun.portal.fabric.util "ThreadID=10; ClassName=com.sun.portal.fabric.util.NetworkUtil; MethodName=isPortValid; " PSFB_CSPFU0011: The Port 8989 on server.org.com is being used.
SEVERE SJS Portal Server debug.com.sun.portal.fabric.util "ThreadID=10; ClassName=com.sun.portal.fabric.util.NetworkUtil; MethodName=isPortValid; " PSFB_CSPFU0011: The Port 8088 on server.org.com is being used.
SEVERE SJS Portal Server debug.com.sun.portal.fabric.config "ThreadID=10; ClassName=com.sun.portal.fabric.config.PortalConfigurator; MethodName=createPortalInstances; " PSFB_CSPFC0041:Failed invoking mbean action : create instance.
javax.management.MBeanException: Exception thrown in operation createAndFinalizeInstance
" at com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:435)"
" at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)"
" at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)"
" at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)"
" at com.sun.jdmk.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:203)"
" at com.sun.jdmk.interceptor.MBeanServerInterceptorWrapper.invoke(MBeanServerInterceptorWrapper.java:512)"
" at com.sun.portal.admin.server.PortalServerLoggingInterceptor.invoke(PortalServerLoggingInterceptor.java:422)"
" at com.sun.cacao.agent.DispatchInterceptor.invoke(DispatchInterceptor.java:662)"
" at com.sun.cacao.agent.auth.impl.AccessControlInterceptor.invoke(AccessControlInterceptor.java:618)"
" at com.sun.jdmk.JdmkMBeanServerImpl.invoke(JdmkMBeanServerImpl.java:764)"
" at com.sun.cacao.common.instrum.impl.InstrumDefaultForwarder.invoke(InstrumDefaultForwarder.java:106)"
" at javax.management.remote.generic.ServerIntermediary.handleRequest(ServerIntermediary.java:280)"
" at javax.management.remote.generic.ServerIntermediary$PrivilegedRequestJob.run(ServerIntermediary.java:951)"
" at java.security.AccessController.doPrivileged(Native Method)"
" at javax.management.remote.generic.ServerIntermediary$RequestHandler.handleMBSReqMessage(ServerIntermediary.java:727)"
" at javax.management.remote.generic.ServerIntermediary$RequestHandler.execute(ServerIntermediary.java:629)"
" at com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl$RemoteJob.run(ServerSynchroMessageConnectionImpl.java:249)"
" at com.sun.jmx.remote.opt.util.ThreadService$ThreadServiceJob.run(ThreadService.java:208)"
" at com.sun.jmx.remote.opt.util.JobExecutor.run(JobExecutor.java:59)"
Caused by: com.sun.portal.admin.common.PSMBeanException: java.lang.SecurityException: authentication failure: Authentication failed: Error occurred while processing XML request.
Connection refused
com.sun.cacao.agent.impl.CacaoJmxConnectorProvider.newJMXConnector(CacaoJmxConnectorProvider.java:388)
javax.management.remote.JMXConnectorFactory.getConnectorAsService(JMXConnectorFactory.java:415)
javax.management.remote.JMXConnectorFactory.newJMXConnector(JMXConnectorFactory.java:307)
javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:247)
com.sun.portal.admin.common.util.AdminUtil.getConnector(AdminUtil.java:813)
com.sun.portal.admin.server.AdminServerUtil.getJMXConnector(AdminServerUtil.java:81)
com.sun.portal.fabric.mbeans.Portal.createAndFinalizeInstance(Portal.java:549)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:414)
com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
com.sun.jdmk.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:203)
com.sun.jdmk.interceptor.MBeanServerInterceptorWrapper.invoke(MBeanServerInterceptorWrapper.java:512)
com.sun.portal.admin.server.PortalServerLoggingInterceptor.invoke(PortalServerLoggingInterceptor.java:422)
com.sun.cacao.agent.DispatchInterceptor.invoke(DispatchInterceptor.java:662)
com.sun.cacao.agent.auth.impl.AccessControlInterceptor.invoke(AccessControlInterceptor.java:618)
com.sun.jdmk.JdmkMBeanServerImpl.invoke(JdmkMBeanServerImpl.java:764)
com.sun.cacao.common.instrum.impl.InstrumDefaultForwarder.invoke(InstrumDefaultForwarder.java:106)
javax.management.remote.generic.ServerIntermediary.handleRequest(ServerIntermediary.java:280)
javax.management.remote.generic.ServerIntermediary$PrivilegedRequestJob.run(ServerIntermediary.java:951)
java.security.AccessController.doPrivileged(Native Method)
javax.management.remote.generic.ServerIntermediary$RequestHandler.handleMBSReqMessage(ServerIntermediary.java:727)
javax.management.remote.generic.ServerIntermediary$RequestHandler.execute(ServerIntermediary.java:629)
com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl$RemoteJob.run(ServerSynchroMessageConnectionImpl.java:249)
com.sun.jmx.remote.opt.util.ThreadService$ThreadServiceJob.run(ThreadService.java:208)
com.sun.jmx.remote.opt.util.JobExecutor.run(JobExecutor.java:59)
" at com.sun.portal.fabric.mbeans.Portal.createAndFinalizeInstance(Portal.java:564)"
" at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)"
" at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)"
" at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)"
" at java.lang.reflect.Method.invoke(Method.java:585)"
" at com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:414)"
" ... 18 more"
[# 2007-06-14T19:35:27.195+0400 SEVERE SJS Portal Server debug.com.sun.portal.fabric.config "ThreadID=10; ClassName=com.sun.portal.fabric.config.PortalConfigurator; MethodName=configurePortal; " PSFB_CSPFC0034:Encountered Exception while configuring the Portal
com.sun.portal.fabric.tasks.ConfigurationException: javax.management.MBeanException: Exception thrown in operation createAndFinalizeInstance
" at com.sun.portal.fabric.config.PortalConfigurator.createPortalInstances(PortalConfigurator.java:1314)"
" at com.sun.portal.fabric.config.PortalConfigurator.configurePortal(PortalConfigurator.java:842)"
" at com.sun.portal.fabric.config.ConfigurePortal.main(ConfigurePortal.java:189)"
Caused by: javax.management.MBeanException: Exception thrown in operation createAndFinalizeInstance
" at com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:435)"
" at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)"
" at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)"
" at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)"
" at com.sun.jdmk.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:203)"
" at com.sun.jdmk.interceptor.MBeanServerInterceptorWrapper.invoke(MBeanServerInterceptorWrapper.java:512)"
" at com.sun.portal.admin.server.PortalServerLoggingInterceptor.invoke(PortalServerLoggingInterceptor.java:422)"
" at com.sun.cacao.agent.DispatchInterceptor.invoke(DispatchInterceptor.java:662)"
" at com.sun.cacao.agent.auth.impl.AccessControlInterceptor.invoke(AccessControlInterceptor.java:618)"
" at com.sun.jdmk.JdmkMBeanServerImpl.invoke(JdmkMBeanServerImpl.java:764)"
" at com.sun.cacao.common.instrum.impl.InstrumDefaultForwarder.invoke(InstrumDefaultForwarder.java:106)"
" at javax.management.remote.generic.ServerIntermediary.handleRequest(ServerIntermediary.java:280)"
" at javax.management.remote.generic.ServerIntermediary$PrivilegedRequestJob.run(ServerIntermediary.java:951)"
" at java.security.AccessController.doPrivileged(Native Method)"
" at javax.management.remote.generic.ServerIntermediary$RequestHandler.handleMBSReqMessage(ServerIntermediary.java:727)"
" at javax.management.remote.generic.ServerIntermediary$RequestHandler.execute(ServerIntermediary.java:629)"
" at com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl$RemoteJob.run(ServerSynchroMessageConnectionImpl.java:249)"
" at com.sun.jmx.remote.opt.util.ThreadService$ThreadServiceJob.run(ThreadService.java:208)"
" at com.sun.jmx.remote.opt.util.JobExecutor.run(JobExecutor.java:59)"
Caused by: com.sun.portal.admin.common.PSMBeanException: java.lang.SecurityException: authentication failure: Authentication failed: Error occurred while processing XML request.
Connection refused
com.sun.cacao.agent.impl.CacaoJmxConnectorProvider.newJMXConnector(CacaoJmxConnectorProvider.java:388)
javax.management.remote.JMXConnectorFactory.getConnectorAsService(JMXConnectorFactory.java:415)
javax.management.remote.JMXConnectorFactory.newJMXConnector(JMXConnectorFactory.java:307)
javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:247)
com.sun.portal.admin.common.util.AdminUtil.getConnector(AdminUtil.java:813)
com.sun.portal.admin.server.AdminServerUtil.getJMXConnector(AdminServerUtil.java:81)
com.sun.portal.fabric.mbeans.Portal.createAndFinalizeInstance(Portal.java:549)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:414)
com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
com.sun.jdmk.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:203)
com.sun.jdmk.interceptor.MBeanServerInterceptorWrapper.invoke(MBeanServerInterceptorWrapper.java:512)
com.sun.portal.admin.server.PortalServerLoggingInterceptor.invoke(PortalServerLoggingInterceptor.java:422)
com.sun.cacao.agent.DispatchInterceptor.invoke(DispatchInterceptor.java:662)
com.sun.cacao.agent.auth.impl.AccessControlInterceptor.invoke(AccessControlInterceptor.java:618)
com.sun.jdmk.JdmkMBeanServerImpl.invoke(JdmkMBeanServerImpl.java:764)
com.sun.cacao.common.instrum.impl.InstrumDefaultForwarder.invoke(InstrumDefaultForwarder.java:106)
javax.management.remote.generic.ServerIntermediary.handleRequest(ServerIntermediary.java:280)
javax.management.remote.generic.ServerIntermediary$PrivilegedRequestJob.run(ServerIntermediary.java:951)
java.security.AccessController.doPrivileged(Native Method)
javax.management.remote.generic.ServerIntermediary$RequestHandler.handleMBSReqMessage(ServerIntermediary.java:727)
javax.management.remote.generic.ServerIntermediary$RequestHandler.execute(ServerIntermediary.java:629)
com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl$RemoteJob.run(ServerSynchroMessageConnectionImpl.java:249)
com.sun.jmx.remote.opt.util.ThreadService$ThreadServiceJob.run(ThreadService.java:208)
com.sun.jmx.remote.opt.util.JobExecutor.run(JobExecutor.java:59)
" at com.sun.portal.fabric.mbeans.Portal.createAndFinalizeInstance(Portal.java:564)"
" at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)"
" at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)"
" at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)"
" at java.lang.reflect.Method.invoke(Method.java:585)"
" at com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:414)"
" ... 18 more"
[# 2007-06-14T19:35:27.792+0400 SEVERE SJS Portal Server debug.com.sun.portal.fabric.config "ThreadID=10; ClassName=com.sun.portal.fabric.config.ConfigurePortal; MethodName=main; " PSFB_CSPFC0014:Failed configuring Portal Server!!
com.sun.portal.fabric.tasks.ConfigurationException: com.sun.portal.fabric.tasks.ConfigurationException: javax.management.MBeanException: Exception thrown in operation createAndFinalizeInstance
" at com.sun.portal.fabric.config.PortalConfigurator.configurePortal(PortalConfigurator.java:849)"
" at com.sun.portal.fabric.config.ConfigurePortal.main(ConfigurePortal.java:189)"
Caused by: com.sun.portal.fabric.tasks.ConfigurationException: javax.management.MBeanException: Exception thrown in operation createAndFinalizeInstance
" at com.sun.portal.fabric.config.PortalConfigurator.createPortalInstances(PortalConfigurator.java:1314)"
" at com.sun.portal.fabric.config.PortalConfigurator.configurePortal(PortalConfigurator.java:842)"
" ... 1 more"
Caused by: javax.management.MBeanException: Exception thrown in operation createAndFinalizeInstance
" at com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:435)"
" at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)"
" at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)"
" at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)"
" at com.sun.jdmk.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:203)"
" at com.sun.jdmk.interceptor.MBeanServerInterceptorWrapper.invoke(MBeanServerInterceptorWrapper.java:512)"
" at com.sun.portal.admin.server.PortalServerLoggingInterceptor.invoke(PortalServerLoggingInterceptor.java:422)"
" at com.sun.cacao.agent.DispatchInterceptor.invoke(DispatchInterceptor.java:662)"
" at com.sun.cacao.agent.auth.impl.AccessControlInterceptor.invoke(AccessControlInterceptor.java:618)"
" at com.sun.jdmk.JdmkMBeanServerImpl.invoke(JdmkMBeanServerImpl.java:764)"
" at com.sun.cacao.common.instrum.impl.InstrumDefaultForwarder.invoke(InstrumDefaultForwarder.java:106)"
" at javax.management.remote.generic.ServerIntermediary.handleRequest(ServerIntermediary.java:280)"
" at javax.management.remote.generic.ServerIntermediary$PrivilegedRequestJob.run(ServerIntermediary.java:951)"
" at java.security.AccessController.doPrivileged(Native Method)"
" at javax.management.remote.generic.ServerIntermediary$RequestHandler.handleMBSReqMessage(ServerIntermediary.java:727)"
" at javax.management.remote.generic.ServerIntermediary$RequestHandler.execute(ServerIntermediary.java:629)"
" at com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl$RemoteJob.run(ServerSynchroMessageConnectionImpl.java:249)"
" at com.sun.jmx.remote.opt.util.ThreadService$ThreadServiceJob.run(ThreadService.java:208)"
" at com.sun.jmx.remote.opt.util.JobExecutor.run(JobExecutor.java:59)"
Caused by: com.sun.portal.admin.common.PSMBeanException: java.lang.SecurityException: authentication failure: Authentication failed: Error occurred while processing XML request.
Connection refused
com.sun.cacao.agent.impl.CacaoJmxConnectorProvider.newJMXConnector(CacaoJmxConnectorProvider.java:388)
javax.management.remote.JMXConnectorFactory.getConnectorAsService(JMXConnectorFactory.java:415)
javax.management.remote.JMXConnectorFactory.newJMXConnector(JMXConnectorFactory.java:307)
javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:247)
com.sun.portal.admin.common.util.AdminUtil.getConnector(AdminUtil.java:813)
com.sun.portal.admin.server.AdminServerUtil.getJMXConnector(AdminServerUtil.java:81)
com.sun.portal.fabric.mbeans.Portal.createAndFinalizeInstance(Portal.java:549)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:414)
com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
com.sun.jdmk.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:203)
com.sun.jdmk.interceptor.MBeanServerInterceptorWrapper.invoke(MBeanServerInterceptorWrapper.java:512)
com.sun.portal.admin.server.PortalServerLoggingInterceptor.invoke(PortalServerLoggingInterceptor.java:422)
com.sun.cacao.agent.DispatchInterceptor.invoke(DispatchInterceptor.java:662)
com.sun.cacao.agent.auth.impl.AccessControlInterceptor.invoke(AccessControlInterceptor.java:618)
com.sun.jdmk.JdmkMBeanServerImpl.invoke(JdmkMBeanServerImpl.java:764)
com.sun.cacao.common.instrum.impl.InstrumDefaultForwarder.invoke(InstrumDefaultForwarder.java:106)
javax.management.remote.generic.ServerIntermediary.handleRequest(ServerIntermediary.java:280)
javax.management.remote.generic.ServerIntermediary$PrivilegedRequestJob.run(ServerIntermediary.java:951)
java.security.AccessController.doPrivileged(Native Method)
javax.management.remote.generic.ServerIntermediary$RequestHandler.handleMBSReqMessage(ServerIntermediary.java:727)
javax.management.remote.generic.ServerIntermediary$RequestHandler.execute(ServerIntermediary.java:629)
com.sun.jmx.remote.generic.ServerSynchroMessageConnectionImpl$RemoteJob.run(ServerSynchroMessageConnectionImpl.java:249)
com.sun.jmx.remote.opt.util.ThreadService$ThreadServiceJob.run(ThreadService.java:208)
com.sun.jmx.remote.opt.util.JobExecutor.run(JobExecutor.java:59)
" at com.sun.portal.fabric.mbeans.Portal.createAndFinalizeInstance(Portal.java:564)"
" at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)"
" at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)"
" at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)"
" at java.lang.reflect.Method.invoke(Method.java:585)"
" at com.sun.jmx.mbeanserver.StandardMetaDataImpl.invoke(StandardMetaDataImpl.java:414)"
" ... 18 more"
May the problem be that AMSDK need additional configuration for datastore?Yes, copy config is enabled in all organisations.
I also tried to create an ldap data store instead of amsdk, but same behavior.
I have "fixed" the issue through a hack now by creating my own ldap login module, simply copied the original one and replaced LDAPPrincipal with my own version. It returns now a correct dn for the user in portal instead of the username only.
Works this way. Alas, it is just a hack...
As far as I can see, the problem is in the IDRepository. Its somewhat:
If (username is a DN) return username;
else return UniversalID;
This universal ID is then used by ps to get desktop information and since it is not a valid dn in ldap the desktop servlet cannot proceed...
I guess the problem does not appear in your environment. Maybe it was introduced with update 1? Do you use update 2?
Thanks, Chris -
Portal 7.1 with AM in realm mode, getting HTTP 500 error after portal login
Hi!
I have installed AM in Realm mode and on another webserver Portal. Worked fine so far with the standard users (Enterprise sample and such)
Now I have created an organisation with ldap authentication module which points to corporate ldap and set the flag "Return User DN to Authenticate:" to false.
Now I get after Login on the edit User Page the following Universal ID:
Universal ID: id=rc017706,ou=user,o=internal,o=xxx,ou=services,o=portal
When I login to portal, I get a 500 error, and logfiles tells me:
[#|2007-09-02T19:47:15.996+0200|SEVERE|SJS Portal Server|debug.com.sun.portal.desktop|ThreadID=14; ClassName=com.sun.portal.desktop.DesktopServlet; MethodName=doGetPost; |PSDT_CSPD0017: DesktopServlet.doGetPost()
com.iplanet.am.sdk.AMException: Unable to get attributes from data store.
at com.iplanet.am.sdk.ldap.DirectoryServicesImpl.getAttributes(DirectoryServicesImpl.java:791)
amSDK:WARNING: Exception in DataLayer.getAttributes for DN: id=rc017706,ou=user,o=internal,o=xxx,ou=services,o=portal
How to I setup an external ldap for authentication in realm mode for use with portal 7.1? Can somebody tell me where my error lies?
Thanks for any hints, ChristophYes, copy config is enabled in all organisations.
I also tried to create an ldap data store instead of amsdk, but same behavior.
I have "fixed" the issue through a hack now by creating my own ldap login module, simply copied the original one and replaced LDAPPrincipal with my own version. It returns now a correct dn for the user in portal instead of the username only.
Works this way. Alas, it is just a hack...
As far as I can see, the problem is in the IDRepository. Its somewhat:
If (username is a DN) return username;
else return UniversalID;
This universal ID is then used by ps to get desktop information and since it is not a valid dn in ldap the desktop servlet cannot proceed...
I guess the problem does not appear in your environment. Maybe it was introduced with update 1? Do you use update 2?
Thanks, Chris -
Document for customizing administration console in Realm mode
I want is to have the sample NewTab from AM's samples working in both Legacy model and Realm mode. The chapter 11 Customizing the Administration Console on the AM 7.1 Developer's Guide (http://docs.sun.com/app/docs/doc/819-4675/aduci?l=en&q=access+manager+7.1&a=view) is for the Legacy mode. Where do I find the one for the Realm mode? The Readme.html in the sample is for the Legacy model and parts of its information is outdated.
Regards,
RiceI want is to have the sample NewTab from AM's samples working in both Legacy model and Realm mode. The chapter 11 Customizing the Administration Console on the AM 7.1 Developer's Guide (http://docs.sun.com/app/docs/doc/819-4675/aduci?l=en&q=access+manager+7.1&a=view) is for the Legacy mode. Where do I find the one for the Realm mode? The Readme.html in the sample is for the Legacy model and parts of its information is outdated.
Regards,
Rice -
AM SDK SSO with AM server running in Realm mode throws exception
Hi All,
we have a web application which does SSO with AM server using AM SDK APIs. Following is the code snippet.
SSOTokenManager ssoMgr = SSOTokenManager.getInstance();
SSOToken token = ssoMgr.createSSOToken(request);
boolean tokenValid = ssoMgr .isValidToken(token);
AMUser amuser = null;
if (!tokenValid) {
MStoreConnection amsc= new AMStoreConnection(token);
amuser = amsc.getUser(token.getPrincipal().getName());
String uid = amuser.getStringAttribute("uid");
This code works perfectly fine with AM running in Legacy mode. But throws following exception with AM running in Realm mode.
com.iplanet.am.sdk.AMException: Unable to get attributes from data store.
at com.iplanet.am.sdk.ldap.DirectoryServicesImpl.getAttributes(DirectoryServicesImpl.java:791)
at
com.iplanet.am.sdk.ldap.CachedDirectoryServicesImpl.getAttributes(CachedDirectoryServicesImpl.java:823)
at
com.iplanet.am.sdk.ldap.CachedDirectoryServicesImpl.getAttributes(CachedDirectoryServicesImpl.java:625)
at
com.iplanet.am.sdk.AMObjectImpl.getStringAttribute(AMObjectImpl.java:669)
at
com.sun.comms.client.security.sso.impl.AMSSOProvider.SingleSignOn(AMSSOProvider.java:73)
at
com.sun.comms.client.web.sso.SSOFilter.doFilter(SSOFilter.java:154)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:75)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:181)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:177)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at
com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at
com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
We have created a realm with sunDS datastore where all our application users data is stored. Same LDAP is used as authentication module (AM auth module) in realm.
--Balamurugan.Hi All,
we have a web application which does SSO with AM server using AM SDK APIs. Following is the code snippet.
SSOTokenManager ssoMgr = SSOTokenManager.getInstance();
SSOToken token = ssoMgr.createSSOToken(request);
boolean tokenValid = ssoMgr .isValidToken(token);
AMUser amuser = null;
if (!tokenValid) {
MStoreConnection amsc= new AMStoreConnection(token);
amuser = amsc.getUser(token.getPrincipal().getName());
String uid = amuser.getStringAttribute("uid");
This code works perfectly fine with AM running in Legacy mode. But throws following exception with AM running in Realm mode.
com.iplanet.am.sdk.AMException: Unable to get attributes from data store.
at com.iplanet.am.sdk.ldap.DirectoryServicesImpl.getAttributes(DirectoryServicesImpl.java:791)
at
com.iplanet.am.sdk.ldap.CachedDirectoryServicesImpl.getAttributes(CachedDirectoryServicesImpl.java:823)
at
com.iplanet.am.sdk.ldap.CachedDirectoryServicesImpl.getAttributes(CachedDirectoryServicesImpl.java:625)
at
com.iplanet.am.sdk.AMObjectImpl.getStringAttribute(AMObjectImpl.java:669)
at
com.sun.comms.client.security.sso.impl.AMSSOProvider.SingleSignOn(AMSSOProvider.java:73)
at
com.sun.comms.client.web.sso.SSOFilter.doFilter(SSOFilter.java:154)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:75)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:181)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:177)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at
com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at
com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
We have created a realm with sunDS datastore where all our application users data is stored. Same LDAP is used as authentication module (AM auth module) in realm.
--Balamurugan. -
Hi!
I am a bit confused by documentation, because it says yes and no to realm mode.
Is it possible/supported to install portal with an access manager in realm mode?
thanks, ChrisRealm support is new with PS 7.1.
PS 7.0 requires Legacy Mode.
Also, the Comms Products (Mail, Calendar, etc) still require Legacy Mode. So if you are using portal with comms then you still need Legacy Mode even if you're using PS 7.1.
HTH,
Jim -
Password reset with external directory not working in realm mode
I am using SUn acess manager 7 2005 @4 patch 5
I have configured a realm to point to external directory .I am able to create the user in the subject tab. Able to authenticate to the user in realm and set its security question.
But when i try to reset the password using /ampassowrd?relam=realmname
I get an error message Error
The password cannot be reset for this user.
1) When i check the logs i find that user is being searched in amconfig direcectory and not the external directory which the realm points to?
2) Also if i create add in datastrore the amsdk as well and create the user reset it get created in both external directory and amconfig directory?Then i am able to reset the password but it changes only in amconfig directory and not in external directory?
Can some tell how to make sure that password reset looks at right directory based on relamhave you had any breakthrough? I am in same situation here
-
Not able to install Access Manager 7.1 in Legacy Mode with amsamplesilent
HI All,
I am building test setup on Solaris Zones.Recently it was patched to following level *5.10 Generic_138888-03*
I am trying to install Access Manager in Legacy mode with amsamplesilent file.
SERVER_NAME=sesamesso1
SERVER_HOST=$SERVER_NAME.example.com
SERVER_PORT=80
ADMIN_PORT=8989
DS_HOST=ssoldap1.example.com
DS_DIRMGRPASSWD=l0cuz123
ROOT_SUFFIX="dc=example,dc=com"
SM_CONFIG_BASEDN=$ROOT_SUFFIX
ADMINPASSWD=l0cuz123
AMLDAPUSERPASSWD=l0cuz123am
DEBUG_LEVEL=error
DEBUG_DIR=/logs/sso/debug
COOKIE_DOMAIN=.example.com
AM_ENC_PWD=""
NEW_OWNER=wbsrv
NEW_GROUP=javaes
PAM_SERVICE_NAME=other
WEB_CONTAINER=WS
AM_REALM=disabledBut AM is getting installed in Realm Mode. I need to install portal server with this Access Manager.
please confirm,I am doing any mistake in my installation and please let me know whether portal server supports access manager realm mode or not.
Thanks in Advance
MadhuThanks for the reply.
I will give a try to install sun portal server 7.2 with accessmanager 7.1 in realm mode.Before patch updation my solaris sparc OS level was *5.10 Generic_118833-36* and I was able to install access manager 7.1 in legacy mode
Is there any thing to be done for new patch level(*5.10 Generic_138888-03*) to install access manager 7.1 in legacy mode.
Please let me know
Thanks
Madhu -
Empty list of realms in Default Realm item in domain screen
Hi,
I've been given a WebLogic 7.0 SP1 installation with WebLogic Portal
to look at because it's behaving strangely. The symptom I was given
was "it stops working after running an hour" but it's got more basic
problems than that. In particular, when I use the console to look at
it and select the name of the domain (the second line on the
left-hand-side interface, just below Console), the list for Default
Realm has no entries. On a vanilla install, that list includes
"Compatability Realm" which I understand is necessary for use with
WebLogic Portal 7.
So how do I fix the configuration so that I can put it into
Compatability Realm mode?
Peter Rowley
[email protected]Hi Steve
Many thanks for that. Could I ask that
this kind of thing goes in the release
readme also.
Marc -
Co-existance mode with OpenSSO and Federation
This is just a general question. I have just upgraded to express build 8 of OpenSSO from my existing 7.1 legacy mode Access Manager. I am staying in legacy mode because of my Communications Express mail client and am waiting until I upgrade to convergence before I make the full switch to OpenSSO realm mode.
The question is: do I lose anything in the federation models in my co-existing world? Does all the SAML 2.0 and the new shibbleth stuff work in co-existance mode or do I need to de-couple my Communications Express?
thanks
steveSteve (guest) wrote:
: Good luck fixing this one!!!!!!
: I did the samething and had things so hosed up I had to reload
: all software. The only way I could establish a second oracle
home
: was to load the oracle database product in two homes (I was
using
: 8.0.4 enterprise edition on NT platform). Once the second home
: was established developer could be installed in either home.
: There might be an easier way (hopefully there is) but this was
my
: solution. The problem that I have seen documented in various
: postings to this page is that developer is not multiple home
: complient. As final note the developer versions that I was
: dealing with was 2.1 and 6.0 beta. This was a real learning
: experience.
: Radhakrishnan Veetil (guest) wrote:
: : I have Personal Oracle7 & Developer/2000 Ver.2.1 installed in
: my
: : PC (under C:\ORAWIN95 as Oracle Home directory) and was
workig
: : fine. When I installed Developer/2000 -Ver 1.5 in a new
Oracle
: : Home C:\ORAWIN, both PO7 and Dev/2000 Ver 2.1 are not
working.
: : When I was installing Dev/2000- Ver 1.5, I noticed the
message
: : saying that Icons already existing are deleting....
: : When I started PO7, it is not starting. When I started Forms
: : 5.0, it comes with error C:\ORAWIN\dbs\fmcus.msb not found .
I
: : found these .msb files are in FOMS45 and FOMS50 directory and
: : not under DBS directory. Do I have to edit the Window
registery
: : to switch between the two oralce home to use the old
: : installations (Dev/200 Ver 2.1 & PO7)?
: : Is there any quick solution to change the oracle home and use
: : Dev/2000 ver 1.5 & 2.1 at a fly?
Only Oracle 8 supports multiple homes.
I would ask why did you put the Developer 1.5 and 2.1 under
different Oracle Homes. They should co-exist just fine under the
same home. I have Developer 1.3.2, 2.1, and 6 all installed
under the same Oracle Home with no co-existence problems.
null -
Effective start and end dates for roles/group assignment
Hi,
Does Access Manager (in legacy or realm) mode support effective start date/end date on a role/group assignment on a user?
Thanks,
SrinivasHi Ankush,
I am also of the same opinion. Start and end dates can probably be enforced by a policy condition in AM but would lead to proliferation of policies as we would end up creating policies per role entitlement duration for a user.
Any thoughts on whether the sunrise/sunset concept of Identity Manager can be used for this requirement.
Thanks,
Srinivas -
How to delete the user permanently from LDAP. I want to delete the user's mail and calendar services also.
Hi,
It is generally not a best practice to touch your directory server directly. If you're just playing around for learning purposes its ok. Otherwise, from an implementation perspective, do not try accessing DS directly.
I will try giving u a solution if u use legacy mode of AM. I'm still learning about realm mode, but i guess such scenarios are mostly common between the two.
You can use the amadmin command found in /opt/SUNWam/bin or in windows c:\program files\sun\javaes5\identity\bin. You have sample XML file pcDeleteRequests. You could use this to delete just one or few users.
The sample is
<Requests>
<PeopleContainerRequests DN="ou=People1,dc=example,dc=com">
<DeleteUsers>
<DN>uid=dpUser,ou=People1,dc=example,dc=com</DN>
</DeleteUsers>
</PeopleContainerRequests>
</Requests>
Make an XML, run this command : amadmin -u "uid=amadmin,ou=people,dc=example,dc=com" -w <password> -t <your_file> -
Putting users in ou=Accounts rather than ou=People
I want to put users in a location such as ou=Accounts and not under ou=people in the sun directory for AM 7 in realm mode. The problem is when I use the GUI to find their account and then try to put them in a role an error is generated about the datastore. I look at the LDAP logs and it is trying to update the non-existant user account under ou=People.
So it finds the user in OU=Accounts ok but when I try to give them a new Role it tries to update that user account it forgets that it found the user under OU=Accounts and tries to modify the user as if he came from OU=People.How did you create ou=Accounts?
Which Datastore are you using?
-Bernhard -
Can filtered role be used to filter users in the external ldap.
I hav added another datastore in access manager which is also used for authentication of users. Now i want to create a role for making policies. It is not possible to select individual users as the number of users is very high.
So i created a filtered role. But this filter role in not filtering users from the external ldap, its applying filter only on users listed in the AM's ldap.
Any suggestion for doing it?
Thanks in advanceOther LDAP just means Sun DS running on a separate machine, other than the Sun DS used by AM for its own DIT.
The AM is running in realm mode.
I couldn�t find the Access Manager Patch 1 on sun download site. Can you please provide me the URL?
I am getting the option of �Filtered Role� in Access manager but as posted in earlier in this thread, the filtered role in unable to filter users from the external ldap. The filter is only applied to the users which are there in AM DIT. I want to apply the filter on the users which are there in the �external ldap� added through data store.
Hope I am clear with my problem.
Please advice.
Thanks -
Administring Top Orgnaizations from the Console
Our LDAP structure consists of different Organizations under the LDAP root.
From the console We are not able to see these Organizations and administer them.
Do anyone know how we change the Console to read these organizations and treat them as realms as it used to do in previous versions of SAMThanks for the reply, we were using AM 6.3 AND CONVERTED TO 7.1 into Realm mode which doesn't store realm data in an organization which is what we needed.
We will re-install in Legacy mode which should give us our organizations again
Maybe you are looking for
-
when I start Firefox, it just blinks like crazy and won't do anything. I have gotten a message reading that Firefox is already running. internet explorer still is working == This happened == Every time Firefox opened == a few days ago. Can't remember
-
I am hoping that Creative can built their next generation X-Fi into the speakers , home entertainment system and so on one day instead of solely dependant on the PC. It should also make use of Zii to make up on the shortfalls of X-Fi to process very
-
Forget Password Option in Enterprise Portal
Hi, We have a specific requirement regarding the "Forget Password" link (used to retrive the portal login password). The user needs to fill up his/her first name, last name, zip code, birthday and his primary email address first before being provide
-
Hi, I'm looking for a way in exchange 2010 to run a power shell script to generate a report of room mailboxes for porters to see when and where rooms are booked. Thanks Scott
-
Stopping DB adapter From Retrying.
Hi, We want to stop the DB adapter from retrying when a fault occurs during the db call. For that we have set following properties to ZERO *<reference name="SampleAPI" ui:wsdlLocation="SampleAPI.wsdl">* *<interface.wsdl interface="http://xmlns.oracle