Command-Line Utilities Issues

• 4079: ssoadm import-svc-cfg command fails when using Directory Server as the configuration data store

• 3955: Unable to execute the ssoadm command

• 2905: jss4.jar entry is missing in the ssoadm classpath

4079: ssoadm import-svc-cfg command fails when using Directory Server as the configuration data store

Sometimes the import-svc-cfg subcommand fails because OpenSSO Enterprise cannot delete nodes in the Service Manager data store. The following scenarios can cause this problem:

1. Configure OpenSSO Enterprise using a remote Sun Java System Directory Server as the configuration data store.

2. Export the service XML file by using the ssoadm export-svc-cfg command.

3. Re-import the service XML data obtained in Step 2 using the ssoadm import-svc-cfg command.

4. When you are asked to delete the existing data, choose yes.

   The following error message is returned: Unexpected LDAP exception occurred.

Workaround. Re-execute the ssoadm import-svc-cfg command until it succeeds.

3955: Unable to execute the ssoadm command

You are unable to execute the ssoadm command with the get-realm due to this exception.

Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed
com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction:
FATAL ERROR: Cannot obtain Application SSO token.
Check AMConfig.properties for the following properties
       com.sun.identity.agents.app.username
       com.iplanet.am.service.password
Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed
com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction:
FATAL ERROR: Cannot obtain Application SSO token.
Check AMConfig.properties for the following properties
       com.sun.identity.agents.app.username
       com.iplanet.am.service.password
AdminTokenAction:  FATAL ERROR: Cannot obtain Application SSO token.
Check AMConfig.properties for the following properties
       com.sun.identity.agents.app.username
       com.iplanet.am.service.password

Check if the amadmin password is different from the directory manager password for the service management data store. If yes, apply the following workaround.

Workaround. Modify the server configuration XML as follows:

1. Log in to the OpenSSO Console as amadmin.

2. Use the ssoadm.jsp get-svrcfg-xml to get the server configuration XML.

3. Use encode.jsp to encode the amadmin password.

4. Set the encoded password in the two places represented by amadmin-password in the XML. For example:

   <User name="User1" type="proxy">
               <DirDN>
                   cn=puser,ou=DSAME Users,dc=opensso,dc=java,dc=net
               </DirDN>
               <DirPassword>
                  amadmin-password
               </DirPassword>
           </User>
           <User name="User2" type="admin">
               <DirDN>
                   cn=dsameuser,ou=DSAME Users,dc=opensso,dc=java,dc=net
               </DirDN>
               <DirPassword>
                  amadmin-password
               </DirPassword>
           </User>
           <BaseDN>
               dc=opensso,dc=java,dc=net
           </BaseDN>
       </ServerGroup>

5. Use the ssoadm.jsp set-svrcfg-xml to set the altered server configuration XML.

2905: jss4.jar entry is missing in the ssoadm classpath

After running the setup script for the ssoadm utility, trying to run ssoadm returns a NoClassDefFoundError error. This problem occurs for an upgraded OpenSSO Enterprise instance.

Workaround. To use JSS, add jss4.jar to the classpath and set the LD_LIBRARY_PATH environment variable. (If you are using the default JCE, jss4.jar is not required to be in the classpath.)