It’s possible that the AM user may overlook this “new” requirement, which involves using the ssoadm command to set the administrative user’s universal ID for AM 7 to include ou=People.
This requirement is clearly documented in the following resource
ssoadm fails in AM (All versions) with FATAL ERROR: Cannot obtain Application SSO token
You are using the universal ID of the administrative user to connect, for example: uid=amAdmin,ou=People,dc=am,dc=forgerock,dc=org
However, given the amount of information available, it’s understandable that it might be missed.
Note : ssoadm has been deprecated
2 Likes
Hi Sam!
Thank you for proactively raising awareness about the important new requirement in AM 7 to set the administrative user’s universal ID to include ou=People using ssoadm.
Your efforts in sharing this solution are valuable to avoid triggering this error, as it’s highly possible that AM users may overlook this requirement as it may not be immediately obvious.
Thanks to your contribution, more users will become aware of the requirement and can take the necessary steps to modify their configuration.
Your contribution to sharing this information with the community is truly appreciated!