Solutions

ERROR: Failed to obtain auth service url from server: null://null:null stops JEE Policy Agent 3.5.x from starting up correctly

Last updated Mar 26, 2019

The purpose of this article is to provide assistance if you encounter "ERROR: Failed to obtain auth service url from server: null://null:null" which prevents the JEE policy agent from starting up. You will also see a "com.iplanet.services.naming.ServerEntryNotFoundException: Cannot find server ID" error.


1 reader recommends this article

Symptoms

An error similar to the following is shown in the agent logs when the policy agent fails to start:

amAuthContext:10/11/2017 11:28:14:574 AM EST: Thread[default task-2,5,main]
**********************************************
amAuthContext:10/11/2017 11:28:14:574 AM EST: Thread[default task-2,5,main]
ERROR: Failed to obtain auth service url from server: null://null:null
amNaming:10/11/2017 11:28:14:605 AM EST: Thread[default task-2,5,main]
**********************************************
amNaming:10/11/2017 11:28:14:605 AM EST: Thread[default task-2,5,main]
ERROR: WebtopNaming.getServerId():serverId null for server: http://host1.example.com:8080/openam
amNaming:10/11/2017 11:28:14:605 AM EST: Thread[default task-2,5,main]
ERROR: WebtopNaming.getServerId()
com.iplanet.services.naming.ServerEntryNotFoundException: Cannot find server ID.
   at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:724)
   at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:621)

You will also see similar errors in the AM/OpenAM CoreSystem debug log where the Sites URL (2nd line) shows a trailing slash:

amNaming:01/28/2016 11:17:49:763 AM CST: Thread[localhost-startStop-1,5,main]
Sites : [http://siteA.example.com:8080/openam/|02]
amNaming:01/28/2016 11:17:49:777 AM CST: Thread[localhost-startStop-1,5,main]
servers : [http://host1.example.com:8080/openam|01|02]
amNaming:01/28/2016 11:17:49:778 AM CST: Thread[localhost-startStop-1,5,main]
Site Names: [test]
amNaming:01/28/2016 11:17:49:781 AM CST: Thread[localhost-startStop-1,5,main]
NamingService.insertLBCookieValues()LBCookie Mappings : {01=01}
amNaming:01/28/2016 11:17:49:781 AM CST: Thread[localhost-startStop-1,5,main]
SiteID table -> {02=02, 01=02}
amNaming:01/28/2016 11:17:49:781 AM CST: Thread[localhost-startStop-1,5,main]
SiteNameToIDs table -> {test=02}
amNaming:01/28/2016 11:17:49:782 AM CST: Thread[localhost-startStop-1,5,main]
ERROR: WebtopNaming.getServerId():serverId null for server: http://siteA.example.com:8080/openam
amNaming:01/28/2016 11:17:49:785 AM CST: Thread[localhost-startStop-1,5,main]
ERROR: WebtopNaming.getServerId()
com.iplanet.services.naming.ServerEntryNotFoundException: Cannot find server ID.
    at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:757)
    at com.iplanet.services.naming.WebtopNaming.updatePlatformServerIDs(WebtopNaming.java:1336)
    at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:1259)
    at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:1142)
    at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:729)
    at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:654)

Recent Changes

Configured a site.

Updated the Primary or Secondary URL for an existing site.

Configured the JEE Policy Agent 3.5.x.

Causes

When AM/OpenAM sites are configured, the JEE policy agent communicates with the site that includes the AM/OpenAM instance that issued the session token. By default, it uses the site's Primary URL for communications. The trailing slash at the end of the Primary URL causes a bad server lookup, which prevents the JEE policy agent from obtaining the server ID and starting up.

If you have configured your policy agent to use the Secondary URL instead, then a trailing slash at the end of the Secondary URL will cause the same issue.

See OPENAM-8227 (Having a trailing / in your site URL will cause J2EE agent to not properly obtain server id ) for further details. 

Solution

This issue can be resolved by upgrading to Java Agents 5 or later; you can download this from BackStage.

Workaround

You can workaround this issue by removing the trailing slash at the end of the Primary URL and/or Secondary URL using either the console, ssoadm or Amster (AM 5 and later):

  • AM / OpenAM 13.5 console: navigate to: Deployment > Sites > [Site Name] and remove the trailing slash from the Primary URL and/or Secondary URL.
  • Pre-OpenAM 13.5 console: navigate to: Configuration > Servers and Sites > Sites > [Site Name] and remove the trailing slash from the Primary URL and/or Secondary URL.
  • ssoadm: 
    • Primary URL: enter the following command:
      $ ./ssoadm set-site-pri-url -s [sitename] -u [adminID] -f [passwordfile] -i [primaryURL]
      
      replacing [sitename], [adminID], [passwordfile] and [primaryURL] with appropriate values, where [primaryURL] should be the primary URL without the trailing slash.
    • Secondary URL: enter the following command:
      $ ./ssoadm set-site-sec-urls -s [sitename] -u [adminID] -f [passwordfile] -a [secondaryserverURL]
      replacing [sitename], [adminID], [passwordfile] and [secondaryserverURL] with appropriate values, where [secondaryserverURL] should be the secondary URL without the trailing slash.
  • Amster: follow the steps in How do I update property values in AM (All versions) using Amster?with these values:
    • Entity: Sites
    • Primary URL Property: url
    • Secondary URL Property: secondaryURLs
Note

You must restart both the web application containers in which AM/OpenAM and the policy agent runs to apply these configuration changes.

See Also

FAQ: Configuring Policy Agents in AM/OpenAM

Agents and policies in AM/OpenAM

Troubleshooting AM/OpenAM and Policy Agents

Related Training

N/A

Related Issue Tracker IDs

OPENAM-8227 (Having a trailing / in your site URL will cause J2EE agent to not properly obtain server id )

OPENAM-4143 (Validate site URLs to avoid StackOverFlowError)



Copyright and TrademarksCopyright © 2019 ForgeRock, all rights reserved.
Loading...