Skip to content

ampassword is unusable #306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
anja98 opened this issue Sep 5, 2020 · 5 comments · Fixed by #354
Closed

ampassword is unusable #306

anja98 opened this issue Sep 5, 2020 · 5 comments · Fixed by #354
Assignees
@vharseko

Comments

@anja98
Copy link

anja98 commented Sep 5, 2020
edited
Loading

Describe the bug
Unable to execute ampassword from ssoadmintools. As a result, its not possible to perform the following:

  • generate new certificate
  • change default keystore password

To Reproduce
Steps to reproduce the behavior:

$ ./ampassword
./ampassword: 36: ./ampassword: Bad substitution

$ echo "${unix.setup.classpath}"
bash: ${unix.setup.classpath}: bad substitution

Expected behavior
ampassword should execute as usual

Screenshots
If applicable, add screenshots to help explain your problem.

Server :

  • Host OS: Ubuntu 18.04.4 LTS
  • OpenAM: 14.5.1 docker image from docker hub
@anja98
Copy link
Author

anja98 commented Sep 23, 2020
edited
Loading

Workaround:
Manually enter the required JARs.

#CLASSPATH="$CLASSPATH:${unix.setup.classpath}"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/resources"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.openam.openam-core-14.5.1.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.openam.openam-shared-14.5.1.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.commons.util-2.0.7-SNAPSHOT.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/com.fasterxml.jackson.core.jackson-databind-2.10.3.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/com.fasterxml.jackson.core.jackson-core-2.10.3.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/com.fasterxml.jackson.core.jackson-annotations-2.10.3.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/commons-lang.commons-lang-2.6.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/com.google.guava.guava-28.1-android.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/joda-time.joda-time-2.10.5.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.opendj.opendj-core-4.4.6-SNAPSHOT.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.commons.i18n-framework.core-2.0.7-SNAPSHOT.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.commons.i18n-framework.slf4j-2.0.7-SNAPSHOT.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.slf4j.slf4j-api-1.7.30.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.slf4j.slf4j-nop-1.7.30.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.opendj.opendj-server-legacy-4.4.6-SNAPSHOT.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.opendj.opendj-config-4.4.6-SNAPSHOT.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.opendj.opendj-cli-4.4.6-SNAPSHOT.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.openam.openam-ldap-utils-14.5.1.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.openam.openam-audit-context-14.5.1.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.openam.openam-audit-configuration-14.5.1.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.commons.http-framework.core-2.0.7-SNAPSHOT.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.opendj.opendj-core-4.4.6-SNAPSHOT.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.openidentityplatform.opendj.opendj-grizzly-4.4.6-SNAPSHOT.jar"
CLASSPATH="$CLASSPATH:$TOOLS_HOME/lib/org.glassfish.grizzly.grizzly-framework-2.4.4.jar"

@LoganBarnett
Copy link

Related to #245. The build-classpath goal was providing unix.setup.classpath.

@anja98 thanks for posting a workaround!

@vharseko vharseko self-assigned this Oct 1, 2020
@bagnos
Copy link
Contributor

bagnos commented Feb 8, 2021

I get this error when I execute this command:

./ampassword --encrypt keypass.cleartext

ERROR: created internalAppSSOToken:UERlb0NMQ3dkTU5mSVNzY0N2TFMxQT09MTYxMjc4MTYyOTU3Mw==, authInitialized: false, SystemProperties.isServerMode(): false, SystemProperties.get(AMADMIN_MODE): true

Did you have this issue?

@michewl michewl mentioned this issue Mar 16, 2021
Merged
@michewl
Copy link
Contributor

michewl commented Mar 16, 2021

I came across the same bad substitution error and had to fix it in my project.

I opened a pull request with the changes

vharseko pushed a commit that referenced this issue Mar 17, 2021
@michewl
Fix bad substition error in scripts (#354)
47a78a8 
Implemented as seen in 6e167be.

Fixes: #306
@michewl
Copy link
Contributor

michewl commented Mar 18, 2021

On a side note:
Encrypting .storepass does not seem to work. This will result in the following exception:

com.sun.identity.common.configuration.ConfigurationException: Configuration store is not available.
	com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:119)
	org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)

Reason being probably that the configuration store password is saved inside the keystore since the switch to JCEKS.

With encrypted .keypass OpenAM starts just fine but I belive it may cause some errors later as it is also saved in clear text during migration as seen in the references.

References:

@snyk-bot snyk-bot mentioned this issue Apr 7, 2022
Open
@ekmixon ekmixon mentioned this issue Jun 29, 2022
Open
@ekmixon ekmixon mentioned this issue Nov 28, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vharseko vharseko

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix bad substition error in scripts
5 participants
@LoganBarnett @anja98 @michewl @bagnos @vharseko