Forgerock AM installation Issue

aazzabi · October 6, 2022, 9:22am

Hi team,
I’am trying to installation Forgerock AM but it stuck in Running DS Setup step.
I got the same issue in linux and windows !

Is there something I missed.

Regards

aazzabi · October 6, 2022, 10:07am

When i run the command status in the /openam/opends/bin, I got this

Error: A JNI error has occurred, please check your installation and try again
Exception in thread "main" java.lang.UnsupportedClassVersionError: org/opends/server/tools/status/StatusCli has been compiled by a more recent version of the Java Runtime (class file version 55.0), this version of the Java Runtime only recognizes class file versions up to 52.0

How can I resolve this ?

gery.ducatel · October 6, 2022, 1:09pm

aazzabi,

This looks like you are not running the correct Java version. Your JVM appears to be 1.8 (class file 52), and ForgeRock products version 7 need JVM 11 (class files 55).

With regards

aazzabi · October 10, 2022, 9:31am

Thanks @gery.ducatel for you answer.
I updated that but always same problem
C:\Windows\ServiceProfiles\LocalService\Desktop\openam\opends\bat>java -version
java version “19” 2022-09-20
Java™ SE Runtime Environment (build 19+36-2238)
Java HotSpot™ 64-Bit Server VM (build 19+36-2238, mixed mode, sharing)

gery.ducatel · October 10, 2022, 10:24am

Hi,

Assuming the version you are interested in is 7.2 the installation for AM supports only Java 11, and for DS it supports Java 11 (11.0.8+), or 17 (17.0.3+).
Also I would check if different versions of the JVM are installed and check that DS is picking the correct one.
For DS the JVM picked up is logged in the /path/to/opendj/logs/server.out file and you can also check the configuration in /path/to/opendj/config/java.properties
For AM the configuration of the web container can be checked so ensure the correct version is being picked up. E.g. Tomcat will select JAVA_HOME and the logs will mention the version used /path/to/tomcat/logs/catalina.out

With regards

aazzabi · October 10, 2022, 2:10pm

I updated and know it passed.
I’m getting another error for which I didn’t found the root cause
10/10/2022 03:59:21:422 PM CEST: Configuration de l’instance de serveur.
10/10/2022 03:59:21:472 PM CEST: …Terminé
AMSetupServlet.processRequest: error java.lang.IllegalStateException: Could not write Amster keys
at org.forgerock.openam.authentication.modules.amster.AuthorizedKeyConfiguratorPlugin.createLocalAmsterKey(AuthorizedKeyConfiguratorPlugin.java:77)
at org.forgerock.openam.authentication.modules.amster.AuthorizedKeyConfiguratorPlugin.doPostConfiguration(AuthorizedKeyConfiguratorPlugin.java:57)
at com.sun.identity.setup.AMSetupServlet.handlePostPlugins(AMSetupServlet.java:1083)
at com.sun.identity.setup.AMSetupServlet.configure(AMSetupServlet.java:959)
at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:552)
at com.sun.identity.config.DefaultSummary.createDefaultConfig(DefaultSummary.java:124)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.click.util.ClickUtils.invokeMethod(ClickUtils.java:3317)
at org.apache.click.util.ClickUtils.invokeListener(ClickUtils.java:2088)
at org.apache.click.control.AbstractControl$1.onAction(AbstractControl.java:228)
at org.apache.click.ActionEventDispatcher.fireActionEvent(ActionEventDispatcher.java:259)
at org.apache.click.ActionEventDispatcher.fireActionEvents(ActionEventDispatcher.java:236)
at org.apache.click.ActionEventDispatcher.fireActionEvents(ActionEventDispatcher.java:180)
at org.apache.click.ClickServlet.performOnProcess(ClickServlet.java:746)
at org.apache.click.ClickServlet.processAjaxPageEvents(ClickServlet.java:1860)
at org.apache.click.ClickServlet.processPage(ClickServlet.java:559)
at org.apache.click.ClickServlet.handleRequest(ClickServlet.java:383)
at org.apache.click.ClickServlet.doGet(ClickServlet.java:276)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:670)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:779)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.forgerock.openam.headers.SecureCookieFilter.doFilter(SecureCookieFilter.java:63)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.forgerock.openam.headers.DisableSameSiteCookiesFilter.doFilter(DisableSameSiteCookiesFilter.java:105)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:59)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:93)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:93)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:127)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.forgerock.openam.validation.RequestEntitySizeVerificationFilter.doFilter(RequestEntitySizeVerificationFilter.java:64)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:47)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1789)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.io.IOException: GROUP@: La relation d’approbation entre cette station de travail et le domaine principal a échoué.

at java.base/sun.nio.fs.WindowsUserPrincipals.lookup(WindowsUserPrincipals.java:148)
at java.base/sun.nio.fs.WindowsFileSystem$LookupService$1.lookupPrincipalByName(WindowsFileSystem.java:244)
at org.forgerock.openam.utils.file.FileUtils.getWindowsPath(FileUtils.java:149)
at org.forgerock.openam.utils.file.FileUtils.create(FileUtils.java:112)
at org.forgerock.openam.utils.file.FileUtils.createFileWithPermissions(FileUtils.java:91)
at org.forgerock.openam.authentication.modules.amster.AuthorizedKeyConfiguratorPlugin.writePrivateKey(AuthorizedKeyConfiguratorPlugin.java:82)
at org.forgerock.openam.authentication.modules.amster.AuthorizedKeyConfiguratorPlugin.createLocalAmsterKey(AuthorizedKeyConfiguratorPlugin.java:72)
... 68 more

gery.ducatel · October 10, 2022, 3:57pm

If your version of AM is equal or lower to 7.1.0 you should use a more recent version, i.e. 7.1.2, or 7.2.0.
There seems to be an issue with creating a file and group permissions of the user running the installation.
With regards

aazzabi · October 10, 2022, 8:32pm

I’am using the 7.2.0 version.
I run the installation with an admin account but didn’t find anything related to that issue.

gery.ducatel · October 11, 2022, 11:32am

The error message which is preventing the creation of a file (amster_rsa, i.e. the Amster private key to login to AM) is the following:
Caused by: java.io.IOException: GROUP@: La relation d’approbation entre cette station de travail et le domaine principal a échoué
This message in en/us locale is the following:
The trust relationship between this workstation and the primary domain failed

This error could be related to user permissions issues into your Windows domain.
Possible guidelines can be followed from Microsoft support pages:

I have searched internal, and external material, but at the moment I do not have evidence which point to an issue associated with AM, or DS.

If you have more information please let us know.

I hope it helps,

umakakumani3 · November 3, 2022, 10:11pm

I am also having the same issue, I am using DS 6.5.6 and AM 6.5.5 on OpenJDK11 and also tried with Oracle JDK11. Getting the same issue as below

AMSetupServlet.processRequest: error java.lang.IllegalStateException: Could not write Amster keys
at org.forgerock.openam.authentication.modules.amster.AuthorizedKeyConfiguratorPlugin.createLocalAmsterKey(AuthorizedKeyConfiguratorPlugin.java:84)
at org.forgerock.openam.authentication.modules.amster.AuthorizedKeyConfiguratorPlugin.doPostConfiguration(AuthorizedKeyConfiguratorPlugin.java:65)
at com.sun.identity.setup.AMSetupServlet.handlePostPlugins(AMSetupServlet.java:1023)
at com.sun.identity.setup.AMSetupServlet.configure(AMSetupServlet.java:947)
at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:511)
at com.sun.identity.config.wizard.Wizard.createConfig(Wizard.java:279)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.click.util.ClickUtils.invokeMethod(ClickUtils.java:3317)
at org.apache.click.util.ClickUtils.invokeListener(ClickUtils.java:2088)
at org.apache.click.control.AbstractControl$1.onAction(AbstractControl.java:228)
at org.apache.click.ActionEventDispatcher.fireActionEvent(ActionEventDispatcher.java:259)
at org.apache.click.ActionEventDispatcher.fireActionEvents(ActionEventDispatcher.java:236)
at org.apache.click.ActionEventDispatcher.fireActionEvents(ActionEventDispatcher.java:180)
at org.apache.click.ClickServlet.performOnProcess(ClickServlet.java:746)
at org.apache.click.ClickServlet.processAjaxPageEvents(ClickServlet.java:1860)
at org.apache.click.ClickServlet.processPage(ClickServlet.java:559)
at org.apache.click.ClickServlet.handleRequest(ClickServlet.java:383)
at org.apache.click.ClickServlet.doGet(ClickServlet.java:276)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.forgerock.openam.headers.DisableSameSiteCookiesFilter.doFilter(DisableSameSiteCookiesFilter.java:105)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:59)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:80)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:127)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.forgerock.openam.validation.RequestEntitySizeVerificationFilter.doFilter(RequestEntitySizeVerificationFilter.java:64)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:690)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.io.IOException: GROUP@: The trust relationship between this workstation and the primary domain failed.

at java.base/sun.nio.fs.WindowsUserPrincipals.lookup(WindowsUserPrincipals.java:148)
at java.base/sun.nio.fs.WindowsFileSystem$LookupService$1.lookupPrincipalByName(WindowsFileSystem.java:244)
at org.forgerock.openam.utils.file.FileUtils.getWindowsPath(FileUtils.java:120)
at org.forgerock.openam.utils.file.FileUtils.createFileWithPermissions(FileUtils.java:93)
at org.forgerock.openam.authentication.modules.amster.AuthorizedKeyConfiguratorPlugin.writePrivateKey(AuthorizedKeyConfiguratorPlugin.java:89)
at org.forgerock.openam.authentication.modules.amster.AuthorizedKeyConfiguratorPlugin.createLocalAmsterKey(AuthorizedKeyConfiguratorPlugin.java:79)
... 65 more

umakakumani3 · November 3, 2022, 10:21pm

I also tried with AM version 6.5.4 with the same java, OpenDS version as above and it worked. Hence, I feel there is a bug with the new version of AM 6.5.5.

Precisely below is my test environment where 6.5.5 is giving error and 6.5.4 is working=> tomcat 9.0.34.0, Oracle Java 11.0.17+10-LTS-269,

gery.ducatel · November 18, 2022, 1:54pm

AM 6.5.5 should work on Windows. You may try the installation with a different user to see if the relationship issue is associated with a user in particular.
It is possible however, that this issue is associated with the machine rather than the user.
If this is a Virtual Machine, are you able to get a new image and try the installation again?