Sometimes the import-svc-cfg subcommand fails because OpenSSO Enterprise cannot delete nodes in the Service Manager data store. The following scenarios can cause this problem:
Configure OpenSSO Enterprise using a remote Sun Java System Directory Server as the configuration data store.
Export the service XML file by using the ssoadm export-svc-cfg command.
Re-import the service XML data obtained in Step 2 using the ssoadm import-svc-cfg command.
When you are asked to delete the existing data, choose yes.
The following error message is returned: Unexpected LDAP exception occurred.
Workaround. Re-execute the ssoadm import-svc-cfg command until it succeeds.
You are unable to execute the ssoadm command with the get-realm due to this exception.
Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token. Check AMConfig.properties for the following properties com.sun.identity.agents.app.username com.iplanet.am.service.password Logging configuration class "com.sun.identity.log.s1is.LogConfigReader" failed com.sun.identity.security.AMSecurityPropertiesException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token. Check AMConfig.properties for the following properties com.sun.identity.agents.app.username com.iplanet.am.service.password AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token. Check AMConfig.properties for the following properties com.sun.identity.agents.app.username com.iplanet.am.service.password
Check if the amadmin password is different from the directory manager password for the service management data store. If yes, apply the following workaround.
Workaround. Modify the server configuration XML as follows:
Log in to the OpenSSO Console as amadmin.
Use the ssoadm.jsp get-svrcfg-xml to get the server configuration XML.
Use encode.jsp to encode the amadmin password.
Set the encoded password in the two places represented by amadmin-password in the XML. For example:
<User name="User1" type="proxy"> <DirDN> cn=puser,ou=DSAME Users,dc=opensso,dc=java,dc=net </DirDN> <DirPassword> amadmin-password </DirPassword> </User> <User name="User2" type="admin"> <DirDN> cn=dsameuser,ou=DSAME Users,dc=opensso,dc=java,dc=net </DirDN> <DirPassword> amadmin-password </DirPassword> </User> <BaseDN> dc=opensso,dc=java,dc=net </BaseDN> </ServerGroup>
Use the ssoadm.jsp set-svrcfg-xml to set the altered server configuration XML.
After running the setup script for the ssoadm utility, trying to run ssoadm returns a NoClassDefFoundError error. This problem occurs for an upgraded OpenSSO Enterprise instance.
Workaround. To use JSS, add jss4.jar to the classpath and set the LD_LIBRARY_PATH environment variable. (If you are using the default JCE, jss4.jar is not required to be in the classpath.)