Hello,
Unfortunately, I need to ask for help again. I am installing AM 7.3
using the AM-SSOConfiguratorTools
.The tool throws a Connection refused
exception immediately when I start it. I use this doc as a reference.
I have a well-installed DS 7.3 and I would like to use this server as a external config
and identity
store for this new AM instance. The DS server uses LDAPS (port 636) and it works properly. I can connect to this server using the Apache Directory Studio and the certificate that I see looks okay.
The interesting part is that if I use the web-based AM configurator (https://am.hello.com/openam) and I go through the custom config, finally I get a well-working AM server. So the manual configuration process works fine, I can add a new user using the AM web console, and I see the new entries in LDAP. But the AM configuration with openam-configurator-tool-14.1.3.18.jar
does not work. In the config.properties
file I use exactly the same parameters that I use during the web configuration. So I think that this Connection refused
issue is not related to the LDAP server. This must be something else, but not sure. I do not know how this configurator tool works.
This is the command that I use:
type=PKCS12
store=/tmp/am.hello.com.p12
passwd=changeit
java \
-Djava.security.debug=all \
-Djavax.net.debug=all \
-Djavax.net.ssl.trustStore=$store \
-Djavax.net.ssl.trustStorePassword=$passwd \
-Djavax.net.ssl.trustStoreType=$type \
-Djavax.net.ssl.keyStore=$store \
-Djavax.net.ssl.keyStorePassword=$passwd \
-Djavax.net.ssl.keyStoreType=$type \
-jar openam-configurator-tool-14.1.3.18.jar --file config.properties
I tried it with only the truststore
Java options too, but I got the same result.
Inside the keystore, I have a server and a CA cert. I use a similar keystore on the DS side (server + same CA cert). The server certs are signed/issued by the CA.
This is the error log of the openam-configurator-tool, the config.properties, and the install.log of the manual AM installation process.
I am not sure where the configuration tool wants to connect but this connection does not work.
at com.sun.identity.setup.OpenSSOConfigurator.postRequestToServer(OpenSSOConfigurator.java:246)
at com.sun.identity.setup.OpenSSOConfigurator.execute(OpenSSOConfigurator.java:142)
at com.sun.identity.setup.Main.main(Main.java:24)
java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:412)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:255)
I understand that the config tool JAR and the web openam WAR (tomcat) runs in two different JVM, but then…
Could you please help me?