Sailpoint iiq configuration with ms Sql Server

Sailpoint Configuration Steps:

• Create an \idenityiq directory under the Tomcat webapps directory: for example, C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\identityiq
• Unzip the identityiq-7.3.zip file.

Copy iidentityiq.war file to the C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\identityiq

Run below command to extract identityiq.war

jar -xvf C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\identityiq\identityiq.war

• Create the database schema:
• In the command prompt window, change to the C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\identityiq\WEB-INF\bin   directory
• Enter iiq schema to create the schema
• Create the database from the schema
• In the command prompt window, change to the C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\WEB-INF\database   directory
• Log in to SQL Server thru "Sql Server Management Studio" and click on the new query and 
  copy contents from  source create_identityiq_tables.sqlserver
• Run this command to load the schema into SQL Server:

        Check that the database was created by typing  show databases; You should see identityiq listed among the databases (there will be other databases listed; these don't matter for IdentityIQ).

• Type quit to exit SQL Server.
• Navigate to the \tomcat\webapps\identityiq\WEB-INF\bin directory
• Launch the iiq console by running this command:  iiq console
  Allow the console a few moments to launch. The console is running when you see a > symbol in the command prompt.
• In the IdentityIQ console, run this command:  

import init.xml

Import init-lcm.xml

• When the import is complete, type quit to exit from the IdentityIQ console.
• Restart Tomcat Server

Login to Identity IQ at http://localhost:8080/identityiq/ with spadmin/admin credentials

HTTP Status 500 – Internal Server Error, ERROR: Unable to parse product versions for comparison; Current: null war: ForgeRock Access Management 6.5.2 Build 314d553429 (2019-June-17 15:07)

15:47:04.657 SEVERE [http-nio-8080-exec-9] org.apache.catalina.core.StandardWrapperValve.invoke Servlet.service() for servlet [default] in context with path [/openam] threw exception [An error occurred while processing this request. Contact your administrator.] with root cause

        javax.servlet.ServletException: An error occurred while processing this request. Contact your administrator.

                at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:148)

error from Catalina.log

ERROR: Unable to parse product versions for comparison; Current: null war: ForgeRock Access Management 6.5.2 Build 314d553429 (2019-June-17 15:07)

org.forgerock.openam.upgrade.UpgradeException: Unable to parse product versions for comparison. Current: null war: ForgeRock Access Management 6.5.2 Build 314d553429 (2019-June-17 15:07)

HTTP Status 500 – Internal Server Error

---

Type Exception Report

Message An error occurred while processing this request. Contact your administrator.

Description The server encountered an unexpected condition that prevented it from fulfilling the request.

Exception

javax.servlet.ServletException: An error occurred while processing this request. Contact your administrator.

com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:148)

org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:46)

Note The full stack trace of the root cause is available in the server logs.

---

Apache Tomcat/9.0.21

Solution:

unfortunatily the only way to resolve this issues was i have remove openam under webapps and remove .openamcfg under users home directory .openamcfg is hidden file

openam ERROR: Failed to locate IDP Entity ID

  Check to see if EntityID you are sending is correct.   IT should be exactly same as you get from IDP file. Make sure there is no trailing spaces of extra slashes at the end.

Tomcat Manager App error HTTP Status 404 – Not Found /manager/html

HTTP Status 404 – Not Found

---

Type Status Report
Message /manager/html
Description The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.



add the following under

cd ../../conf/Catalina/localhost

vi manager.xml

and add the below lines

<Context privileged="true" antiResourceLocking="false"

         docBase="${catalina.home}/webapps/manager">

    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" />

</Context>

 

RESOLVED AWS configure: error: no acceptable C compiler found in $PATH

run ./configure

got error

configure: error: no acceptable C compiler found in $PATH

searched and find that i need gcc libraries.



When i run  yum install gcc

i got error that i cant reach outside to download the gcc libraries my AWS environment is locked. open the environment and change the file from immutable

to check if your file is immutable run below command. If you see "i" on the left side between ----i---- it means it is immutable

lsattr /etc/resolv.conf

below command will change the file from immutable


chattr -i /etc/resolv.conf

now add nameserver for the machine to reach outside 

vi /etc/resolv.conf
add below line as per your DNS server ip

nameserver yourDNSserverip

now run the command to install gcc libraries

 yum install gcc


Finally run

./configure


and it worked

OpenIDM error org.forgerock.openidm.repo-jdbc [8] FrameworkEvent ERROR org.apache.felix.log.LogException: org.osgi.framework.BundleException: Activator start error in bundle org.forgerock.openidm.repo-jdbc [8]

OpenIDM error:

After installation of OpenIDM when you start the OpenIDM and you get below error:


 Establishing SSL connection without server's identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn't set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to 'false'. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
[15] Aug 28, 2019 1:11:22.573 AM org.forgerock.openidm.config.logging.LogServiceTracker logEntry
SEVERE: Bundle: org.forgerock.openidm.repo-jdbc [8] FrameworkEvent ERROR
org.apache.felix.log.LogException: org.osgi.framework.BundleException: Activator start error in bundle org.forgerock.openidm.repo-jdbc [8].
        at org.apache.felix.framework.Felix.activateBundle(Felix.java:2290)
        at org.apache.felix.framework.Felix.startBundle(Felix.java:2146)
        at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373)
        at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
        at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.felix.log.LogException: com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: Communications link failure


Solution:

You have to disable useSSL

go to your config folder ../../openidm/conf
vi datasource.jdbc-default.json

add &useSSL=false at the end of jdbcUrl

i.e

"jdbcUrl" : "jdbc:mysql://&{openidm.repo.host}:&{openidm.repo.port}/openidm?allowMultiQueries=true&characterEncoding=utf8&useSSL=false"

integrating OpenAM with OpenIDM 500 Internal Server Error: "Invalid token"

I was integrating  integrating OpenAm with OpenIDM in AWS and got below error in OpenIDM logs


Resource exception: 500 Internal Server Error: "Invalid token"
org.forgerock.json.resource.InternalServerErrorException: Invalid token


org.forgerock.openidm.servlet.internal.ServletConnectionFactory$3 lambda$handleRequestWithLogging$8
WARNING: Resource exception: 500 Internal Server Error: "Invalid token"
org.forgerock.json.resource.InternalServerErrorException: Invalid token


Solution:

The only thing i did is i have installed "chrome" instead of "Firefox or "IE"

It resolve my issue and OpenIDM user was able to authenticate with OpenAM.

enabling Debuging at OpenAM

Type below url as per your environment

http://openam.test.com:8080/openam/Debug.jsp

Category   list all the available categories you can select and "Level" that have (Error, Warning, Message)

you can select any category and enable the logging.


here are the configuration files are


../../openamConfig/openam/debug

debug OpenAM SAML Assertion

How do I debug decrypted SAML assertions?


A. When assertions are encrypted, the Federation debug log does not 
contain decrypted assertion details by default. You can enable 
debug logging for unencrypted SAML assertions as follows:



Log into the SP instance of AM/OpenAM as amadmin.
Navigate to: <protocol>://host.fqdn:port/openam/Debug.jsp, for example: http://host1.example.com:8080/openam/Debug.jsp.
Select Federation from the Category field, select Message from the Level field and then click Submit to change the debug level.
Click TURN ON for the Debug encrypted SAML communications option, 
observing the warning that this outputs sensitive data to your logs.
Click Confirm to save these debug settings. The decoded assertion 
XML from the IDP will now be output to the Federation debug log on the 
SP.

AWS Volume Error Invalid value 'instancenumber' for instanceId. Instance does not have a volume attached at root (/dev/sda1)

Error,

Attaching an instance to a volume and getting this error.

Invalid value 'i-instane number' for instanceId. Instance does not have a volume attached at root (/dev/sda1)

Solution:

by default when you attache a volume you get "/dev/sdf"  value in "Device" column

update "Device" value to  "/dev/sda1"

and start the instance. it will work.