No secret with id storepass for purpose storepass errors after upgrading to AM 6.5.x or 7.x
The purpose of this article is to provide assistance if you encounter "No secret with id storepass for purpose storepass" errors after upgrading AM. You may also encounter this error with a new install.
Symptoms
You may also notice this error occurring in a number of situations, such as when trying to retrieve an OIDC token or an OAuth2 access token.
Recent Changes
Upgraded to AM 6.5 or later.
Causes
AM cannot load secrets from the keystore on one or more of your upgraded/new servers.
This can also occur on a new install if you did not follow all the steps in the Installation Guide › To Add a Server to a Site to make the keystore and secret store
Solution
This issue can be resolved as follows depending on whether you are doing an
-
Upgrade: Follow the steps in the Upgrade Guide › Configuring Secret Stores After Upgrade. In essence, you must:
- Copy the following keystores and directories from the server on which you performed the upgrade to all other servers in the site:/path/to/openam/openam/keystore.jceks /path/to/openam/openam/.storepass /path/to/openam/openam/.keypass /path/to/openam/secrets/encrypted/storepass /path/to/openam/secrets/encrypted/entrypass
- Check the permissions to make sure that the user who starts AM can also read these files/directories.
- Restart the web application container in which AM runs to apply these changes.
- New install: Follow the steps in the Installation Guide › To Add a Server to a Site and ensure you complete steps 10 and 11 to make all the keystore and secret store infrastructure available.
See A lso
Secret store fails to start with Label must match regex exception in AM 6.5.0.x, 6.5.1 and 6.5.2.x
Installation Guide › Configuring Sites and Adding Servers to Sites
Security Guide › Configuring Secrets, Certificates, and Keys
Related Training
N/A
Related Issue Tracker IDs
N/A