AM 7 : ssoadm 's universal ID of the administrative user need ou=People

It’s possible that the AM user may overlook this “new” requirement, which involves using the ssoadm command to set the administrative user’s universal ID for AM 7 to include ou=People.

This requirement is clearly documented in the following resource
ssoadm fails in AM (All versions) with FATAL ERROR: Cannot obtain Application SSO token

You are using the universal ID of the administrative user to connect, for example: uid=amAdmin,ou=People,dc=am,dc=forgerock,dc=org

However, given the amount of information available, it’s understandable that it might be missed.

Note : ssoadm has been deprecated

2 Likes

Hi Sam!

Thank you for proactively raising awareness about the important new requirement in AM 7 to set the administrative user’s universal ID to include ou=People using ssoadm.

Your efforts in sharing this solution are valuable to avoid triggering this error, as it’s highly possible that AM users may overlook this requirement as it may not be immediately obvious.

Thanks to your contribution, more users will become aware of the requirement and can take the necessary steps to modify their configuration.

Your contribution to sharing this information with the community is truly appreciated!