Error while hosting AM war on tomcat

hakxcore · July 10, 2023, 4:27pm

Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[mydomain[dot]com].StandardContext[/openam]]

hakxcore · July 10, 2023, 4:29pm

I am hosting openam.war file on tomcat but facing some errors Pelse help Its urgent

mwtech · July 10, 2023, 8:28pm

@hakxcore - there is likely more information in the stack trace that would provide more detail about what the problem is. If you can share the full stack trace that would be helpful.

What versions of AM and Tomcat are you running?

andrew.burton · July 13, 2023, 2:41pm

Have you made any changes to the tomcat server.xml file at all?

hakxcore · July 24, 2023, 1:36pm

Hi @andrew.burton @mwtech I have now hosted the war file on tomcat but now I’m not able to create the default configuration, I was getting error in opendj setup now it’s changed to as in following image

hakxcore · July 24, 2023, 1:41pm

First, it was showing an error in “Opendj setup” then changed to a “configuration already exists” now it’s changed to “null”, Please suggest a possible solution, Thanks in Advance!

mwtech · July 24, 2023, 3:04pm

@hakxcore - without the details from the log file it could be tough to troubleshoot this further. I’d start with sharing the install log, but generally speaking I think I’d do two things here:

Wipe out any files from the installation location, as well as the hidden directory .openamcfg in the home directory of the user you are running tomcat as.
Don’t use IP address or localhost when installing. You need to use a fully qualified domain name (you can use your /etc/hosts file to achieve this) when installing so that AM can set its cookie.

hakxcore · July 24, 2023, 3:07pm

here is the install.log file

07/24/2023 02:57:53:554 PM UTC: Checking license acceptance...
07/24/2023 02:57:53:555 PM UTC: License terms accepted.
License, legal-notices/Forgerock_License.txt, has been accepted.
License Hash: Yalwb9SLaQCqu0NjseRm+vqup41ucHzs83eS3VP3uZI=.
07/24/2023 02:57:53:558 PM UTC: Checking configuration directory /opt/tomcat/openam.
07/24/2023 02:57:53:559 PM UTC: ....Failed. Found existing config data.
AMSetupServlet.processRequest: error com.sun.identity.setup.ConfiguratorException: Base directory specified :/opt/tomcat/openam cannot be used - has preexisting config data.
	at com.sun.identity.setup.AMSetupServlet.checkBaseDir(AMSetupServlet.java:790)
	at com.sun.identity.setup.AMSetupServlet.configure(AMSetupServlet.java:885)
	at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:552)
	at com.sun.identity.config.DefaultSummary.createDefaultConfig(DefaultSummary.java:125)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.apache.click.util.ClickUtils.invokeMethod(ClickUtils.java:3317)
	at org.apache.click.util.ClickUtils.invokeListener(ClickUtils.java:2088)
	at org.apache.click.control.AbstractControl$1.onAction(AbstractControl.java:228)
	at org.apache.click.ActionEventDispatcher.fireActionEvent(ActionEventDispatcher.java:259)
	at org.apache.click.ActionEventDispatcher.fireActionEvents(ActionEventDispatcher.java:236)
	at org.apache.click.ActionEventDispatcher.fireActionEvents(ActionEventDispatcher.java:180)
	at org.apache.click.ClickServlet.performOnProcess(ClickServlet.java:746)
	at org.apache.click.ClickServlet.processAjaxPageEvents(ClickServlet.java:1860)
	at org.apache.click.ClickServlet.processPage(ClickServlet.java:559)
	at org.apache.click.ClickServlet.handleRequest(ClickServlet.java:383)
	at org.apache.click.ClickServlet.doGet(ClickServlet.java:276)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:529)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.forgerock.openam.headers.SecureCookieFilter.doFilter(SecureCookieFilter.java:63)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.forgerock.openam.headers.DisableSameSiteCookiesFilter.doFilter(DisableSameSiteCookiesFilter.java:106)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:59)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:110)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:110)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:128)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.forgerock.openam.validation.RequestEntitySizeVerificationFilter.doFilter(RequestEntitySizeVerificationFilter.java:64)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:47)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)
	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:673)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)
	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:829)


Dumping all configuration parameters...

Request Parameters:
acceptLicense = true
actionLink = createDefaultConfig
ADMIN_CONFIRM_PWD = #########
ADMIN_PWD = #########
AM_ENC_KEY = #########
BASE_DIR = /opt/tomcat/openam
COOKIE_DOMAIN = 3.86.233.6
DATA_STORE = embedded
DIRECTORY_ADMIN_PORT = -1
DIRECTORY_JMX_PORT = -1
DIRECTORY_PORT = -1
DIRECTORY_SERVER = 3.86.233.6
DIRECTORY_SSL = SSL
DS_DIRMGRPASSWD = #########
locale = en
PLATFORM_LOCALE = en_US
SERVER_HOST = 3.86.233.6
SERVER_PORT = 8080
SERVER_URI = /openam/config/defaultSummary.htm
SERVER_URL = http://3.86.233.6:8080/openam/config/defaultSummary.htm
SESSION_ROOT_SUFFIX = ou=openam-session
SESSION_STORE_TYPE = none

Main configuration items:
acceptLicense = true
actionLink = createDefaultConfig
ADMIN_PWD = #########
AM_COEXIST = false
AM_ENC_KEY = #########
AM_REALM = true
AMLDAPUSERPASSWD = #########
AMSDK_I18N_KEY = a101
AUTH_DEFAULT_CONFIG = ldapService
BASE_DIR = /opt/tomcat/openam
CONFIGURATION_PROVIDER_CLASS = com.sun.identity.plugin.configuration.impl.ConfigurationInstanceImpl
CONSOLE_URI = /openam
COOKIE_DOMAIN = 
COOKIE_ENCODE = false
DATA_STORE = embedded
DATASTORE_NOTIFICATION = true
DATASTORE_PROVIDER_CLASS = com.sun.identity.plugin.datastore.impl.IdRepoDataStoreProvider
DB_NAME = appData
DEBUG_DIR = debug
DEBUG_SUBDIR = debug
DEFAULT_AUTH_MODULE = DataStore
DEFAULT_ORG = dc=openam,dc=forgerock,dc=org
DIRECTORY_ADMIN_PORT = -1
DIRECTORY_JMX_PORT = -1
DIRECTORY_PORT = -1
DIRECTORY_SERVER = 3.86.233.6
DIRECTORY_SSL = SSL
DISABLE_PERSISTENT_SEARCH = aci,um
DIT_LOADED = false
DS_DIRMGRDN = cn=Directory Manager
DS_DIRMGRPASSWD = #########
DS_UM_SCHEMA = sms
ENCADADMINPASSWD = #########
ENCADMINPASSWD = #########
ENCDSDIRMGRPASSWD = #########
GlobalAccessTokenModificationScriptId = d22f9a0c-426a-4466-b95e-d0f125b0d5fa
GlobalAmazonProfileNormalizationScriptId = 6b3cfd48-62d3-48ff-a96f-fe8f3a22ab30
GlobalAppleProfileNormalizationScriptId = 484e6246-dbc6-4288-97e6-54e55431402e
GlobalAuthenticationTreeDecisionNodeScriptId = 01e1a3c0-038b-4c16-956a-6c9d89328cff
GlobalClientSideAuthModuleScriptId = c827d2b4-3608-4693-868e-bbcf86bd87c7
GlobalClientSideDeviceIdMatchScriptId = 157298c0-7d31-4059-a95b-eeb08473b7e5
GlobalConfigProviderScriptId = 5e854779-6ec1-4c39-aeba-0477e0986646
GlobalDeviceProfileMatchDecisionNodeScriptId = 13e3f263-9cd3-4844-8d1c-040fd0dd02eb
GlobalEntitlementConditionScriptId = 9de3eb62-f131-4fac-a294-7bd170fd4acb
GlobalFacebookProfileNormalizationScriptId = bae1d54a-e97d-4997-aa5d-c027f21af82c
GlobalGitHubProfileNormalizationScriptId = a7a78773-445b-4eca-bb93-409e86bced81
GlobalGoogleProfileNormalizationScriptId = 58d29080-4563-480b-89bb-1e7719776a21
GlobalInstagramProfileNormalizationScriptId = 1244e639-4a31-401d-ab61-d75133d8dc9e
GlobalItsmeProfileNormalizationScriptId = 3d97c436-42c0-4dd0-a571-ea6f34f752b3
GlobalLibraryScriptId = 6c49bebe-3a62-11ed-a261-0242ac120002
GlobalLinkedInProfileNormalizationScriptId = 8862ca8f-7770-4af5-a888-ac0df0947f36
GlobalMayActScriptId = c735de08-f8f2-4e69-aa4a-2d8d3d438323
GlobalMicrosoftProfileNormalizationScriptId = 73cecbfc-dad0-4395-be6a-6858ee3a80e5
GlobalNormalizedProfileToIdentityScriptId = ed685f9f-5909-4726-86e8-22bd38b47663
GlobalNormalizedProfileToManagedUserScriptId = 58c824ae-84ed-4724-82cd-db128fc3f6c
GlobalOauth2AuthorizeEndpointDataProviderScriptId = 3f93ef6e-e54a-4393-aba1-f322656db28a
GlobalOAuth2EvaluateScopeScriptId = da56fe60-8b38-4c46-a405-d6b306d4b336
GlobalOAuth2ValidateScopeScriptId = 25e6c06d-cf70-473b-bd28-26931edc476b
GlobalOidcClaimsScriptId = 36863ffb-40ec-48b9-94b1-9a99f71cc3b5
GlobalSalesforceProfileNormalizationScriptId = 312e951f-70c5-49d2-a9ae-93aef909d5df
GlobalSaml2IdpAttributeMapperScriptId = c4f22465-2368-4e27-8013-e6399974fd48
GlobalServerSideAuthModuleScriptId = 7e3d7067-d50f-4674-8c76-a3e13a810c33
GlobalServerSideDeviceIdMatchScriptId = 703dab1a-1921-4981-98dd-b8e5349d8548
GlobalSocialIdPProfileTransformationScriptId = 1d475815-72cb-42eb-aafd-4026989d28a7
GlobalTwitterProfileNormalizationScriptId = 8e298710-b55e-4085-a464-88a375a4004b
GlobalVKontakteProfileNormalizationScriptId = 403cf226-6051-4368-8b72-9ba14f9a5140
GlobalWeChatProfileNormalizationScriptId = 472534ec-a25f-468d-a606-3fb1935190df
GlobalWordPressProfileNormalizationScriptId = 91d197de-5916-4dca-83b5-9a4df26e7159
GlobalYahooProfileNormalizationScriptId = 424da748-82cc-4b54-be6f-82bd64d82a74
HASHADMINPASSWD = #########
IS_INSTALL_VARDIR = baseDir
IS_PRODNAME = /openam
LDAP_CONNECTION_MODE = LDAP
locale = en
LOG_DIR = audit
LOG_PROVIDER_CLASS = com.sun.identity.plugin.log.impl.LogProvider
MONAGENT_PROVIDER_CLASS = com.sun.identity.plugin.monitoring.impl.AgentProvider
MONSAML2_PROVIDER_CLASS = com.sun.identity.plugin.monitoring.impl.FedMonSAML2SvcProvider
NORMALIZED_ORGBASE = dc=openam,dc=forgerock,dc=org
NORMALIZED_RS = dc=openam,dc=forgerock,dc=org
NoScriptDefined = [Empty]
OLDCON_DEPLOY_URI = /openam
ORG_BASE = dc=openam,dc=forgerock,dc=org
ORG_NAMING_ATTR = o
ORG_OBJECT_CLASS = sunismanagedorganization
ORG_ROOT_SUFFIX = dc=openam,dc=forgerock,dc=org
OUTPUT_DIR = basedir/uri
PAM_SERVICE_NAME = other
People_NM_ORG_ROOT_SUFFIX = People_dc=openam_dc=forgerock_dc=org
PLATFORM_LOCALE = en_US
ROOT_SUFFIX = dc=openam,dc=forgerock,dc=org
ROOTURL_PROVIDER_CLASS = org.forgerock.openam.federation.plugin.rooturl.impl.FmRootUrlProvider
RS_RDN = openam
SERVER_HOST = 3.86.233.6
SERVER_PORT = 8080
SERVER_PROTO = http
SERVER_URI = /openam
SERVER_URL = http://3.86.233.6:8080
SESSION_PROVIDER_CLASS = com.sun.identity.plugin.session.impl.FMSessionProvider
SESSION_ROOT_SUFFIX = ou=openam-session
SESSION_STORE_TYPE = none
SM_CONFIG_BASEDN = dc=openam,dc=forgerock,dc=org
SM_CONFIG_BASEDN_RDNA = dc
SM_CONFIG_BASEDN_RDNV = openam
SM_CONFIG_ROOT_SUFFIX = dc=openam,dc=forgerock,dc=org
SM_ROOT_SUFFIX_HAT = dc=openam^dc=forgerock^dc=org
SMS_OBJECT_CLASS = SmsWrapperObject
UM_DIRECTORY_PORT = -1
UM_DIRECTORY_SERVER = 3.86.233.6
UM_DS_DIRMGRDN = cn=Directory Manager
UM_DS_DIRMGRPASSWD = #########
UM_ENABLED = true
UM_NORMALIZED_ORGBASE = dc=openam,dc=forgerock,dc=org
UM_SSL = true
USER_HOME = /opt/tomcat
USER_NAMING_ATTR = uid
USER_OBJECT_CLASS = inetorgperson
USER_PROFILE_CHOICE = false
VERSION = ForgeRock Access Management 7.3.0 (2023-March-31 15:00)
XML_ENCODING = ISO-8859-1

Finished dumping all configuration parameters

hakxcore · July 24, 2023, 3:18pm

I’m installing forgerock on ec2 ubuntu instance is it must to use a domain for it ?

mwtech · July 24, 2023, 3:24pm

Based on the logs I’d echo the advice given from @anishetty in this thread: Facing error with Default Configuration Option in openam

Delete /opt/tomcat/openam and run the installation again. You mentioned a previous failure when installing AM, and when this happened it likely created some config data in that location and during a fresh install this directory needs to be empty.

With regards to the domain question - yes, you need to use a fully qualified domain for this. If this is just being used for testing purposes I suggest modifying your hosts file to map a dummy domain to your ec2 instance’s IP address.

hakxcore · July 25, 2023, 9:19am

Hi @mwtech Thankyou so Much! Your guidance helped me.

mwtech · July 25, 2023, 4:22pm

You’re welcome! Glad that I (and @anishetty) could help you out.