Configuring OpenAM 12.0.0 using the configurator.jar tool fails with external user store
The purpose of this article is to provide assistance if configuring OpenAM 12.0.0 using the configurator.jar tool (openam-configurator-tool-12.0.0.jar) fails if you have an external user store. The external user store is specified by the USERSTORE_TYPE property in the configurator.jar tool.
2 readers recommend this article
Archived
This article has been archived and is no longer maintained by ForgeRock.
Symptoms
If you are trying to configure OpenAM with an external user store, the configuration fails when the configurator tool tries to create the demo user. You will see the following at the end of the configuration progress messages:
Configuring server instance....Done Creating demo user. Configuration failed!The corresponding error is shown in the install log as follows, where errorcode=91 is shown instead of errorcode=65 if you have used LDAPS:
Configuring server instance....Done Creating demo user.AMSetupServlet.processRequest: errorMessage:Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception. ldap errorcode=65 at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.newIdRepoException(DJLDAPv3Repo.java:2478) at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.handleErrorResult(DJLDAPv3Repo.java:2451) at org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo.create(DJLDAPv3Repo.java:656) at com.sun.identity.idm.server.IdServicesImpl.create(IdServicesImpl.java:449) at com.sun.identity.idm.AMIdentityRepository.createIdentity(AMIdentityRepository.java:384) at com.sun.identity.setup.AMSetupServlet.createDemoUser(AMSetupServlet.java:2409) at com.sun.identity.setup.AMSetupServlet.configure(AMSetupServlet.java:1206) at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:693) at com.sun.identity.setup.AMSetupServlet.doPost(AMSetupServlet.java:613) at javax.servlet.http.HttpServlet.service(HttpServlet.java:646) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:117) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:503) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:701)Recent Changes
Upgraded to OpenAM 12.0.0.
Causes
The value of the USERSTORE_TYPE parameter is incorrectly removed during the configuration process when using the CLI Configurator. This parameter is used by AMSetupServlet to determine that an external User Store should be configured. In this case, OpenAM does not known an external user store is being used which causes the configuration to fail.
Solution
This issue can be resolved by upgrading to OpenAM 12.0.1 or later; you can download this version from BackStage.
Alternatively, you can use the patched configurator tool, which is included in the attached SSOConfiguratorTools-12.0.0.zip.
See Also
OpenAM Reference › OpenAM Command Line Tools › configurator.jar
Related Training
N/A
Related Issue Tracker IDs
OPENAM-5397 (Unable to Install OpenAM 12.0.0 using the command line configurator)
OPENAM-5597 (Cannot configure external OpenDJ with openam-configurator-tool)