Unfortunately, I need to ask for help again. I am installing
AM 7.3 using the
AM-SSOConfiguratorTools.The tool throws a
Connection refused exception immediately when I start it. I use this doc as a reference.
I have a well-installed DS 7.3 and I would like to use this server as a external
identity store for this new AM instance. The DS server uses LDAPS (port 636) and it works properly. I can connect to this server using the Apache Directory Studio and the certificate that I see looks okay.
The interesting part is that if I use the web-based AM configurator (https://am.hello.com/openam) and I go through the custom config, finally I get a well-working AM server. So the manual configuration process works fine, I can add a new user using the AM web console, and I see the new entries in LDAP. But the AM configuration with
openam-configurator-tool-126.96.36.199.jar does not work. In the
config.properties file I use exactly the same parameters that I use during the web configuration. So I think that this
Connection refused issue is not related to the LDAP server. This must be something else, but not sure. I do not know how this configurator tool works.
This is the command that I use:
type=PKCS12 store=/tmp/am.hello.com.p12 passwd=changeit java \ -Djava.security.debug=all \ -Djavax.net.debug=all \ -Djavax.net.ssl.trustStore=$store \ -Djavax.net.ssl.trustStorePassword=$passwd \ -Djavax.net.ssl.trustStoreType=$type \ -Djavax.net.ssl.keyStore=$store \ -Djavax.net.ssl.keyStorePassword=$passwd \ -Djavax.net.ssl.keyStoreType=$type \ -jar openam-configurator-tool-188.8.131.52.jar --file config.properties
I tried it with only the
truststore Java options too, but I got the same result.
Inside the keystore, I have a server and a CA cert. I use a similar keystore on the DS side (server + same CA cert). The server certs are signed/issued by the CA.
I am not sure where the configuration tool wants to connect but this connection does not work.
at com.sun.identity.setup.OpenSSOConfigurator.postRequestToServer(OpenSSOConfigurator.java:246) at com.sun.identity.setup.OpenSSOConfigurator.execute(OpenSSOConfigurator.java:142) at com.sun.identity.setup.Main.main(Main.java:24) java.net.ConnectException: Connection refused (Connection refused) at java.base/java.net.PlainSocketImpl.socketConnect(Native Method) at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:412) at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:255)
I understand that the config tool JAR and the web openam WAR (tomcat) runs in two different JVM, but then…
Could you please help me?