Realm uses AgentRepo instead of DJLDAPv3Repo

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Realm uses AgentRepo instead of DJLDAPv3Repo

Ana Pereyra
Hello, everybody. We are working with two different realms with the same configuration: they both use an authentication module DataStore and the DataStore is LDAP.

When we try to authenticate using REST api, one of the realms works successfully and with the other one of the realms we get an authentication error. The two IdRepo logs are quite different. We have marked in bolt the differences.

The one that belongs to the working realm says:

IdServicesImpl.authenticate: AuthN to org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo in org: o=tuid,ou=services,dc=openam,dc=forgerock,dc=org
DJLDAPv3Repo:07/12/2016 05:04:09:064 PM GMT-03:00: Thread[http-/0.0.0.0:8080-6,5,main]: TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
authenticate invoked
amIdm:07/12/2016 05:04:09:074 PM GMT-03:00: Thread[http-/0.0.0.0:8080-6,5,main]: TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
IdServicesImpl.authenticate: AuthN success for org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo
amIdm:07/12/2016 05:04:09:075 PM GMT-03:00: Thread[http-/0.0.0.0:8080-6,5,main]: TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
IdCachedServicesImpl.getAttributes(): id=mbesozzi,ou=user,o=tuid,ou=services,dc=openam,dc=forgerock,dc=org complete attribute set NOT found in cache. Getting from DS.
amIdm:07/12/2016 05:04:09:075 PM GMT-03:00: Thread[http-/0.0.0.0:8080-6,5,main]: TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
IdRepoPluginsCache.getIdRepoPlugins for OrgName: o=tuid,ou=services,dc=openam,dc=forgerock,dc=org Op: Operation: read Type: IdType: user
DJLDAPv3Repo:07/12/2016 05:04:09:075 PM GMT-03:00: Thread[http-/0.0.0.0:8080-6,5,main]: TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
getAttributes invoked
DJLDAPv3Repo:07/12/2016 05:04:09:075 PM GMT-03:00: Thread[http-/0.0.0.0:8080-6,5,main]: TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
getAttributes2 invoked
DJLDAPv3Repo:07/12/2016 05:04:09:079 PM GMT-03:00: Thread[http-/0.0.0.0:8080-6,5,main]: TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
getAttributes returning attrMap: {cn=[mbesozzi], mail=[[hidden email]], givenName=[Martin], sn=[Besozzi]}

The one that fails says:

IdServicesImpl.authenticate: called for org: o=tuid,ou=services,dc=openam,dc=forgerock,dc=org
amIdm:07/12/2016 05:06:08:997 PM ART: Thread[http-/10.75.72.65:8080-5,5,main]: TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
IdRepoPluginsCache.getIdRepoPlugins orgName: o=tuid,ou=services,dc=openam,dc=forgerock,dc=org
amIdm:07/12/2016 05:06:08:997 PM ART: Thread[http-/10.75.72.65:8080-5,5,main]: TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
IdServicesImpl.authenticate: AuthN to com.sun.identity.idm.plugins.internal.AgentsRepo in org: o=tuid,ou=services,dc=openam,dc=forgerock,dc=org
amAgentsRepo:07/12/2016 05:06:08:997 PM ART: Thread[http-/10.75.72.65:8080-5,5,main]: TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
AgentsRepo.authenticate() called
amAgentsRepo:07/12/2016 05:06:08:998 PM ART: Thread[http-/10.75.72.65:8080-5,5,main]: TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
AgentsRepo.authenticate() username: BOI584545
amAgentsRepo:07/12/2016 05:06:08:998 PM ART: Thread[http-/10.75.72.65:8080-5,5,main]: TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
AgentsRepo.authenticate() passwd present
amAgentsRepo:07/12/2016 05:06:08:998 PM ART: Thread[http-/10.75.72.65:8080-5,5,main]: TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
AgentsRepo.getAttributes() with attrNames called: IdType: agent: BOI584545
amAgentsRepo:07/12/2016 05:06:08:998 PM ART: Thread[http-/10.75.72.65:8080-5,5,main]: TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
AgentsRepo.getAttributes() called: IdType: agent: BOI584545
amAgentsRepo:07/12/2016 05:06:08:999 PM ART: Thread[http-/10.75.72.65:8080-5,5,main]: TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
AgentsRepo.getOrgConfig() called.
amAgentsRepo:07/12/2016 05:06:08:999 PM ART: Thread[http-/10.75.72.65:8080-5,5,main]: TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
AgentsRepo.getOrgConfig() called.
amAgentsRepo:07/12/2016 05:06:08:999 PM ART: Thread[http-/10.75.72.65:8080-5,5,main]: TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
AgentsRepo.getAgentAttrs() called: svcConfig=AgentService; agentName=BOI584545; type=IdType: agent
amAgentsRepo:07/12/2016 05:06:09:001 PM ART: Thread[http-/10.75.72.65:8080-5,5,main]: TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
WARNING: AgentsRepo.getAttributes(): Unable to read/get agent attributes IdRepoException: Identity BOI584545 of type agent not found.
Message:Identity BOI584545 of type agent not found.

Do you have any idea why the second realm is going for the AgentRepo service or why it sees the type as agent instead of user? Thanks is advance. 

_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Realm uses AgentRepo instead of DJLDAPv3Repo

Bernhard Thalmayr
OpenAM will always use all identity reposistories configured plus some
hidden ones like the AgentRepo or SpecialRepo.


It's most likely not an issue with those special ones but with the
configuration of the user data store. I guess it's related to the 'user
search attribute'.

-Bernhard

Am 12/07/16 um 22:49 schrieb Ana Pereyra:

> Hello, everybody. We are working with two different realms with the same
> configuration: they both use an authentication module DataStore and the
> DataStore is LDAP.
>
> When we try to authenticate using REST api, one of the realms works
> successfully and with the other one of the realms we get an
> authentication error. The two IdRepo logs are quite different. We have
> marked in bolt the differences.
>
> The one that belongs to the working realm says:
>
> IdServicesImpl.authenticate: AuthN to
> org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo in org:
> o=tuid,ou=services,dc=openam,dc=forgerock,dc=org
> DJLDAPv3Repo:07/12/2016 05:04:09:064 PM GMT-03:00:
> Thread[http-/0.0.0.0:8080-6,5,main]:
> TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
> authenticate invoked
> amIdm:07/12/2016 05:04:09:074 PM GMT-03:00:
> Thread[http-/0.0.0.0:8080-6,5,main]:
> TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
> IdServicesImpl.authenticate: AuthN success for
> *org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo*
> amIdm:07/12/2016 05:04:09:075 PM GMT-03:00:
> Thread[http-/0.0.0.0:8080-6,5,main]:
> TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
> IdCachedServicesImpl.getAttributes():
> id=mbesozzi,ou=user,o=tuid,ou=services,dc=openam,dc=forgerock,dc=org
> complete attribute set NOT found in cache. Getting from DS.
> amIdm:07/12/2016 05:04:09:075 PM GMT-03:00:
> Thread[http-/0.0.0.0:8080-6,5,main]:
> TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
> IdRepoPluginsCache.getIdRepoPlugins for OrgName:
> o=tuid,ou=services,dc=openam,dc=forgerock,dc=org Op: Operation: read
> Type: *IdType: user*
> DJLDAPv3Repo:07/12/2016 05:04:09:075 PM GMT-03:00:
> Thread[http-/0.0.0.0:8080-6,5,main]:
> TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
> getAttributes invoked
> DJLDAPv3Repo:07/12/2016 05:04:09:075 PM GMT-03:00:
> Thread[http-/0.0.0.0:8080-6,5,main]:
> TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
> getAttributes2 invoked
> DJLDAPv3Repo:07/12/2016 05:04:09:079 PM GMT-03:00:
> Thread[http-/0.0.0.0:8080-6,5,main]:
> TransactionId[06d80c34-2b1c-4db0-b89e-f56bcaa5890c-816]
> getAttributes returning attrMap: {cn=[mbesozzi],
> mail=[[hidden email] <mailto:[hidden email]>],
> givenName=[Martin], sn=[Besozzi]}
>
> The one that fails says:
>
> IdServicesImpl.authenticate: called for org:
> o=tuid,ou=services,dc=openam,dc=forgerock,dc=org
> amIdm:07/12/2016 05:06:08:997 PM ART:
> Thread[http-/10.75.72.65:8080-5,5,main]:
> TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
> IdRepoPluginsCache.getIdRepoPlugins orgName:
> o=tuid,ou=services,dc=openam,dc=forgerock,dc=org
> amIdm:07/12/2016 05:06:08:997 PM ART:
> Thread[http-/10.75.72.65:8080-5,5,main]:
> TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
> IdServicesImpl.authenticate: AuthN to
> *com.sun.identity.idm.plugins.internal.AgentsRepo* in org:
> o=tuid,ou=services,dc=openam,dc=forgerock,dc=org
> amAgentsRepo:07/12/2016 05:06:08:997 PM ART:
> Thread[http-/10.75.72.65:8080-5,5,main]:
> TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
> AgentsRepo.authenticate() called
> amAgentsRepo:07/12/2016 05:06:08:998 PM ART:
> Thread[http-/10.75.72.65:8080-5,5,main]:
> TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
> AgentsRepo.authenticate() username: BOI584545
> amAgentsRepo:07/12/2016 05:06:08:998 PM ART:
> Thread[http-/10.75.72.65:8080-5,5,main]:
> TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
> AgentsRepo.authenticate() passwd present
> amAgentsRepo:07/12/2016 05:06:08:998 PM ART:
> Thread[http-/10.75.72.65:8080-5,5,main]:
> TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
> AgentsRepo.getAttributes() with attrNames called: IdType: agent: BOI584545
> amAgentsRepo:07/12/2016 05:06:08:998 PM ART:
> Thread[http-/10.75.72.65:8080-5,5,main]:
> TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
> AgentsRepo.getAttributes() called: IdType: agent: BOI584545
> amAgentsRepo:07/12/2016 05:06:08:999 PM ART:
> Thread[http-/10.75.72.65:8080-5,5,main]:
> TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
> AgentsRepo.getOrgConfig() called.
> amAgentsRepo:07/12/2016 05:06:08:999 PM ART:
> Thread[http-/10.75.72.65:8080-5,5,main]:
> TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
> AgentsRepo.getOrgConfig() called.
> amAgentsRepo:07/12/2016 05:06:08:999 PM ART:
> Thread[http-/10.75.72.65:8080-5,5,main]:
> TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
> AgentsRepo.getAgentAttrs() called: svcConfig=AgentService;
> agentName=BOI584545;*type=IdType: agent*
> amAgentsRepo:07/12/2016 05:06:09:001 PM ART:
> Thread[http-/10.75.72.65:8080-5,5,main]:
> TransactionId[b67bfd8c-b60a-4e08-a3b4-8ed74bf9c3e7-1535]
> WARNING: AgentsRepo.getAttributes(): Unable to read/get agent attributes
> IdRepoException: Identity BOI584545 of type agent not found.
> Message:Identity BOI584545 of type agent not found.
>
> Do you have any idea why the second realm is going for the AgentRepo
> service or why it sees the type as agent instead of user? Thanks is
> advance.
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Loading...