StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POIssues with openam federation (with apacheds as data store)
text
Body
copied!<p><strong>Please help me out with this: I am trying to setup federation with one idp and one sp in openam. Data store being used is ApacheDS. I am trying to follow the following tutorial for the same.</strong></p> <p><a href="http://fczaja.blogspot.com/2012/06/idp-initiated-sso-and-identity.html" rel="nofollow">http://fczaja.blogspot.com/2012/06/idp-initiated-sso-and-identity.html</a></p> <p><strong>I was receiving following error in the openam logs during Test Federation Connectivity (from console)<em>*</em>*</strong></p> <pre><code>libSAML2:10/30/2012 06:48:41:399 PM IST: Thread[http-8080-1,5,main] AccountUtils.setAccountFederation: set fedinfo {sun-fm-saml2-nameid-info=[http://www.idp.com:8080/openam_10.0.0|http://www.sp.com:8090/openam_10.0.0|WC++1dcclPD//rTlgpYLD0EEISg2|http://www.idp.com:8080/openam_10.0.0|urn:oasis:names:tc:SAML:2.0:nameid-format:persistent|null|http://www.sp.com:8090/openam_10.0.0|IDPRole|false], sun-fm-saml2-nameid-infokey=[http://www.idp.com:8080/openam_10.0.0|http://www.sp.com:8090/openam_10.0.0|WC++1dcclPD//rTlgpYLD0EEISg2]} userID = id=appu,ou=user,dc=opensso,dc=java,dc=net libPlugins:10/30/2012 06:48:41:543 PM IST: Thread[http-8080-1,5,main] ERROR: IdRepoDataStoreProvider.setAttribute(): IdRepo exception Message:Plug-in com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo encountered an ldap exception. LDAP Error 16: The specified attribute could not be found. at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.handleLDAPException(LDAPv3Repo.java:6117) at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.setAttributes(LDAPv3Repo.java:4141) at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.setAttributes(LDAPv3Repo.java:3921) at com.sun.identity.idm.server.IdServicesImpl.setAttributes(IdServicesImpl.java:1701) </code></pre> <p><strong>Which probably meant that openam was trying to use some LDAP attribute which wasn’t present (since I created minimal attribute set in ApacheDS). So I went to Data store settings in both IDP and SP and removed the non-available attributes from LDAP User Attributes. Now it is giving the following error:</strong></p> <pre><code>WARNING: IdServicesImpl.setAttributes: Unable to modify identity in the following repository com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo :: Illegal arguments: One or more required arguments is null or empty amIdm:10/31/2012 10:20:26:362 AM IST: Thread[http-8080-1,5,main] IdServicesImpl.setAttributes: Unable to set attributes in the following repository com.sun.identity.idm.plugins.internal.SpecialRepo :: Plug-in com.sun.identity.idm.plugins.internal.SpecialRepo does not support operation edit for type {2} amIdm:10/31/2012 10:20:26:362 AM IST: Thread[http-8080-1,5,main] WARNING: IdServicesImpl.setAttributes: Unable to set attributes for identity user::appu in any configured data store Message:Illegal arguments: One or more required arguments is null or empty at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.setAttributes(LDAPv3Repo.java:4039) at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.setAttributes(LDAPv3Repo.java:3921) </code></pre> <p><strong>Some forums are saying that attributes like sun-fm-saml2-nameid-info and sun-fm-saml2-nameid-infokey are required. But I cannot add them to my data store as they don’t match with schema. Also I am unable to import the LDIFs given in openam installation to Apache DS. I have two questions: 1. I am going in the right direction (Adding attributes to Apache ds data store will help) ? If yes how can I push openam related schmea items in Apache ds as well? 2. Is there something I am missing here completely.</strong></p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload