Subsequent attempts to use ssoadm fail in AM 6.x
The purpose of this article is to provide assistance if the first use of ssoadm in AM is successful but subsequent attempts fail with a "FATAL ERROR: Cannot obtain Application SSO token".
1 reader recommends this article
Symptoms
The first attempt to use ssoadm is successful, whereas subsequent attempts give the following response:
Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token. Check AMConfig.properties for the following properties com.sun.identity.agents.app.username com.iplanet.am.service.passwordRestarting the web application container in which AM runs allows you to successfully use ssoadm once more before getting the above response.
Recent Changes
Changed the dsameuser password.
Causes
The dsameuser is used by ssoadm to authenticate with AM. The first authentication attempt to ssoadm uses the dsameuser password from the bootstrap file (local configuration) and subsequent authentication attempts use the dsameuser password from the SpecialRepo userstore (global configuration). This is a known issue: OPENAM-4292 (dsameuser authentication on /authservice differs at startup). Therefore, if your dsameuser passwords are different in your global and local configurations, subsequent authentications to ssoadm will fail.
Solution
This issue can be resolved by ensuring your dsameuser has the same password in your global and local configurations.
See How do I change the dsameuser password in AM 6.x? for further information on changing your dsameuser password.
See Also
How do I change the dsameuser password in AM 6.x?
ssoadm fails in AM (All versions) with FATAL ERROR: Cannot obtain Application SSO token
FAQ: Installing and using ssoadm in AM
How do I enable message level debugging for ssoadm in AM (All versions)?
Related Training
N/A
Related Issue Tracker IDs
OPENAM-4292 (dsameuser authentication on /authservice differs at startup)