x509.CertAndKeyGen is not found in JVM at OpenAM initial configuration

Question

In the combination of OSX Mavericks, OpenAM 10.1.0, Tomcat8 and JDK8, OpenAM initial GUI configuration doesn't success, resulting in an error:

[Click] [error] handleException: java.lang.RuntimeException: Error occurred invoking public method: public boolean com.sun.identity.config.wizard.Wizard.createConfig() at org.apache.click.util.ClickUtils.invokeMethod(ClickUtils.java:3335) at org.apache.click.util.ClickUtils.invokeListener(ClickUtils.java:2088) at org.apache.click.control.AbstractControl$1.onAction(AbstractControl.java:228) at org.apache.click.ActionEventDispatcher.fireActionEvent(ActionEventDispatcher.java:259) at org.apache.click.ActionEventDispatcher.fireActionEvents(ActionEventDispatcher.java:236) at org.apache.click.ActionEventDispatcher.fireActionEvents(ActionEventDispatcher.java:180) at org.apache.click.ClickServlet.performOnProcess(ClickServlet.java:746) at org.apache.click.ClickServlet.processAjaxPageEvents(ClickServlet.java:1860) at org.apache.click.ClickServlet.processPage(ClickServlet.java:559) at org.apache.click.ClickServlet.handleRequest(ClickServlet.java:383) at org.apache.click.ClickServlet.doGet(ClickServlet.java:276) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:99) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:861) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:606) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.ExceptionInInitializerError: A security class cannot be found in this JVM because of the following reason: sun.security.x509.CertAndKeyGen at org.opends.server.util.Platform$PlatformIMPL.(Platform.java:127) at org.opends.server.util.Platform.(Platform.java:80) at org.opends.server.util.CertificateManager.generateSelfSignedCertificate(CertificateManager.java:283) at org.opends.server.admin.AdministrationConnector.createSelfSignedCertifIfNeeded(AdministrationConnector.java:698) at org.opends.server.admin.AdministrationConnector.initializeAdministrationConnector(AdministrationConnector.java:181) at org.opends.server.core.ConnectionHandlerConfigManager.initializeAdministrationConnectorConfig(ConnectionHandlerConfigManager.java:350) at org.opends.server.core.DirectoryServer.initializeAdministrationConnector(DirectoryServer.java:2898) at org.opends.server.core.DirectoryServer.startServer(DirectoryServer.java:1401) at org.opends.server.util.EmbeddedUtils.startServer(EmbeddedUtils.java:88) at com.sun.identity.setup.EmbeddedOpenDS.startServer(EmbeddedOpenDS.java:545) at com.sun.identity.setup.EmbeddedOpenDS.setup(EmbeddedOpenDS.java:364) at com.sun.identity.setup.AMSetupServlet.setupEmbeddedDS(AMSetupServlet.java:813) at com.sun.identity.setup.AMSetupServlet.setupSMDatastore(AMSetupServlet.java:869) at com.sun.identity.setup.AMSetupServlet.configure(AMSetupServlet.java:945) at com.sun.identity.setup.AMSetupServlet.processRequest(AMSetupServlet.java:628) at com.sun.identity.config.wizard.Wizard.createConfig(Wizard.java:294) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.apache.click.util.ClickUtils.invokeMethod(ClickUtils.java:3317) ... 30 more

I also changed JDK to 7 or Tomcat to 7, it was useless.

A security class cannot be found in this JVM because of the following reason: sun.security.x509.CertAndKeyGen

I know JBoss seems to be fixed for this error, but I'm at a loss how to get over under my environment.

Answer 1

The CertAndKeyGen class issue is actually OPENDJ-1142, which happens when the configurator tries to set up the embedded OpenDJ (which does not support JDK8 yet). Even then, OpenAM does not run yet on JDK8 (doesn't even compile at the moment - mainly because of OPENAM-141), so you will certainly need to use JDK7 and a container that runs fine on JDK7.

The JDK7 and Tomcat 7 setup is actually supported, so you may want to provide more info on why that installation attempt failed and how.

Answer 2

We need to prepare jboss for openam deployments, by adding following contents to jboss-deployment-structure.xml:

<exclude-subsystems>
      <subsystem name="jaxrs" />
      <subsystem name="webservices" />
    </exclude-subsystems>

    <dependencies>
        <module name="sun.jdk" >
            <imports>
                <exclude-set>
                    <path name="com/sun/org/apache/xml/internal/security/transforms/implementations"/>
                </exclude-set>
            </imports>
        </module>
      <system>
        <paths>
          <path name="sun/security/x509" />
          <path name="com/sun/org/apache/xpath/internal" />
          <path name="com/sun/org/apache/xerces/internal/dom" />
          <path name="com/sun/org/apache/xml/internal/utils" />
        </paths>
      </system>
    </dependencies>