问题
amAuthContext:02/12/2014 04:58:20:946 下午 CST: Thread[main,5,main]
ERROR: Failed to obtain auth service url from server: null://null:null
I found it in "C:\tomcat_v6_agent\Agent_001\logs\debug"
And I'm sure the url that can read and visit,
Hers is the setting in OpenSSOAgentConfiguration.properties
com.iplanet.am.server.protocol=http
com.iplanet.am.server.host=gordon.demo.com
com.iplanet.am.server.port=8080
It already setup in my dns config.
Now I can't start my app tomcat , but openam was in another tomcat which is fine to work. Env is app tomcat in test.demo.com port 8086 openam tomcat in gordon.demo.com port 8080
And log in tomcat is like that
org.apache.tomcat.util.digester.Digester startElement
SEVERE: Begin event threw error
java.lang.StackOverflowError
at java.lang.String.indexOf(String.java:1698)
at java.net.URLStreamHandler.parseURL(URLStreamHandler.java:272)
at sun.net.www.protocol.file.Handler.parseURL(Handler.java:67)
at java.net.URL.<init>(URL.java:614)
at java.net.URL.<init>(URL.java:482)
at sun.misc.URLClassPath$FileLoader.getResource(URLClassPath.java:1034)
at sun.misc.URLClassPath$FileLoader.findResource(URLClassPath.java:1024)
at sun.misc.URLClassPath.findResource(URLClassPath.java:172)
at java.net.URLClassLoader$2.run(URLClassLoader.java:551)
at java.net.URLClassLoader$2.run(URLClassLoader.java:549)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findResource(URLClassLoader.java:548)
at java.lang.ClassLoader.getResource(ClassLoader.java:1138)
at java.net.URLClassLoader.getResourceAsStream(URLClassLoader.java:227)
at javax.xml.parsers.SecuritySupport$4.run(SecuritySupport.java:94)
at java.security.AccessController.doPrivileged(Native Method)
at javax.xml.parsers.SecuritySupport.getResourceAsStream(SecuritySupport.java:87)
at javax.xml.parsers.FactoryFinder.findJarServiceProvider(FactoryFinder.java:275)
at javax.xml.parsers.FactoryFinder.find(FactoryFinder.java:247)
at javax.xml.parsers.DocumentBuilderFactory.newInstance(DocumentBuilderFactory.java:121)
at org.forgerock.util.xml.XMLUtils.getSafeDocumentBuilder(XMLUtils.java:52)
at com.sun.identity.shared.xml.XMLUtils.getSafeDocumentBuilder(XMLUtils.java:901)
at com.sun.identity.shared.xml.XMLUtils.toDOMDocument(XMLUtils.java:168)
at com.sun.identity.shared.xml.XMLUtils.toDOMDocument(XMLUtils.java:146)
at com.iplanet.services.comm.share.ResponseSetParser.<init>(ResponseSetParser.java:49)
at com.iplanet.services.comm.share.ResponseSet.parseXML(ResponseSet.java:118)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:214)
at com.iplanet.services.comm.client.PLLClient.send(PLLClient.java:95)
at com.iplanet.services.naming.WebtopNaming.getNamingTable(WebtopNaming.java:1156)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:1192)
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:1109)
at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:696)
at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:621)
at com.iplanet.services.naming.WebtopNaming.updatePlatformServerIDs(WebtopNaming.java:1302)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:1226)
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:1109)
at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:696)
at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:621)
at com.iplanet.services.naming.WebtopNaming.updatePlatformServerIDs(WebtopNaming.java:1302)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:1226)
at com.iplanet.services.naming.WebtopNaming.getNamingProfile(WebtopNaming.java:1109)
at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:696)
at com.iplanet.services.naming.WebtopNaming.getServerID(WebtopNaming.java:621)
at com.iplanet.services.naming.WebtopNaming.updatePlatformServerIDs(WebtopNaming.java:1302)
at com.iplanet.services.naming.WebtopNaming.updateNamingTable(WebtopNaming.java:1226)
at
at .........
at com.iplanet.services.naming.WebtopNaming.updatePlatformServerIDs(WebtopNaming.java:1302)
回答1:
You don't have to set
com.iplanet.am.server.protocol=http
com.iplanet.am.server.host=gordon.demo.com
com.iplanet.am.server.port=8080
'ERROR: Failed to obtain auth service url from server: null://null:null'
is not a real error, the AuthContext API used by the agent to obtain an application token will fallback to use OpenAM's naming service.
Set debug level to 'message' in OpenSSOAgentBootstrap.property, it should give you a clue what's failing and why.
回答2:
I came across this post looking for solutions to the same error.
In my case the issue was the Java 1.6 does not handle the bigger encryption keys. I patched the JVM to use Bouncy Castle.
In the java.security I set them as number 2, instead of "sun.security.rsa.SunRsaSign".
See https://www.bouncycastle.org/specifications.html#install
The provider can also be configured as part of your environment via static registration by adding an entry to the java.security properties file (found in $JAVA_HOME/jre/lib/security/java.security, where $JAVA_HOME is the location of your JDK/JRE distribution). You'll find detailed instructions in the file but basically it comes down to adding a line:
security.provider.N=org.bouncycastle.jce.provider.BouncyCastleProviderWhere N is the preference you want the provider at (1 being the most prefered).
Where you put the jar is up to mostly up to you, although with jdk1.3 and jdk1.4 the best (and in some cases only) place to have it is in $JAVA_HOME/jre/lib/ext. Note: under Windows there will normally be a JRE and a JDK install of Java if you think you have installed it correctly and it still doesn't work chances are you have added the provider to the installation not being used.
Note: with JDK 1.4 and later you will need to have installed the unrestricted policy files to take full advantage of the provider. If you do not install the policy files you are likely to get something like the following:
java.lang.SecurityException: Unsupported keysize or algorithm parameters at javax.crypto.Cipher.init(DashoA6275)The policy files can be found at the same place you downloaded the JDK.
来源:https://stackoverflow.com/questions/21723466/openam-agent-for-tomcat-can-not-read-authservice-url