┌サーバ────────────┐ ┌クライアント───┐ │ │ │ │ │OpenAM 9.5.3 --(ajp)-- Apache ----(HTTPS)---- Apache │ │ (mod_proxy)│ │ (WebAgent) │ └───────────────┘ └─────────┘
2012-03-25 12:22:27.056 Error 4317:7f8bf2a7a820 all: Unable to open local audit file: '/opt/web_agents/apache22_agent/Agent_003/logs/audit /amAgent_app_gp1_example_com_80.log', errno = 13 2012-03-25 12:22:27.056 -1 4317:7f8bf2a7a820 all: ======================================= 2012-03-25 12:22:27.056 -1 4317:7f8bf2a7a820 all: Version: 3.0-04 ER 2 2012-03-25 12:22:27.056 -1 4317:7f8bf2a7a820 all: 2012-03-25 12:22:27.056 -1 4317:7f8bf2a7a820 all: Build Date: Sat Mar 24 00:04:53 GMT 2012 2012-03-25 12:22:27.056 -1 4317:7f8bf2a7a820 all: Build Machine: constable.internal.forgerock.com 2012-03-25 12:22:27.056 -1 4317:7f8bf2a7a820 all: ======================================= 2012-03-25 12:22:27.075 -1 4317:7f8bf2a7a820 all: Validating naming URL [https://sso.gp1.example.com:443/openam/namingservice]... 2012-03-25 12:22:27.075 -1 4317:7f8bf2a7a820 all: URL values: protocol: https host: sso.gp1.example.com port 443 path: /openam/namingservice query: URL: https://sso.gp1.example.com:443/openam/namingservice 2012-03-25 12:22:27.130 Error 4317:7f8bf2b58070 all: URL [https://sso.gp1.example.com:443/openam/namingservice] validation failed with error [-1] [Sun Mar 25 12:22:27 2012] [crit] Failed to initialize policy web agent Configuration Failed
# curl "https://sso.gp1.example.com:443/openam/namingservice" --insecure OpenSSO
[~] # head -10 /usr/sbin/apachectl #!/bin/sh NSS_STRICT_NOFORK=DISABLED export NSS_STRICT_NOFORK NSS_STRICT_SHUTDOWN="" export NSS_STRICT_SHUTDOWN # # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright ownership.
Either the way the agent initializes NSS has to be changed or ,as NSS 3.12.9 has again changed the behaviour, bundle this version instead. どちらかの方法で agent が NSS をイニシャライズする方法を変更しなければならない。 NSS 3.12.9 で振る舞いが変わったので、(OpenAM の WebAgentに) このバージョンを 代わりにバンドルするようにしてちょうだいな