New realms disappear when restarting or redeploying AM in a ForgeOps deployment
The purpose of this article is to provide assistance if the configuration for a custom realm or subrealm disappears after you restart or redeploy the AM instance in a ForgeOps (ForgeRock DevOps) deployment. Additionally, you will see the following error, "500 Internal Server Error: Unable to access SMS config: null" when attempting to use the new realm.
1 reader recommends this article
The configuration for a new realm or subrealm disappears after restarting or redeploying the container.
You might see an exception with the following caused by section in your debug logs when this happens:Caused by: com.sun.identity.idm.IdRepoException: Realm /realmName does not exist.
You will also notice that things within the new realm are not functioning correctly. For example, you get errors when using OAuth 2.0 endpoints or you cannot perform an Amster import/export. Similarly, if you try to view or create OAuth 2.0 clients or SAML2 entities in the AM admin UI, you will see the following error:500 Internal Server Error: Unable to access SMS config: null
Created a new realm or subrealm.
Restarted or redeployed the AM instance in a ForgeOps deployment.
A realm or subrealm cannot be created by importing the configuration via Amster because this does not create the required realm structure.
The DS repository needs to be “primed” first with the base entries for the custom realm in order to create the realm structure. This is a noted limitation: On AM.
Both the alpha and bravo realms are primed in this way.
This issue can be resolved by priming the DS repository first. See the comments in the DS Dockerfile for further information. You should also refer to the sample alpha_bravo.ldif file, which is used to create the alpha and bravo realms.
After creating the realm in this way, and prior to restarting or redeploying, you should export your configuration and rebuild the AM Docker image to ensure all your configuration changes are saved.
In summary, the high level steps for creating a custom realm are:
- Configure the DS repository with the base entries for your custom realm to prime it.
- Configure your realm as normal (using the AM admin UI, REST or Amster).
- Export your configuration.
- Rebuild the AM Docker image.
Related Issue Tracker IDs
OPENAM-17655 ('Unable to access SMS config' in sub-realm OAuth clients)