Task #2211
open
Changing the remote connector server key requires also restarting IdM
90%
Description
Tested on the version 9.7.2
When the key (password) of the remote connector server is changed and you change it in the IdM, then IdM must be restarted. Otherwise, it's somehow "cached" and testing the connector still returns
"org.identityconnectors.framework.common.exceptions.InvalidCredentialException: Remote framework key is invalid".
(No connector pooling is enabled.)
It would be really nice if the restart wasn't needed.
Note: I noted it here: https://wiki.czechidm.com/devel/documentation/adm/systems/connectors/remote_server#connecting_czechidm_to_a_remote_connector_server 5 months ago, but still it took me some time today to find out, where is the problem.
Files
Related issues
Updated by Radek Tomiška about 3 years ago
- Related to Task #2628: Add remote connector server agenda added
Updated by Radek Tomiška about 3 years ago
- Status changed from New to Needs feedback
- Assignee changed from Vít Švanda to Alena Peterová
- Target version set to 10.8.0
- % Done changed from 0 to 90
I tried to reproduce this issue in current develop after new remote agenda is implemented (#2628) and I'm not able to reproduce it.
I tried to find in history some changes with remote server and I hope I found it. Remote server cache is evicted from version 9.7.7:
https://github.com/bcvsolutions/CzechIdMng/commit/e3142239dab33044e7d104305c461b6bd0d924b2#diff-70421825d0a235ed870ea33533a86d21d1f0e0f1ba4056fda0d965a7b73698bd
You reported issue in version 9.7.2. Could you please test this issue with in some newer version >= 9.7.7, please? I hope is ok now.
Updated by Alena Peterová about 3 years ago
- File connector_test_after_changing_key.png connector_test_after_changing_key.png added
- File basic_information_after_changing_key.png basic_information_after_changing_key.png added
- File configuration_after_changing_key.png configuration_after_changing_key.png added
- File test_connector_after_putting_new_key.png test_connector_after_putting_new_key.png added
I tested it on 10.7.2 running on the appliance v. 0.5 with the connector server and the issue is still there.
Just to be sure, please try to click Test connector at least once before you change the connector server key.
- Click "Test connector" - successful.
- Change the key for the connector server
edit /data/volumes/connector-server/secrets/cserver.pwfile
systemctl restart iam-connector-server.service - If you stay on the page Configuration and click "Test connector". Some strange message appears (but this is not important)
- Go to the page Basic information - "Bad password for remote connector server" (this is expected)
- Return to the Configuration - no connector configuration available and "Bad password for remote connector server" (this is expected)
- Go to the page Basic information and save the new key
- Go to the Configuration and click "Test connector". Now I would expect a successful result, but I still get the message "Remote framework key is invalid"
- Restart CzechIdM and click "Test connector" - successful.
Updated by Radek Tomiška about 3 years ago
- Status changed from Needs feedback to New
- Assignee changed from Alena Peterová to Radek Tomiška
Updated by Radek Tomiška about 3 years ago
Changing remote connector server timeout has the same behavior - restart is needed now.