This article has been archived and is no longer maintained by ForgeRock.
Running a cli.sh command or a REST command that communicates over SSL intermittently times out / hangs. On the server, you will notice that the OpenIDM Java® process is consuming ~100% CPU when the timeout occurs.
Example commands that will cause an issue are:
- REST: $ curl -k -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -X GET "https://localhost:8443/openidm/managed/user/?_queryId=query-all-ids"
- cli.sh: $ cli.sh configexport --user openidm-admin:openidm-admin --port 8443 --url https://localhost:8443/openidm/ /tmp/config-export
Running the same commands with http instead of https succeeds.
If you locate the thread that is consuming the CPU as described in How do I find which thread is consuming CPU in a Java process in IDM (All versions)?, you will see that the thread corresponds to a Restlet JVM thread similar to the following:"Restlet-2001136342" daemon prio=10 tid=0x00007faa28018000 nid=0xd1c runnable [0x00007faa1c84e000] java.lang.Thread.State: RUNNABLE
An infinite loop occurs in the Restlet code when attempting the SSL handshake, which is caused by Restlet Issue #805. An affected version of Restlet (2.1.2) is bundled with OpenIDM.
This issue can be resolved by upgrading to OpenIDM 4.5 or later; you can download this from BackStage.