This article has been archived and is no longer maintained by ForgeRock.
The upgrade fails and you see the following message in the Upgrade wizard:Failed to modify privilege!
An error similar to the following is shown in the amUpgrade log when the Upgrade fails:amUpgrade:10/12/2015 04:07:22:665 PM PDT: Thread[catalina-exec-1,5,main] ERROR: Failed to modify privilege! com.sun.identity.entitlement.EntitlementException: Invalid Resource https://openam.example.com:8443/web/personal-details?* at com.sun.identity.entitlement.Entitlement.validateResourceNames(Entitlement.java:826) at com.sun.identity.entitlement.Privilege.validateResourceNames(Privilege.java:164) at com.sun.identity.entitlement.opensso.PolicyPrivilegeManager.modify(PolicyPrivilegeManager.java:265) at org.forgerock.openam.upgrade.steps.policy.conditions.OldPolicyConditionMigrationUpgradeStep.perform(OldPolicyConditionMigrationUpgradeStep.java:193) at org.forgerock.openam.upgrade.UpgradeServices.upgrade(UpgradeServices.java:186) at com.sun.identity.config.upgrade.Upgrade.doUpgrade(Upgrade.java:79) ... amUpgrade:10/12/2015 04:07:22:666 PM PDT: Thread[catalina-exec-1,5,main] ERROR: Error occured while upgrading OpenAM org.forgerock.openam.upgrade.UpgradeException: Failed to modify privilege! at org.forgerock.openam.upgrade.steps.policy.conditions.OldPolicyConditionMigrationUpgradeStep.perform(OldPolicyConditionMigrationUpgradeStep.java:196) at org.forgerock.openam.upgrade.UpgradeServices.upgrade(UpgradeServices.java:186) at com.sun.identity.config.upgrade.Upgrade.doUpgrade(Upgrade.java:79)
Upgrading to OpenAM 13.xf from an old release.
You only have one referral rule from the top-level realm. As per changes that were introduced in OpenAM 11.0.0, you should have three referral rules, for example:
- root "/"
- pages "/*"
- pages with parameters "/*?*"
This issue can be resolved by adding the other two referral rules and re-running the upgrade.
For example, if your current referral rule is:https://openam.example.com:8443/*
You would need to add the following referral rules:https://openam.example.com:8443/ https://openam.example.com:8443/*?*
Although referrals are not used in OpenAM 13, they still need to be correct prior to upgrading as they are processed during the upgrade process as detailed in OpenAM 13 Upgrade Guide › Upgrading OpenAM Servers.