Hi team ,
Recently we have upgraded AEM 6.0 to AEM 6.3 , where we have JAAS module configured to generate token for authentication.
Step 1: After starting the server in AEM 6.3 , we get below error when we replicate something.
09.11.2018 07:41:43.424 *WARN* [sling-threadpool-cb90f54b-e9a7-47b5-a011-36ec26f9ae1f-(apache-sling-job-thread-pool)-3-com_day_cq_replication_job_rep-ny-dev-2(com/day/cq/replication/job/rep-ny-dev-2)] org.apache.felix.jaas No JAAS module configured for realm "XXX09.11.2018 07:41:43.425 *ERROR* [sling-threadpool-cb90f54b-e9a7-47b5-a011-36ec26f9ae1f-(apache-sling-job-thread-pool)-3-com_day_cq_replication_job_rep-ny-dev-2(com/day/cq/replication/job/rep-ny-dev-2)] ***.***.*** Failed to generate new token
javax.security.auth.login.LoginException: unable to find LoginModule class: aa.bb.cc
Step 2: Whenever after restart we manually do test connection , than replication start working as if has loaded the login module
Any pointer will be helpful , thanks in Advance.
Just like to share more information so that can be useful to trouble shoot.
In Aem 6.0 , we didn't have any problem with jaas configuration.
We used to place all the bundle in install folder for installation of bundles.
But after upgrade to AEM 6.3 , we have change this approach to package manager for installation.
Below is the log(related to jaas configuration) which appear in AEM 6.3 which wasn't available in AEM 6.0 after starting the server
Views
Replies
Total Likes
Have you tried to set up on a fresh AEM instance (in a dev environment) - this will tell us if this is an upgrade issue
Views
Replies
Total Likes
Thanks for immediate response.
Yes, this behavior is happening in all lower environment.
One more thing like to highlight , in AEM 6.0 we use tomcat server while in AEM 6.3 we used embedded jetty server.
Views
Replies
Total Likes
Hello swapnilg77317184
Does this upgrade involve an Application server for your setup such as JBOSS, weblogic,etc? If yes, you may need to recreate your /etc/key.
1) Log into crx/explorer as admin
2) Click on Content Explorer
3) Go to the node /etc/key and delete it. Click Save All.
4) Stop AEM
5) Go to crx-quickstart directory
I don't believe this to be an issue with JAAS but with the Crypto Support. Can you check if you see any CryptoSupport errors in the logs as well?
Best Regards,
Aneet
Views
Replies
Total Likes
Thanks Aneeta,
Nope we are not using any external Application Server.
I don't think its related to any crypo related because I am not able to see any crypto related error.
Infact it works after doing test connection as token is generated after that.
I suspect something related to sequence of installation or any config may be I am missing which is causing this issue.
Views
Replies
Total Likes
Hi , just like to re frame this issue
We have a login module(a.b.c.LoginModule) class specified in JAAS config. This login module gets invoked from class which implements Transport handler.(Generating token while replicating)
Case 1
When we do test connection or force retry for any content stuck in replication queue, the replication is triggered generating token from Login Module.
Logs
POST /etc/replication/agents.author/agent1/jcr:content.queue.json HTTP/1.1] c.d.c.r.Agent.agent1.queue (ReplicationQueueImpl.java:313) - Processing job for agent agent1
POST /etc/replication/agents.author/agent1/jcr:content.queue.json HTTP/1.1] abc.java - Initializing...
POST /etc/replication/agents.author/agent1/jcr:content.queue.json HTTP/1.1] abc.java - System property loaded
POST /etc/replication/agents.author/agent1/jcr:content.queue.json HTTP/1.1] abc.java - Reading abc.properties
POST /etc/replication/agents.author/agent1/jcr:content.queue.json HTTP/1.1] abc.java - Initialisation complete...
POST /etc/replication/agents.author/agent1/jcr:content.queue.json HTTP/1.1] abc.java - Generated token
Case 2
But if in case i replicate content , the replication is triggered but fail's to generate token with below exception
Log
[sling-threadpool-04717b99-e707-4d0d-9b0d-35f2dd7ae850-(apache-sling-job-thread-pool)-5831-com_day_cq_replication_job_devuat-1(com/day/cq/replication/job/agent1)] c.d.c.r.Agent.agent1.queue (ReplicationQueueImpl.java:313) - Processing job for agent agent1
2019-01-02T09:14:17.876-0500 ERROR [sling-threadpool-04717b99-e707-4d0d-9b0d-35f2dd7ae850-(apache-sling-job-thread-pool)-5831-com_day_cq_replication_job_devuat-1(com/day/cq/replication/job/agent1)] abc.java - Failed to generate new token
javax.security.auth.login.LoginException: unable to find LoginModule class: a.b.c.LoginModule
Seem's 2nd case is not able to find LoginModule but which is not the case with test connection.
Not sure is it authentication.jar(LoginModule) is not properly loaded in OSGI container Or is it any thing triggered from sling thread pool is not referencing Login Module ?
Apologies in case i misguide with my earlier post.Any pointer's are appreciated.
Thanks in Advance.
Views
Replies
Total Likes
Sorry coming late on this. Sharing some more pointer over here
We invoke replication transport handler which connects with login auth module
1 While doing test connection , current thread class loader SlingDynamic class loader which is able to interact login module
2 While replicating content , current thread classloader is ApplicationClassLoader which is not able to trace login module through transport handler. After replacing appclassoader with slingdyanmic classloader , works as expected.
But still not sure why such behavior , would be great if someone can share some pointer on this ? Thanks in Advance
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Like
Replies
Views
Likes
Replies