Solutions
Archived

Command line interface and REST commands timeout in OpenIDM 4.0 when communicating over SSL

Last updated Jan 5, 2021

The purpose of this article is to provide assistance if you experience issues where command line interface (cli.sh) and REST commands timeout in OpenIDM 4.0 when communicating over SSL. When the timeout occurs, CPU usage is high (~100%).


1 reader recommends this article
Archived

This article has been archived and is no longer maintained by ForgeRock.

Symptoms

Running a cli.sh command or a REST command that communicates over SSL intermittently times out / hangs. On the server, you will notice that the OpenIDM Java® process is consuming ~100% CPU when the timeout occurs.

Example commands that will cause an issue are:

  • REST: $ curl -k -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -X GET "https://localhost:8443/openidm/managed/user/?_queryId=query-all-ids"
  • cli.sh: $ cli.sh configexport --user openidm-admin:openidm-admin --port 8443 --url https://localhost:8443/openidm/ /tmp/config-export

Running the same commands with http instead of https succeeds.

If you locate the thread that is consuming the CPU as described in How do I find which thread is consuming CPU in a Java process in IDM?,  you will see that the thread corresponds to a Restlet JVM thread similar to the following:

"Restlet-2001136342" daemon prio=10 tid=0x00007faa28018000 nid=0xd1c runnable [0x00007faa1c84e000] java.lang.Thread.State: RUNNABLE

Recent Changes

N/A

Causes

An infinite loop occurs in the Restlet code when attempting the SSL handshake, which is caused by Restlet Issue #805. An affected version of Restlet (2.1.2) is bundled with OpenIDM.

Solution

This issue can be resolved by upgrading to OpenIDM 4.5 or later; you can download this from BackStage.

See Also

N/A

Related Training

N/A

Related Issue Tracker IDs

OPENIDM-5438 (Infinite loop within Restlet 2.1.2 library when using ExternalRest over SSL)


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.