20150715 openam sso tools cannot obtain application sso token - plembo/onemoretech GitHub Wiki

title: OpenAM SSO Tools: Cannot obtain Application SSO token link: https://onemoretech.wordpress.com/2015/07/15/openam-sso-tools-cannot-obtain-application-sso-token/ author: phil2nc description: post_id: 9926 created: 2015/07/15 13:50:13 created_gmt: 2015/07/15 17:50:13 comment_status: closed post_name: openam-sso-tools-cannot-obtain-application-sso-token status: publish post_type: post

OpenAM SSO Tools: Cannot obtain Application SSO token

This is a common, repeatable, error you'll experience after setting up a new site for an existing OpenAM server that already has the SSO Tools installed. Solution follows. See my previous article on setting up OpenAM's SSO Tools, as updated for OpenAM 12, here. This is the full error message: [code language="bash" gutter="false"] [tomcat@test1 ~]$ ssoadm list-servers -u amadmin \ -f etc/pwd.txt Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token. Check AMConfig.properties for the following properties com.sun.identity.agents.app.username com.iplanet.am.service.password Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed [/code] OpenAM lead Peter Major of ForgeRock provides the solution in this forum post: Issue with ssoadm tool after setting up OpenAM site Peter's answer refers back to the OpenAM CLI Overview section of the product documentation. The fix is to insert a line in the ssoadm script file that maps the site to the backend server uri. Here's the change in context, where my site is called "sso.example.com" and the SSO Tools are installed under /usr/share/tomcat/openam/tools (where ssoadm will be located at /usr/share/tomcat/openam/tools/openam/bin/ssoadm): [code language="bash" firstline="66" highlight="67"] -D"com.sun.identity.idm.remote.notification.enabled=false" \ -D"com.iplanet.am.naming.map.site.to.server=https://sso.example.com:443/openam=http://localhost:8080/openam" \ com.sun.identity.cli.CommandManager "$@" [/code] The line numbers are from the version of ssoadm that ships with OpenAM 12. I used "localhost" for the backend server host name for maximum portability.