Apache web agent issue

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Apache web agent issue

Franck Richard

Hi,

 

I have a weird issue with an Openam Apache web agent: everything was working fine until the debug log filled all the space on the disk. Since I remove the log file and restarted Apache the web agent is initializing correctly but every request to this Apache is pending infinitely.

 

Removing agent in the apache config file let access to all virtualhost. It really seems that the agent is blocking all request and pending it.

 

Apache debug log, agent logs reveal nothing. I tried to install a new agent and it did not solve it.

 

Any idea will be appreciated

 

Thanks

 

 

Franck

 


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Apache web agent issue

Bernhard Thalmayr
Which agent version are you using?

In general the agent initializes/bootstraps when it has to handle the
first request.

During bootstrapping the agent tries to obtain an SSOToken for itself
from OpenAM.

After this SSOToken is validated the agent receives its (centralized)
profile from OpenAM.


Bootstrapping end


Then it inspects the request it has to handle.

If an SSO tracking cookie is present in the request it tries to verify
this with OpenAM.

If not configured for SSO_ONLY mode the agent sends a policy decicion
request to OpenAM ....

-Bernhard

Am 17/01/17 um 09:44 schrieb Franck Richard:

> Hi,
>
>  
>
> I have a weird issue with an Openam Apache web agent: everything was
> working fine until the debug log filled all the space on the disk. Since
> I remove the log file and restarted Apache the web agent is initializing
> correctly but every request to this Apache is pending infinitely.
>
>  
>
> Removing agent in the apache config file let access to all virtualhost.
> It really seems that the agent is blocking all request and pending it.
>
>  
>
> Apache debug log, agent logs reveal nothing. I tried to install a new
> agent and it did not solve it.
>
>  
>
> Any idea will be appreciated
>
>  
>
> Thanks
>
>  
>
>  
>
> Franck
>
>  
>
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Apache web agent issue

Franck Richard
Hi Bernhard,

Agent 3.3.4 is installed on Apache 2.2 server used also as a reverse proxy for Openam 11.0 and applications. When starting apache initialization seems ok, I can see in debug log that the agent is opening a session successfully in Openam. A site is declared in Openam.

The agent configuration is local.

Even not enforced URLs are pending. It seems that the request never end. Requests are never logged in the acces_log of Apache.

Tcpdump shows that https request is hitting Apache.

With an Openam cookie it is the same and we are in SSO_ONLY mode.

Full debug mode shows that after initialization the agent never try to manage the request the only log I get is sso and policy cache cleaning.

Thanks

Franck

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Bernhard Thalmayr
Sent: mardi 17 janvier 2017 15:08
To: Users
Subject: Re: [OpenAM] Apache web agent issue

Which agent version are you using?

In general the agent initializes/bootstraps when it has to handle the first request.

During bootstrapping the agent tries to obtain an SSOToken for itself from OpenAM.

After this SSOToken is validated the agent receives its (centralized) profile from OpenAM.


Bootstrapping end


Then it inspects the request it has to handle.

If an SSO tracking cookie is present in the request it tries to verify this with OpenAM.

If not configured for SSO_ONLY mode the agent sends a policy decicion request to OpenAM ....

-Bernhard

Am 17/01/17 um 09:44 schrieb Franck Richard:

> Hi,
>
>  
>
> I have a weird issue with an Openam Apache web agent: everything was
> working fine until the debug log filled all the space on the disk.
> Since I remove the log file and restarted Apache the web agent is
> initializing correctly but every request to this Apache is pending infinitely.
>
>  
>
> Removing agent in the apache config file let access to all virtualhost.
> It really seems that the agent is blocking all request and pending it.
>
>  
>
> Apache debug log, agent logs reveal nothing. I tried to install a new
> agent and it did not solve it.
>
>  
>
> Any idea will be appreciated
>
>  
>
> Thanks
>
>  
>
>  
>
> Franck
>
>  
>
>
>
> _______________________________________________
> Visit the OpenAM forum at
> https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Loading...