You may also notice this error occurring in a number of situations, such as when trying to retrieve an OIDC token or an OAuth2 access token.
Upgraded to AM 6.5 or later.
AM cannot load secrets from the keystore on one or more of your upgraded/new servers.
This can also occur on a new install if you did not follow all the steps in the Installation Guide › To Add a Server to a Site to make the keystore and secret store
This issue can be resolved as follows depending on whether you are doing an
Upgrade: Follow the steps in the Upgrade Guide › Configuring Secret Stores After Upgrade. In essence, you must:
- Copy the following keystores and directories from the server on which you performed the upgrade to all other servers in the site:/path/to/openam/openam/keystore.jceks /path/to/openam/openam/.storepass /path/to/openam/openam/.keypass /path/to/openam/secrets/encrypted/storepass /path/to/openam/secrets/encrypted/entrypass
- Check the permissions to make sure that the user who starts AM can also read these files/directories.
- Restart the web application container in which AM runs to apply these changes.
- New install: Follow the steps in the Installation Guide › To Add a Server to a Site and ensure you complete steps 10 and 11 to make all the keystore and secret store infrastructure available.