Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2017-07-20

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:46 zuppa joined #openam
01:49 ilbot3 joined #openam
01:49 Topic for #openam is now Chat about the OpenAM project - https://forgerock.github.io - Channel logs at: http://irclog.perlgeek.de/openam/today
04:41 aldaris joined #openam
06:44 aldaris joined #openam
07:22 Shra joined #openam
08:49 FireBurn|Work joined #openam
08:49 FireBurn|Work Good morning
08:49 FireBurn|Work joined #openam
08:51 asyd morning FireBurn|Work
08:52 asyd how is going today? still lot of fun with openam on websphere? )
08:56 FireBurn|Work It's just as much fun on Tomcat :'(
08:56 aldaris what issues are you having with Tomcat?
08:56 FireBurn|Work And running ssoadm with OpenAM on Tomcat is soooo slooooow
08:57 FireBurn|Work Same issues I'm having on WebSphere by the looks of things
08:57 aldaris are you running ssoadm in a VM?
08:57 FireBurn|Work Wanted to rule out the IBM JDK
08:57 FireBurn|Work On the box where OpenAM is running
08:57 aldaris is that a VM?
08:58 FireBurn|Work Yeah VDC
08:58 FireBurn|Work 4 CPU's 8GB memory
08:58 aldaris it's possible that your VM is running out of entropy then..
08:58 FireBurn|Work And that makes ssoadm slow?
08:58 aldaris yes
08:59 FireBurn|Work Is there a way to fix that? Make it use a non-blocking source
08:59 aldaris force the JVM to use /dev/urandom
09:00 asyd try to install haveged also
09:01 aldaris -Djava.security.egd=file:/dev/urandom
09:01 aldaris edit the ssoadm script file and add this JVM property to the command
09:01 aldaris actually, -Djava.security.egd=file:/dev/./urandom
09:02 aldaris from https://stackoverflow.com/questions/137212/how-to-solve-performance-problem-with-java-securerandom
09:04 FireBurn|Work Done, lets see if that's any faster
09:12 FireBurn|Work It isn't going any faster
09:13 aldaris do you have a site configured?
09:14 FireBurn|Work Yes, it's all scripted but when it gets to running the ssoadm commands to do the individual config changes it's slow as hell
09:14 FireBurn|Work Much faster on websphere
09:14 aldaris https://bugster.forgerock.org/jira/browse/OPENAM-9685 ?
09:14 FireBurn|Work Ah hangon
09:14 FireBurn|Work I added jaxp-ri-1.4.5.jar to get it working well on WebSphere, it's still added in Tomcat
09:15 FireBurn|Work Should I get rid of that jar and try again?
09:15 aldaris that JAR shouldn't be necessary if you aren't using IBM JDK AFAIK
09:15 FireBurn|Work But would it cause a slow down?
09:15 aldaris OPENAM-9685 would
09:18 FireBurn|Work I'm running 11.0.3, that bug says it only affects 13+
09:18 aldaris it probably affects older versions as well
09:18 aldaris we don't always investigate how long an issue goes back
09:20 FireBurn|Work I'll try adding the --nolog command
09:25 FireBurn|Work Still dog slow
09:25 FireBurn|Work The commit doesn't cleanly cherry-pick either
09:26 aldaris then run jstacks to see what the JVM is doing for so long
09:41 FireBurn|Work https://pastebin.com/r7ch6bx8
09:54 FireBurn|Work OK ssoadm slowness asside
09:54 aldaris yepp, ssoadm was waiting for entropy
09:55 aldaris how did you configure the JVM property?
09:55 FireBurn|Work I've pointed my tomcat instance to ldap, I've set up an agent that's a reverse proxy to a site that uses the cookies provided by OpenAM to log the user on
09:56 FireBurn|Work securerandom.source=file:/dev/urandom
09:57 FireBurn|Work When I login with agent 3.3.4 it authenticatess but takes me to the websphere openam login page, if I go back to the reverse proxy, it logs on
09:58 FireBurn|Work With agent 4.1.0 it seems to authenticate but I get a chome "page not working" ERR_CONTENT_LENGTH_MISMATCH
10:00 FireBurn|Work No sorry it also takes me to the websphere login page but when I go back to the reverse proxy it gives me the page not working
10:02 FireBurn|Work Here's the agent log https://pastebin.com/wxM0sDxf
10:05 FireBurn|Work My apache error log has messages like this: [Thu Jul 20 11:03:43.563837 2017] [proxy_http:error] [pid 3515:tid 139799306434304] (104)Connection reset by peer: [client 10.99.93.34:61986] AH01110: error reading response
10:23 aldaris java issues are more fun :)ú
10:28 FireBurn|Work But openam issues are driving me mad
10:28 aldaris but I can help with those :)
10:28 FireBurn|Work And I won't be using tomcat, I was using it to see if the issue lay in the IBM JDK
10:29 FireBurn|Work The site I'm reverse proxying to is owned by another company, they're less than helpful and wont show me the code for their site
10:47 FireBurn|Work Did you take a look at that agent log?
10:48 aldaris no, I don't have to work with agents any more, my knowledge is outdated
10:50 FireBurn|Work Is there any support for the CE edition or is that only avaialble to folk with support contracts?
10:50 aldaris CE editions don't have support subscriptions, the best you have is the mailing list / forum / github issues
11:55 FireBurn|Work Hmm
11:56 FireBurn|Work I've set "SetEnv force-proxy-request-1.0 1" and that got WebAgent 4.1.0 working :D
11:57 aldaris joined #openam
12:25 aldaris joined #openam
12:59 zuppa joined #openam
13:23 Shra hi all. who can help with openig source code compilation? Could not transfer artifact org.forgerock.openam:sharedlib:pom:10.0.2. where can i find it for solve dependency?
13:28 MegaMatt Shra - Connect with FireBurn
13:29 Shra FireBurn|Work: can your help me please?
13:29 Shra MegaMatt: thanks
13:33 Shra MegaMatt: I need help with openidm source code compilation also. who can help me with it?
13:33 FireBurn|Work Hi Shra, what version of OpenAM are you building?
13:34 Shra FireBurn|Work: i try to build openig from https://github.com/OpenRock/OpenIG
13:34 Shra master branch
13:35 FireBurn|Work I've never used OpenIG before, I've got lots of experience with banging my head against the wall getting OpenAM to work however
13:35 aldaris I think you should build the community edition of openig, you may have better luck with that: https://github.com/ForgeRock/openig-community-edition
13:36 Shra aldaris: which difference between these repos?
13:36 MegaMatt sorry I read OpenAM
13:36 MegaMatt And he wrote OpenIG
13:36 MegaMatt oops
13:37 aldaris the difference is that the community edition is meant to work
13:37 aldaris it is an older version, but should compile just fine
13:38 aldaris the openrock repository is not affiliated with ForgeRock
13:59 Shra aldaris: as i see,  https://github.com/OpenRock is a mirror of https://stash.forgerock.org/projects
14:00 aldaris correct
14:00 Shra aldaris: why https://github.com/ForgeRock but not https://stash.forgerock.org/projects?
14:00 aldaris the community editions of the products are under the ForgeRock github organization
14:01 aldaris stash.forgerock.org stores the previously open source versions
14:05 Shra aldaris: is stash are previously version of github.com/forgerock? as i can see, stash has openam 13  while github.com/forgerock have 11
14:06 aldaris I could try to explain this, or just point you at https://stackoverflow.com/a/27949320/1310016
14:18 Shra aldaris: I've read the link but not understand how the versions in the github repo relates to the latest stable versions of the Open* products at the time the license was changed. Why openam 13 has become openam community 11
14:20 aldaris pretty much everybody is thinking the same thing
14:21 aldaris if you follow the link to the forum post, then you can find others being puzzled by this
15:10 Shra FireBurn|Work: now i try to build master branch of https://github.com/ForgeRock/openig-community-edition. the log present here: https://pastebin.com/rS9nvU48
15:15 Shra aldaris:  could you also look my link with logs above?
15:17 Shra what i need to do to solve these errors?
15:18 aldaris I'm confused, why are you trying to compile openam now?
15:20 aldaris btw the errors pasted were caused by JDK8, 11.0.3 is only compatible with JDK7
15:39 Shra JDK7? ok :(
15:41 Shra aldaris: as i see, this is truelly for openidm and opendj also. openig was compiled succefully.
16:01 FireBurn|Work aldaris: Is configuration replication enabled automatically in OpenAM 11.0.3?
16:01 FireBurn|Work I normally configire the first server then set the others to use that as part of a site
16:25 aldaris joined #openam
22:58 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary