Solutions
Archived

JEE Policy Agent 3.5.x fails to redirect to AM/OpenAM login or logout URL and shows 500: Internal server error

Last updated Jan 5, 2021

The purpose of this article is to provide assistance if the JEE Policy Agent fails to redirect to the AM/OpenAM login or logout page and shows a 500: Internal server error. You will also see the "ERROR: URLFailoverHelper: No URL is available at this time" error in the agent debug log.

1 reader recommends this article
Archived

This article has been archived and is no longer maintained by ForgeRock.

Symptoms

The following error is shown in the agent debug log when the redirect failure occurs:

amFilter:11/17/2015 10:06:22:725 AM CEST: Thread[http-bio-10343-exec-2,5,main] ERROR: URLFailoverHelper: No URL is available at this time amFilter:11/17/2015 10:06:22:725 AM CEST: Thread[http-bio-10343-exec-2,5,main] ERROR: AmFilter: a server error occurred. [AgentException Stack] com.sun.identity.agents.arch.AgentServerErrorException: No URL is available at this time at com.sun.identity.agents.common.URLFailoverHelper.getAvailableURL(URLFailoverHelper.java:155) at com.sun.identity.agents.common.URLFailoverHelper.getAvailableURL(URLFailoverHelper.java:82) at com.sun.identity.agents.filter.AmFilterRequestContext.getLoginURL(AmFilterRequestContext.java:835)

Recent Changes

N/A

Causes

The policy agent performs a connectivity check by default prior to redirecting the user to AM/OpenAM for login or logout; however, the AM/OpenAM login or logout URL is typically only accessible to end-users not the policy agent, which causes this connectivity check to fail. In turn, this prevents the policy agent redirecting the user to AM/OpenAM. This connectivity check is unnecessary.

Solution

This issue can be resolved by upgrading to Java Agents 5 or later; you can download this from BackStage.

Workaround

You can workaround this issue by disabling this unnecessary connectivity check using either the console or ssoadm:

  • AM 5.x console: navigate to: Realms > [Realm Name] > Applications > Agents > J2EE > [Agent Name] > OpenAM Services and deselect the Enabled option against Login URL Probe and Logout URL Probe.
  • OpenAM 13.x console: navigate to: Realms > [Realm Name] > Agents > J2EE > [Agent Name] > OpenAM Services and deselect the Enabled option against Login URL Probe and Logout URL Probe.
  • ssoadm: enter the following command: $ ./ssoadm update-agent -e [realmname] -b [agentname] -u [adminID] -f [passwordfile] -a com.sun.identity.agents.config.login.url.probe.enabled=false com.sun.identity.agents.config.logout.url.probe.enabled=false replacing [realmname], [agentname], [adminID] and [passwordfile] with appropriate values.

See Also

OpenAM JEE Policy Agent User's Guide › Configuring Java EE Policy Agent OpenAM Services Properties

Related Training

N/A

Related Issue Tracker IDs

OPENAM-3294 (Agents should not probe the loginURL / logoutURL before redirecting by default)

Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.