Symantec Access Management

 View Only
Expand all | Collapse all

SiteMinder r12.8 sp03 to sp04 upgrade and AdoptOpenJDK

  • 1.  SiteMinder r12.8 sp03 to sp04 upgrade and AdoptOpenJDK

    Posted Jun 26, 2020 05:20 PM
    Edited by Richard J Faust Jun 26, 2020 05:31 PM
    Ref:  CA Siteminder- AdoptOpenJDK

    I've upgraded two SiteMinder policy servers and the policy store from r12.8 sp03 to sp04 in my lab environment, comprised of two CentOS 7.8 VMs.  At sp03, my two WAMUIs worked fine with Oracle JDK 1.8.0_251, were protected by a web agent and also used an external user directory for administrative authentication.

    Other than this typical error:

    Error CA Single Sign-On Administrative Console (Version 12.80.0300.2138) mismatches the Policy Server (Version 12.80.0400.2278)

    ... the WAMUI still at sp03 seems to be able to manage r12.8 sp04 objects with no issues, though I'll admit I have not done extensive testing.

    I used the root account to upgrade the other WAMUI to sp04.  The two log files created by the upgrade indicated no errors, but the WAMUI won't run.  I checked the release notes, known issues, installation and upgrade instructions, etc. so see if I had overlooked anything but nothing has jumped out at me.  The server.log file contains several errors and I don't know what to do about them:

    2020-06-25 13:29:44,287 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "messaging-activemq"),
    ("server" => "default")
    ]) - failure description: {
    "WFLYCTL0412: Required services that are not installed:" => ["jboss.http-upgrade-registry.default"],
    "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.messaging-activemq.default is missing [jboss.http-upgrade-registry.default]"]
    }
    2020-06-25 13:29:44,287 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "undertow"),
    ("server" => "default-server"),
    ("http-listener" => "default")
    ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.undertow.listener.default" => "WFLYUT0082: Could not start 'default' listener.
    Caused by: java.net.SocketException: Protocol family unavailable"}}
    2020-06-25 13:29:44,288 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([
    ("subsystem" => "undertow"),
    ("server" => "default-server"),
    ("https-listener" => "https")
    ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.undertow.listener.https" => "WFLYUT0082: Could not start 'https' listener.
    Caused by: java.net.SocketException: Protocol family unavailable"}}
    2020-06-25 13:29:44,292 INFO [org.jboss.as.server] (ServerService Thread Pool -- 28) WFLYSRV0010: Deployed "castylesr5.1.1.ear" (runtime-name : "castylesr5.1.1.ear")
    2020-06-25 13:29:44,293 INFO [org.jboss.as.server] (ServerService Thread Pool -- 28) WFLYSRV0010: Deployed "iam_siteminder.ear" (runtime-name : "iam_siteminder.ear")
    2020-06-25 13:29:44,295 INFO [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0183: Service status report
    WFLYCTL0184: New missing/unsatisfied dependencies:
    service jboss.http-upgrade-registry.default (missing) dependents: [service jboss.messaging-activemq.default]
    WFLYCTL0186: Services which failed to start: service org.wildfly.undertow.listener.https: WFLYUT0082: Could not start 'https' listener.
    service org.wildfly.undertow.listener.default: WFLYUT0082: Could not start 'default' listener.
    WFLYCTL0448: 5 additional services are down due to their dependencies being missing or failed
    2020-06-25 13:29:44,329 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
    2020-06-25 13:29:44,331 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
    2020-06-25 13:29:44,331 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990
    2020-06-25 13:29:44,331 ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: WildFly Full 15.0.1.Final (WildFly Core 7.0.0.Final) started (with errors) in 7068ms - Started 338 of 609 services (15 services failed or missing dependencies, 355 services are lazy, passive or on-demand)

    So, several questions:

    • I reviewed the latest Platform Support Matrix, which says AdoptOpenJDK is required for 12.8.03 (not true based on my experience noted earlier), and I assume that's supposed to be true for 12.8.04, too.  I thought I read somewhere that you may still use Oracle JDK for non-production environments such as my lab.  Still, I thought I would try AdoptOpenJDK since support for it is documented and it's more likely that's what I will find at customer sites.  Anyone have a similar experience with WAMUI upgrade to 12.8.04 giving them problems and solved it by migrating from Oracle JDK to AdoptOpenJDK?
    • I went to the AdoptOpenJDK site to download the latest release.  That site offers AdoptOpenJDK 8 (LTS) and you need to choose either the HotSpot or OpenJ9 JVM.  The Platform Support Matrix doesn't specify which JVM to use.  Any recommendations or discussion regarding which is best to use?  And what is the meaning of (LTS) in some but not all of the AdoptOpenJDK versions?
    • Has anyone gotten the WAMUI for 12.8.04 to work with Oracle JDK?
    Suggestions appreciated, particularly if you can point to something specific in the documentation I may have overlooked.

    ------------------------------
    Sr. Services Consultant
    HCL Technologies
    ------------------------------


  • 2.  RE: SiteMinder r12.8 sp03 to sp04 upgrade and AdoptOpenJDK

    Posted Jun 26, 2020 05:29 PM
    Edited by Richard J Faust Jun 26, 2020 05:29 PM
    Let me answer some of my own questions.  I hovered over the "Help me choose" link on the AdoptOpenJDK download site and learned the following:

    • LTS means "Long Term Support". These versions have a longer support timeframe. Suitable for enterprise customers.
    • HotSpot is the VM from the OpenJDK community. It is the most widely used VM today and is used in Oracle's JDK. It is suitable for all workloads.
    • Eclipse OpenJ9 is the VM from the Eclipse community. It is an enterprise-grade VM designed for low memory footprint and fast start-up and is used in IBM's JDK. It is suitable for running all workloads.

    Since both JVMs are "suitable for running all workloads", I'm still wondering if product management, service consultants, or Broadcom Support have a preference for one or the other and why.


    ------------------------------
    Sr. Services Consultant
    HCL Technologies
    ------------------------------



  • 3.  RE: SiteMinder r12.8 sp03 to sp04 upgrade and AdoptOpenJDK

    Posted Jun 26, 2020 06:10 PM
    More findings... well, golly, the WAMUI uses the version of AdoptOpenJDK that comes when the product is installed (distilled):

    [root@smps05 log]# ps -ef | grep adminui
    UID PID PPID C STIME TTY TIME CMD
    smuser 29690 29620 0 Jun25 ? 00:03:53 /apps/CA/siteminder/adminui/runtime/bin/java -D[Standalone] -server -Xms1024m -Xmx1024m -XX:MaxPermSize=768m -Dcom.sun.jersey.server.impl.cdi.lookupExtensionInBeanManager=true -Djavax.net.ssl.keyStore=/apps/CA/siteminder/adminui/standalone/configuration/keyStore.jks -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.trustStore=/apps/CA/siteminder/adminui/standalone/configuration/trustStore.jks -Djavax.net.ssl.trustStoreType=jks -Dorg.jboss.boot.log.file=/apps/CA/siteminder/adminui/standalone/log/server.log -Dlogging.configuration=file:/apps/CA/siteminder/adminui/standalone/configuration/logging.properties -jar /apps/CA/siteminder/adminui/jboss-modules.jar -mp /apps/CA/siteminder/adminui/modules org.jboss.as.standalone -Djboss.home.dir=/apps/CA/siteminder/adminui -Djboss.server.base.dir=/apps/CA/siteminder/adminui/standalone -c standalone-full.xml -b 0.0.0.0 -Dnete.j2ee.vendor=jboss -Djboss.as.management.blocking.timeout=900
    [root@smps05 log]# /apps/CA/siteminder/adminui/runtime/bin/java -version
    openjdk version "1.8.0_212"
    OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b04)
    OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b04, mixed mode)
    [root@smps05 log]#

    Still looking for an understanding of why my WAMUI upgrade to sp04 indicated no errors in the log file but throws errors and won't run on startup.

    ------------------------------
    Sr. Services Consultant
    HCL Technologies
    ------------------------------



  • 4.  RE: SiteMinder r12.8 sp03 to sp04 upgrade and AdoptOpenJDK

    Broadcom Employee
    Posted Jun 29, 2020 02:19 AM
    Hi Richard,

    At first place, Policy Server and AdminUI should be independent from
    installation, which means that you should not run AdminUI with the
    same user you run Policy Server, and AdminUI should not have sourced
    the Policy Server environment variables neither.

    More, it's out of support to run Policy Server 12.8SP3 or 12.8SP4 with
    Oracle JDK. You do need to run them with AdoptOpenJDK to have a
    supported environment.

    You can use OpenJDK 8 (LTS) and HotSpot. This applies to CA Access
    Gateway (SPS) too :

    SPS upgrade to 12.8 SP03
    https://knowledge.broadcom.com/external/article?articleId=190579

    LTS means Long Term Supported :

    Support

    In addition, every three years one feature release will be
    designated as the Long Term Supported (LTS) release.

    https://adoptopenjdk.net/releases.html?variant=openjdk8&jvmVariant=hotspot

    I hope this helps,

    Best Regards,
    Patrick


  • 5.  RE: SiteMinder r12.8 sp03 to sp04 upgrade and AdoptOpenJDK

    Posted Jun 30, 2020 04:19 PM
    Thanks for your reply, Patrick. It raises a number of questions for me, so let's get to them:

    1) "At first place, Policy Server and AdminUI should be independent from installation, which means that you should not run AdminUI with the same user you run Policy Server, and AdminUI should not have sourced the Policy Server environment variables neither."
    a) I've never noticed the AdminUI and policy server should run under different usernames, which I have done successfully on many systems, both dev and prod, all the way through r12.8 sp03. Is that documented somewhere and I've not noticed it?
    b) Same with policy server environment variables: I've run AdminUI and policy server from the same account with no issues all the way through r12.8 sp03. I assume 'smuser' stays with the policy server. Any best practices regarding what username to create or use for the AdminUI?

    2) "More, it's out of support to run Policy Server 12.8SP3 or 12.8SP4 with Oracle JDK. You do need to run them with AdoptOpenJDK to have a supported environment."
    a) I have run Oracle JDK without issue with a number of r12.8 sp03 systems. In fact, I thought I saw in the release notes a while back that it's OK to use Oracle JDK, but only on non-production systems or if you've purchased a license and/or support from Oracle. Is AdoptOpenJDK now a hard requirement regardless of whether or not you have purchased a license/support from Oracle?

    3) You can use OpenJDK 8 (LTS) and HotSpot. This applies to CA Access Gateway (SPS) too.

    a) I installed AdoptOpenJDK on a Windows 2012R2 policy server with co-located WAMUI and both r12.8 sp04 components work fine.
    b) On Linux, is there a difference between the version of OpenJDK that gets installed by Red Hat/CentOS and the version embedded with the WAMUI? I ask because the embedded Java specifically mentions AdoptOpenJDK while the O/S version does not:

    [root@smps05 ~]# /apps/CA/siteminder/adminui/runtime/bin/java -version  #embedded JDK
    openjdk version "1.8.0_212"
    OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b04)
    OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b04, mixed mode)

    [root@smps05 ~]# /usr/bin/java -version  # O/S JDK
    openjdk version "1.8.0_252"
    OpenJDK Runtime Environment (build 1.8.0_252-b09)
    OpenJDK 64-Bit Server VM (build 25.252-b09, mixed mode)
    [root@smps05 ~]#

    I want to be clear on this to know whether I may use the "native" JDK on Linux or I need to download and install one of the VMs from AdoptOpenJDK.

    Thanks!
    ​​

    ------------------------------
    Sr. Services Consultant
    HCL Technologies
    ------------------------------



  • 6.  RE: SiteMinder r12.8 sp03 to sp04 upgrade and AdoptOpenJDK

    Broadcom Employee
    Posted Jul 01, 2020 07:02 AM
    Hi Richard,

    First of all, don't confuse between "it works" and "it's
    supported". Even if it works, it might not be supported.

    So said, to answer questions :

    1. As per documentation, AdminUI must be independent from Policy
    Server. This means that user should be different and it shouldn't
    have the same environment variables among the others.

    SiteMinder Administrative UI

    (Required) The SiteMinder Administrative UI (Administrative UI) is a
    web–based administration console that is installed independent of
    the Policy Server.

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/getting-started/components-and-stores.html

    2. AdoptOpenJDK is a requirement for Policy Server 12.8SP3 and Policy
    Server 12.8SP4 as per Support Matrix :

    Symantec SiteMinder (previously CA Single Sign-On) 12.8

    Review this section carefully. The Java support has been changed as
    of the release of 12.8.03.

    The following table lists the Java Virtual Machine (JVM) support
    requirements for release 12.8.03.

    AdoptOpenJDK 1.8.212 (or later updates on 1.8.x) 64 bit

    p.8
    https://ftpdocs.broadcom.com/phpdocs/7/5262/5262-12-8-platform-support-matrix.pdf

    3. As per 2. and support matrix, you should use AdoptOpenJDK and not
    the one delivered by RedHat.

    I hope this helps,

    Best Regards,
    Patrick


  • 7.  RE: SiteMinder r12.8 sp03 to sp04 upgrade and AdoptOpenJDK

    Posted Jul 07, 2020 07:04 PM
    Edited by Richard J Faust Jul 08, 2020 09:17 AM

    Patrick,

    Thanks for your responses.  I followed your suggestions and still can't get the WAMUI to run on a Linux system.  Let's take another run through the questions.

    1. As per documentation, AdminUI must be independent from Policy Server. This means that user should be different and it shouldn't have the same environment variables among the others.

    SiteMinder Administrative UI

    (Required) The SiteMinder Administrative UI (Administrative UI) is a web–based administration console that is installed independent of the Policy Server.

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/getting-started/components-and-stores.html

    I've got a problem with both the documentation and your advice on this topic.  The passage you quote from the documentation is in the section "Getting Started > Components and Stores > SiteMinder Administrative UI".  I think it would be reasonable at this overview stage of the documentation to interpret "installed independent" to mean "the policy server and the WAMUI come as different installation binaries that must be installed separately."  You've ascribed the very specific guidance that the policy server and the WAMUI should be different and not use the same environment variables "among others", the last bit suggesting other requirements that are unknown to me.

    I've carefully reviewed both of the following portions of the 12.8 documentation:

    • Installing > Install the Administrative UI > Install the Administrative UI on Linux (stand-alone)
    • Upgrading > In-place upgrade > Upgrade an Administrative UI > Upgrade the Administrative UI on UNIX

    Neither of the above sections makes any mention of a requirement that the policy server and WAMUI usernames and environment variables should be unique to each.  In my view, and if these and other requirements must be fulfilled, they should be specifically called out in the installation and upgrade sections rather than relying on an ambiguous reference to "independent" in the overview section.

    Still, I followed your guidance by taking the following steps:

    • On a Linux VM where only the WAMUI is run, I modified .profile for the 'smuser' account to ensure no references to environment variable scripts associated with legacy installations of a policy server and access gateway. The environment variables for 'smuser' are now about as generic as I can get them:

      $ echo $PATH
      /usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin
      $ echo $LD_LIBRARY_PATH

      $
    • Verified the WAMUI is using AdoptOpenJDK:

      $ ps -ef | grep adminui
      smuser 20109 18980  0 17:21 pts/1    00:00:00 grep --color=auto adminui
      smuser   30063     1  0 11:07 ?        00:00:00 /bin/sh /apps/CA/siteminder/adminui/bin/standalone.sh
      smuser   30131 30063  0 11:07 ?        00:00:59 /apps/CA/siteminder/adminui/runtime/bin/java -D[Standalone] -server -Xms1024m -Xmx1024m -XX:MaxPermSize=768m -Dcom.sun.jersey.server.impl.cdi.lookupExtensionInBeanManager=true -Djavax.net.ssl.keyStore=/apps/CA/siteminder/adminui/standalone/configuration/keyStore.jks -Djavax.net.ssl.keyStoreType=jks -Djavax.net.ssl.trustStore=/apps/CA/siteminder/adminui/standalone/configuration/trustStore.jks -Djavax.net.ssl.trustStoreType=jks -Dorg.jboss.boot.log.file=/apps/CA/siteminder/adminui/standalone/log/server.log -Dlogging.configuration=file:/apps/CA/siteminder/adminui/standalone/configuration/logging.properties -jar /apps/CA/siteminder/adminui/jboss-modules.jar -mp /apps/CA/siteminder/adminui/modules org.jboss.as.standalone -Djboss.home.dir=/apps/CA/siteminder/adminui -Djboss.server.base.dir=/apps/CA/siteminder/adminui/standalone -c standalone-full.xml -b 0.0.0.0 -Dnete.j2ee.vendor=jboss -Djboss.as.management.blocking.timeout=900
      $ /apps/CA/siteminder/adminui/runtime/bin/java -version
      openjdk version "1.8.0_212"
      OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b04)
      OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b04, mixed mode)
      $
    • Stopped and restarted the r12.8 sp03 WAMUI application server, logged into the UI and verified it was functioning properly.
    • Stopped the r12.8 sp03 WAMUI application server.
    • Upgraded the pre-req portion of the WAMUI to r12.8 sp04. No errors reported: " The required third-party components for the Administrative UI have been successfully installed to:
      /apps/CA/siteminder/adminui"
    • Upgraded the WAMUI to r12.8 sp04. No errors reported: " Administrative Console has been successfully installed."
    • These errors are thrown on startup and written to server.log:

    2020-07-07 11:07:24,970 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-7) MSC000001: Failed to start service org.wildfly.undertow.listener.default: org.jboss.msc.service.StartException in service org.wildfly.undertow.listener.default: WFLYUT0082: Could not start 'default' listener.

          at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:211)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1738)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1700)

          at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1558)

          at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

          at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)

          at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)

          at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)

          at java.lang.Thread.run(Thread.java:748)

    Caused by: java.net.SocketException: Protocol family unavailable

          at sun.nio.ch.Net.bind0(Native Method)

          at sun.nio.ch.Net.bind(Net.java:433)

          at sun.nio.ch.Net.bind(Net.java:425)

          at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)

          at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)

          at org.xnio.nio.NioXnioWorker.createTcpConnectionServer(NioXnioWorker.java:178)

          at org.xnio.XnioWorker.createStreamConnectionServer(XnioWorker.java:303)

          at org.wildfly.extension.undertow.HttpListenerService.startListening(HttpListenerService.java:106)

          at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:199)

          ... 8 more

     

    2020-07-07 11:07:25,693 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service org.wildfly.undertow.listener.https: org.jboss.msc.service.StartException in service org.wildfly.undertow.listener.https: WFLYUT0082: Could not start 'https' listener.

          at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:211)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1738)

          at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1700)

          at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1558)

          at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

          at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)

          at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)

          at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1364)

          at java.lang.Thread.run(Thread.java:748)

    Caused by: java.net.SocketException: Protocol family unavailable

          at sun.nio.ch.Net.bind0(Native Method)

          at sun.nio.ch.Net.bind(Net.java:433)

          at sun.nio.ch.Net.bind(Net.java:425)

          at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)

          at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)

          at org.xnio.nio.NioXnioWorker.createTcpConnectionServer(NioXnioWorker.java:178)

          at org.xnio.XnioWorker.createStreamConnectionServer(XnioWorker.java:303)

          at io.undertow.protocols.ssl.UndertowXnioSsl.createSslConnectionServer(UndertowXnioSsl.java:357)

          at org.wildfly.extension.undertow.HttpsListenerService.startListening(HttpsListenerService.java:143)

          at org.wildfly.extension.undertow.ListenerService.start(ListenerService.java:199)

          ... 8 more

    NOTE:  I'd lke to get HTTP working before I start worrying about HTTPS.

    About 35 warning messages such as this in server.log:

    2020-07-07 11:07:29,077 WARN  [org.jboss.as.server.deployment] (MSC service thread 1-2) WFLYSRV0059: Class Path entry jaxb-xjc-2.3.1.jar in /apps/CA/siteminder/adminui/standalone/deployments/iam_siteminder.ear/library/cacommons.jar  does not point to a valid jar for a Class-Path reference.

    Lastly, these errors appear near the end of server.log immediately after standalone.sh has finished running:

    2020-07-07 11:07:30,845 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([

        ("subsystem" => "undertow"),

        ("server" => "default-server"),

        ("http-listener" => "default")

    ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.undertow.listener.default" => "WFLYUT0082: Could not start 'default' listener.

        Caused by: java.net.SocketException: Protocol family unavailable"}}

    2020-07-07 11:07:30,846 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([

        ("subsystem" => "undertow"),

        ("server" => "default-server"),

        ("https-listener" => "https")

    ]) - failure description: {"WFLYCTL0080: Failed services" => {"org.wildfly.undertow.listener.https" => "WFLYUT0082: Could not start 'https' listener.

        Caused by: java.net.SocketException: Protocol family unavailable"}}

    2020-07-07 11:07:30,847 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([

        ("subsystem" => "messaging-activemq"),

        ("server" => "default")

    ]) - failure description: {

        "WFLYCTL0412: Required services that are not installed:" => ["jboss.http-upgrade-registry.default"],

        "WFLYCTL0180: Services with missing/unavailable dependencies" => ["jboss.messaging-activemq.default is missing [jboss.http-upgrade-registry.default]"]

    }

    2020-07-07 11:07:30,852 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 28) WFLYSRV0010: Deployed "castylesr5.1.1.ear" (runtime-name : "castylesr5.1.1.ear")

    2020-07-07 11:07:30,852 INFO  [org.jboss.as.server] (ServerService Thread Pool -- 28) WFLYSRV0010: Deployed "iam_siteminder.ear" (runtime-name : "iam_siteminder.ear")

    2020-07-07 11:07:30,854 INFO  [org.jboss.as.controller] (Controller Boot Thread) WFLYCTL0183: Service status report

    WFLYCTL0184:    New missing/unsatisfied dependencies:

          service jboss.http-upgrade-registry.default (missing) dependents: [service jboss.messaging-activemq.default]

    WFLYCTL0186:   Services which failed to start:      service org.wildfly.undertow.listener.https: WFLYUT0082: Could not start 'https' listener.

          service org.wildfly.undertow.listener.default: WFLYUT0082: Could not start 'default' listener.

    WFLYCTL0448: 5 additional services are down due to their dependencies being missing or failed

    2020-07-07 11:07:30,893 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server

    2020-07-07 11:07:30,895 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management

    2020-07-07 11:07:30,895 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990

    2020-07-07 11:07:30,895 ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: WildFly Full 15.0.1.Final (WildFly Core 7.0.0.Final) started (with errors) in 8556ms - Started 338 of 609 services (15 services failed or missing dependencies, 355 services are lazy, passive or on-demand)

     

    My understanding of the WAMUI installation is that it's supposed to be a self-contained deployment of an embedded application server.  Since both the pre-req and WAMUI kits both announced no errors, I'm left with the conclusion there is a flaw in one or both of the installation kits, the documentation is lacking one or more key prerequisites or required steps, I'm incompetent, or some combination thereof.

    1. AdoptOpenJDK is a requirement for Policy Server 12.8SP3 and Policy Server 12.8SP4 as per Support Matrix :

      Symantec SiteMinder (previously CA Single Sign-On) 12.8

      Review this section carefully. The Java support has been changed as of the release of 12.8.03.

      The following table lists the Java Virtual Machine (JVM) support requirements for release 12.8.03.

      AdoptOpenJDK 1.8.212 (or later updates on 1.8.x) 64 bit

      p.8
      https://ftpdocs.broadcom.com/phpdocs/7/5262/5262-12-8-platform-support-matrix.pdf

    I would find it helpful if the PSM were amended to state "The following table lists the Java Virtual Machine (JVM) support requirements for release 12.8.03 and higher."

    1. As per 2. and support matrix, you should use AdoptOpenJDK and not the one delivered by RedHat.

    Done.

    I've attached the full text of my installation adventure from the console using the 'script' command.  Is this too much detail for communities and it would be more appropriate for me to log a support case?

     



    ------------------------------
    Sr. Services Consultant
    HCL Technologies
    ------------------------------



  • 8.  RE: SiteMinder r12.8 sp03 to sp04 upgrade and AdoptOpenJDK

    Posted Jul 08, 2020 09:21 AM
      |   view attached
    Here's the installation log and startup output I promised in my post from yesterday but neglected to attach.

    ------------------------------
    Sr. Services Consultant
    HCL Technologies
    ------------------------------



  • 9.  RE: SiteMinder r12.8 sp03 to sp04 upgrade and AdoptOpenJDK

    Posted Aug 04, 2020 01:08 PM
      |   view attached
    Here are screen shots from an upgrade on Windows.

    ------------------------------
    Sr. Services Consultant
    HCL Technologies
    ------------------------------



  • 10.  RE: SiteMinder r12.8 sp03 to sp04 upgrade and AdoptOpenJDK

    Posted Sep 13, 2020 11:51 PM
    After some experimentation, I learned that the WAMUI will no longer start using the SystemD script that worked with r12.8 sp03:  systemctl start wamui.  I disabled that script and currently run the default startup script interactively as shown below to start the WAMUI with r12.8 sp04:

    /apps/CA/siteminder/adminui/bin/standalone.sh >/dev/null 2>/dev/null &

    I'll create a new post if I can figure out what it takes to start the WAMUI with SystemD.


    ------------------------------
    Sr. Services Consultant
    MIRIMAR Consulting
    ------------------------------