ForgeRock Agents - General Issues

This page outlines the minor issues that occur when working with ForgeRock Agents
May 13, 2016
ForgeRockForgeRock-AgentsOpenAM

ERROR - during the uninstallation (agentadmin)

(An Agent has been installed on this Application Server using bits from the agent install directory /opt/tomcatcontainer/forgerock/j2ee_agents/tomcat_v6_agent Please use the agentAdmin utility from the above specified agent installation directory to install/uninstall agents on this Application Server).


SOLUTION

You'll notice this error when you execute the ./agentadmin --uninstall command though the agent home (AGENT_HOME) within the error response is not the directory in which your agent can be located. My workaround solution for this is to explictly set agent home (AGENT_HOME) directory within the bash_profile. example, export AGENT_HOME=/opt/tomcatcontainer/forgerock/j2ee_agents/tomcat_v6_agent. If you execute the command again with the variable set, you should be able to avoid the error. Remember to remove the AGENT_HOME variable once this has been completed to avoid other issues down the line


ERROR -java.lang.ClassNotFoundException: com.sun.identity.agents.filter.AmAgentFilter

Issue (within the localhost.log file) also the same issue as above though as part of the intial installation of the agent
tail -1000 ./localhost.log


SOLUTION

During the startup of your container, the application begins the initialization though there's an application filter dependency if the web agent is also deployed as the PEP (Policy Enforcement Point) for the application. Therefore, if there's an application that sits behind the agent, then the web application would need to declare the filter. The filter is declared from within the web.xml.
The typical filter that is used from within the web.xml is as follows:

<filter>
<filter-name>Agent</filter-name>
<display-name>Agent</display-name>
<description>OpenAM Policy Agent Filter</description>
<filter-class>com.sun.identity.agents.filter.AmAgentFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Agent</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>


as you can see above, 'com.sun.identity.agents.filter.AmAgentFilter' is declared from within the filter, which is the java.lang.ClassNotFoundException you're experiencing from within your web container startup. The forgerock documentation on HOW TO: Install the Policy Agent into Tomcat gives a clear understanding on what needs to be done. Depending on how your application is deployed within your containter and how you're deploying the application will determine how to alter the web.xml. If it's within your IDE, you can simple make the change to to web.xml and then create the war file though you could simply alter the web file by executing the jar command (example, jar -xvf ./app.war) to uncompress it then 'jarring-it-up' again (example, jar -cvf ./APP_NAME.war *).

If you're already deployed your application within a DEV development environment for instance, then simply altering the web.xml file would suffice.


Issue: Can't find bundle for base name amAgentCore, locale en_US

Can't find bundle for base name amAgentCore, locale en_US


SOLUTION

If you're using eclipse, copy over the amAgentCore.properties file (along with all the other property files) into the Java Resources/src directory


Issue: Unable to load IAmAgentLog: com.sun.identity.agents.log.AmAgentLog


SOLUTION

Within the OpenSSOAgentBootstrap.properties, ensure that the 'com.iplanet.services.debug.directory' is pointing to a directory that can be accessable by the agentapp. For example '...\j2ee_agents\tomcat_v6_agent\Agent_001\logs\debug' directory


Issue: failed to create debug directory openam

Another classic when you're working with window system however most of the references are for Unix.


SOLUTION

com.iplanet.services.debug.directory if you're running on windows, ensure that double backwards slashes are used. If you're using unix, ensure there's permissions to create and write the directory C:\\Users\\forgerock\\


Issue: com.sun.identity.agents.arch.AgentException: Invalid root element name


SOLUTION

Alter the password within the OpenSSOAgentBootstrap.properties file and profile name. Though the app username 'com.sun.identity.agents.app.username' is also required to be altered. I ensured that the 'com.sun.identity.agents.config.profilename' and the 'com.sun.identity.agents.app.username' is the same as the agent name


Issue: java.lang.RuntimeException: Failed to load configuration: Invalid application password specif


SOLUTION

I've gonna state the obvious as it's a credential issue. The naming service is available as it cannot get to this error if not. Typically I would uninstall/reinstall the agent and confirm the agent profile password


Issue: Caused By: java.lang.RuntimeException: Unknown User Mapping Mode: null


SOLUTION

Accidentally installed the agent profile under the web agent, it should have been under the J2EE agent profile tab


OpenAM issue - 'C:\Program' is not recognized as an internal or external commend, operable program o

https://technicalconfessions.com/images/postimages/postimages/_427_17_setting the JAVA_HOME for OpenAM deployment.png

Another windows issue. Within the config.cmd directory, you need to include the double quotes around the JAVA_HOME variable. You can see that once that's altered, the Java home is fully declared and the ridiculous error is resolved

https://technicalconfessions.com/images/postimages/postimages/_427_18_Set the weblogic java variable.png

About the author

Daniel is a Technical Manager with over 10 years of consulting expertise in the Identity and Access Management space.
Daniel has built from scratch this blog as well as technicalconfessions.com
Follow Daniel on twitter @nervouswiggles

Comments

Other Posts

ForgeRock IDM - org.forgerock.script.exception.ScriptCompilationException: missing ; before statemen

OpenIDMsync.confForgeRock

September 17, 2017
Created by: Daniel Redfern
ForgeRock IDM - org.forgerock.script.exception.ScriptCompilationException: missing ; before statement
Read More...

Caused by: org.forgerock.json.resource.BadRequestException: Target does not support attribute groups

OpenIDMForgeRockICFConnector

September 17, 2017
Created by: Daniel Redfern
When performing the attempt of a reconciliation from ForgeRock IDM to Active Directory, I would get the following error
Read More...

ForgeRock OpenIDM - InvalidCredentialException: Remote framework key is invalid

OpenIDMForgeRockICFConnectorAD

September 17, 2017
Created by: Daniel Redfern
In the past, the similar error occurred though for the Oracle Identity Management solution. invalidcredentialexception remote framework key is invalid Because they all share the ICF connector framework, the error/solution would be the same.
Read More...

ERROR Caused by com.google.api.client.auth.oauth2.TokenResponseException 400 Bad Request - invalid_g

OpenIDMIDMGoogleGoogle-AppsICFreconciliation

September 12, 2017
Created by: Daniel Redfern
During the reconcilation from OpenIDM to the ICF google apps connector, the following error response would occur. ERROR Caused by com.google.api.client.auth.oauth2.TokenResponseException 400 Bad Request - invalid_grant
Read More...

forgerock-openidm-encryptedjwt-error

OpenIDMIDMForgeRockJWTIAM

August 29, 2017
Created by: Daniel Redfern
Received the JWT error
Read More...

Unexpected character ('¾' (code 190)): expected a valid value

ForgeRock-OpenIDMOpenIDMIDMKeystore

June 25, 2017
Created by: Daniel Redfern
Unexpected character occurred when the IP addresses changes and the virtual instance was migrated into a separate network subnet.
Read More...
E_WARNING Error in file posts.php at line 464: fopen(http://www.technicalconfessions.com/images/postimages/postIcons/pp444.png): failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found E_WARNING Error in file posts.php at line 464: fclose() expects parameter 1 to be resource, boolean given

OpenDJ Error - Connect Error Result Code: 91 (Connect Error)

OpenDJLDAPldapsearchForgeRock

June 5, 2017
Created by: Daniel Redfern
When trying to connect, I would then receive the following error "Connect Error Result Code: 91 (Connect Error)"
Read More...

Tomcat NioEndpoint$SocketProcessor.doRun java.lang.NullPointerException error

TomcatJava-8PKICAS

June 5, 2017
Created by: Daniel Redfern
When initiating the Tomcat instance, the cas-stderr log file will log a SEVERE error logging multiple times every few seconds
Read More...

IDM ERROR - JDBC repository configured but datasource default was not found

ForgeRockIDMJDBC

May 23, 2017
Created by: Daniel Redfern
IDM ERROR - JDBC repository configured but datasource default was not found
Read More...

OpenIDM Issue - javax.crypto.BadPaddingException: Given final block not properly padded

OpenIDMIDMForgeRockcryptography

May 23, 2017
Created by: Daniel Redfern
org.forgerock.json.JsonException: org.forgerock.json.crypto.JsonCryptoException: javax.crypto.BadPaddingException: Given final block not properly padded
Read More...