Solutions

No system property value for SMS_TRANSPORT_ENCRYPTION so using AES error in AM (All versions)

Last updated Sep 11, 2020

The purpose of this article is to provide assistance if you encounter a "No system property value for SMS_TRANSPORT_ENCRYPTION so using AES" error in AM. This error typically occurs when you do an Amster export or try to view OAuth 2.0 clients in the console.


Symptoms

You experience issues such as the Amster export fails; potentially resulting in a 502 Bad Gateway error, you cannot list all the OAuth 2.0 clients in the console, or the list of OAuth 2.0 clients takes a long time to load in the console. 

The following error is shown in the org.forgerock.openam.core.sms.SmsPasswordTransformer debug log when this happens:

org.forgerock.openam.core.sms.SmsPasswordTransformer:04/02/2020 01:22:06:161 PM GMT: Thread[http-nio-8080-exec-17,5,main]: TransactionId[314f2da7-9f14-45cb-a32b-073bc8a36672-4579068] No system property value for SMS_TRANSPORT_ENCRYPTION so using 

Recent Changes

Installed the Amster transport key. 

Causes

The Amster transport key is required to allow encrypted passwords to be imported and exported. The documentation states that the transport key must be deleted after imports and exports have completed. However, if the transport key is not deleted, the processing time for any interfaces that list objects with passwords or secrets (such as an Amster export or listing OAuth 2.0 clients in the console) will be impacted and may lead to a timeout before the request completes, causing this error to occur. 

Solution

This issue can be resolved by firstly removing the transport key. See Amster User Guide › To Delete a Transport Key for further information.

Additionally, in AM 5.5.2 and later, you can also increase the read-timeout when you connect to Amster using the -t (--connection-timeout) option. This timeout defaults to 10 seconds but you can increase it further if you are still seeing issues after removing the transport key. For example, the following --connection-timeout option will increase the timeout to 45 seconds:

am> connect --connection-timeout 45 --interactive http://host1.example.com:8080/openam

See Also

Issues with upgrades, Amster imports or exports, or registering clients (OAuth2, OIDC and RADIUS) or agents with reference to sunserviceID in AM (All versions)

502 Bad Gateway error when an Amster (All versions) command fails

User Guide › Create Transport Keys to Export Configuration Data

User Guide › Interactive Login Connections

Related Training

N/A

Related Issue Tracker IDs

OPENAM-16172 (Performance issue with Transport key if not removed)

OPENAM-12373 (amster transport key makes rest operations too slow)

OPENAM-11876 (Amster has a timeout limit of 10 second and it is not configurable )



Copyright and TrademarksCopyright © 2020 ForgeRock, all rights reserved.
Loading...