Openam realm creation using ssoadm - set-realm-svc-attrs failing

StackOverflow https://stackoverflow.com/questions/7269229

  •  18-01-2021
  •  | 
  •  

Question

I am attempting to create a new realm within openam using the ssoadm tool from the command line and am unable to complete the operation. The problem is that I cannot cannot configure the "Organization Authentication Configuration" and "Administrator Authentication Configuration" (displayed in the UI in the Authentication tab) to point to my new authentication chain. From seaches in the documentation I find that this is to be achieved using the set-realm-svc-attrs command of ssoadm specifying 

-e myRealm -s iPlanetAMAuthService  -a iplanet-am-auth-admin-auth-module=myChain

and

-e myRealm -s iPlanetAMAuthService  -a iplanet-am-auth-org-config=myChain

However, when i execute the command I get the following error

No plug-ins configured for this operation
com.sun.identity.cli.CLIException: No plug-ins configured for this operation

What am i doing wrong?

This leaves the realm in a state where i have to go in via the admin console, navigate to the Authentication tab of the new Realm and click save in order to activate the realm. When this not done an error message of "No configuration found" is displayed when i attempt to access the realm login page.

Was it helpful?

Solution

Due to some strange design decisions, certain ssoadm commands/console settings may require the presence of a Data Store configuration. The "No plug-ins configured for this operation" message actually means, that OpenAM tried to use the IdRepo (Data Store) API to perform a given operation and there may or may not were Data Store configurations within the realm, but none of them did actually support the given operation with the given identity type (see LDAPv3 Plug-in Supported Types and Operations setting in LDAP Data Stores as an example)

A probably very much related issue on this would be: https://bugster.forgerock.org/jira/browse/OPENAM-1323

OTHER TIPS

You could use following command to configure the "Organization Authentication Configuration":-

ssoadm add-svc-attrs -e <YourRealm>  -s iPlanetAMAuthService -u amAdmin \
       -f <password file location for amAdmin>  \
       -a iplanet-am-auth-org-config=<Your Auth Chain>

In the same manner you could configure "Administrator Authentication Configuration" .

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top