Book

Installing and configuring AM/OpenAM

This book provides information on installing and configuring AM/OpenAM, including frequently asked questions and known issues.


Printer friendly view

Table of Contents

  • 1 General
    • 1.1 What automation tools are available for installing, upgrading and configuring AM/OpenAM deployments (All versions)?
    • 1.2 What versions of DS/OpenDJ are compatible with AM/OpenAM?
    • 1.3 What versions of Policy Agents are compatible with AM/OpenAM?
    • 1.4 What versions of IG/OpenIG are compatible with AM/OpenAM?
    • 1.5 What versions of AM/OpenAM are compatible with IDM/OpenIDM?
    • 1.6 How do I check if a particular AM/OpenAM (All versions) instance is running?
    • 1.7 How do I check what version of AM/OpenAM (All versions) I have installed?
    • 1.8 How do I upgrade Apache Tomcat for an existing AM/OpenAM (All versions) install?
  • 2 Configuration
    • 2.1 Best practices for configuring sessions in AM (All versions) to reduce the impact on the CTS store
    • 2.2 How do I export and import Service configurations for AM/OpenAM (All versions)?
    • 2.3 How do I make a backup of configuration data in AM/OpenAM (All versions)?
    • 2.4 How do I make AM/OpenAM (All versions) communicate with a secured LDAP server?
    • 2.5 How do I enable SSL in AM/OpenAM (All versions) post-install?
    • 2.6 How do I enable SSL in AM/OpenAM (All versions) for an existing installation?
    • 2.7 How do I configure the heartbeat timeout in AM (All versions) and OpenAM 12.0.3, 12.0.4, 13.x?
    • 2.8 How do I register or re-register a custom authentication module in AM 5.5.x and 6.x?
    • 2.9 How do I delete an AM/OpenAM instance (All versions) from a site along with the replicated embedded DS/OpenDJ server?
    • 2.10 How do I configure AM 6.0.0.x to work with older policy agents (Web 4.x and JEE 3.5.x)?
    • 2.11 How do I remove console access in AM/OpenAM (All versions)?
    • 2.12 Best practice for blocking the top level realm in a proxy for AM/OpenAM (All versions)
    • 2.13 How do I safely enable the org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH setting in AM/OpenAM (All versions)?
    • 2.14 How do I update the certificate alias for the signing key in the AM/OpenAM (All versions) keystore?
    • 2.15 How do I update the authentication signing secret in AM (All versions) and OpenAM 13.x?
    • 2.16 How do I configure AM/OpenAM (All versions) to check the HTTP header for the user certificate?
    • 2.17 How do I set up Realm DNS Aliases in AM/OpenAM (All versions)?
    • 2.18 How do I set up Realm DNS Aliases in AM/OpenAM (All versions) when CDSSO is configured?
    • 2.19 How do I configure which pages are displayed upon successful and failed logins in AM/OpenAM (All versions)?
    • 2.20 How do I configure a list of valid goto URL resources in AM/OpenAM (All versions)?
    • 2.21 How do I automate the creation of scripts in AM/OpenAM (All versions)?
    • 2.22 How do I re-create a bootstrap file for OpenAM 12.x and 13.x if the bootstrap file has become corrupt?
  • 3 Frequently Asked Questions
    • 3.1 FAQ: Installing AM/OpenAM
    • 3.2 FAQ: Configuring AM/OpenAM
    • 3.3 FAQ: Patches in AM/OpenAM
    • 3.4 FAQ: General AM/OpenAM
    • 3.5 FAQ: AM/OpenAM compatibility with third-party products
  • 4 Known Issues
    • 4.1 Install
      • 4.1.1 AM/OpenAM (All versions) install fails with emb.creatingfamsuffix.failure error when installing on a Unix or Linux system
      • 4.1.2 javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] error when reinstalling an AM/OpenAM (All versions) instance
      • 4.1.3 Installing OpenAM 12.x or 13.x with an external OpenDJ instance fails with a NPE
    • 4.2 Startup and Shutdown
      • 4.2.1 Error during shutdown message when stopping an AM 6 instance running on Apache Tomcat
      • 4.2.2 AM/OpenAM (All versions) fail to start due to SEVERE: ContainerBase.addChild: start: error on Apache Tomcat
      • 4.2.3 Memory leak messages when shutting down Apache Tomcat web container running AM/OpenAM (All versions)
    • 4.3 Login Page
      • 4.3.1 Default Configuration page shown instead of Login page in AM/OpenAM (All versions)
      • 4.3.2 Attempting to access AM/OpenAM (All versions) fails with ConfigurationException: Configuration store is not available
      • 4.3.3 Login page in AM/OpenAM (All versions) hangs on Loading when CORS is enabled
      • 4.3.4 Multiple mappings found for organization identifier error when logging into AM/OpenAM (All versions)
      • 4.3.5 Login page does not load when using authentication trees with custom or Marketplace nodes in AM 6.5
      • 4.3.6 Login page does not load or ssoadm fails in AM (All versions) running on Apache Tomcat 8.5 or 9
      • 4.3.7 XUI Login URL with goto parameter causes redirect loop or prevents OpenAM 12.x and 13.x login page loading
    • 4.4 Configuration
      • 4.4.1 Cannot recover key error shown when renewing expired certificates or changing the password for the keystore or truststore in AM/OpenAM (All versions)
      • 4.4.2 Unable to retrieve certificate with alias 'test' from keystore after making changes to the keystore in AM (All versions)
      • 4.4.3 AM/OpenAM (All versions) Login flow fails with java.lang.IllegalArgumentException: Request header too large
      • 4.4.4 The CertAndKeyGen security class cannot be found error when configuring AM (All versions) or OpenAM 13.x
      • 4.4.5 Federation related pages do not display in the console with a java.lang.NoClassDefFoundError: sun/misc/CharacterEncoder error in AM 6.5.x
      • 4.4.6 Unidentified properties or Invalid properties message when adding custom advanced server properties in AM (All versions) and OpenAM 13.5
      • 4.4.7 OpenAM 13.5 redirects to server URL instead of site URL in load balanced environment
      • 4.4.8 Authentication fails in OpenAM 13.0 with an AuthId JWT Signature not valid error
      • 4.4.9 Error when flushing the writer message when AM (All versions) and OpenAM 13.x is under high load with audit logging enabled
      • 4.4.10 SNMP monitoring fails in AM 5.5.1 with No Monitoring interfaces started exception
  • 5 Patches
    • 5.1 How do I check what patches are installed for ForgeRock products?
    • 5.2 How do I install an AM/OpenAM patch (All versions) supplied by ForgeRock support?
Loading...