×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Issue with using openAM/openSSO and wrong FQDN on server

Unanswered Question
Dec 7th, 2011
User Badges:

Hi,


Does anyone made a configuration with SSO and OpenAM.

I did some configuration according to document : oam90-cucm8586-cuc86-sso.pdf

(

A COMPLETE GUIDE FOR

THE INSTALLATION, CONFIGURATION, AND INTEGRATION OF

OPEN ACCESS MANAGER 9.0 WITH

CISCO UNIFIED COMMUNICATIONS MANAGER 8.5/8.6,

CISCO UNITY CONNECTION 8.6, AND ACTIVE

DIRECTORY FOR SINGLE SIGN-ON

)


But it looks like we have choosen the wrong server name when installing/configuring the openSSO software.

The server redirects to the server name instead of the FQDN.

This will cause an error when using 'utils sso enable', because the certificate is incorrect.


Error: Open Access Manager (OpenAM) not configured based on FQDN


I can find it on several places in the configuration, but don't know where to change.

We also removed the software (Java, Tomcat and openAM) but the configuration is still present.

We are using a windows server.

In documentation it says you have to remove the .openssocfg file somewhere but we can't find it.


any hints or help is much appreciated.


kind regards,


Jos de Bruin

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Finnur Eiriksson Fri, 01/18/2013 - 03:11
User Badges:

Hi all


I'm getting the same error, does anyone know what is causing this ?


Regards

Finnur

mathias.fink Fri, 05/31/2013 - 01:43
User Badges:

I got the same problem, trying to solve this by analyzing OpenAM logs and Cicso RTMT logs.

Using OpenAM version 10.1.0.

I found out that in this guide http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/miscellany/oam90-cucm8586-cuc86-sso.pdf the whole FQDN can been seen in the top banner in the OpenAM backend. But in my case only the

hostname is shown. Maybe this the problem...


Installing now a new debian7 with tomcat7 for the OpenAM server. Trying Version 10.2.0.


Please inform me if you have an idea or even found a solution.


Greets

Jason Burns Tue, 06/10/2014 - 20:35
User Badges:
  • Silver, 250 points or more

I had this problem and fixed it. We were absolutely positive that the FQDN configuration on the OpenAM server was correct. Certainly verify that first on your server, but it's not the ONLY thing that throws this error.

Looking at the OpenAM debug logs set at the Message level in the Authentication file, I was able to see numerous failed authentication attempts for the "demo" user when I tried to enable SSO.

We had earlier removed the demo user because it shouldn't be really needed for any production OpenAM deployments.

We were wrong.

I added the demo user back to the OpenDJ embedded database "Access Control > Top Level Realm > Subjects" and then I was able to enable SSO on my CUCM server.

The UserID is "demo" the password is "changeit" and all fields are mandatory, even thought First Name doesn't always have the * that indicates it is mandatory.

 

Hopefully there will be either a documentation defect or a code defect coming out of this recent discovery.

Actions

This Discussion