Access Manager 4.5 Service Pack 2 (4.5.2) adds support for Apache Tomcat 8.5.51. This version adds a secret required attribute to the Apache JServ Protocol (AJP) Connector. For fresh Access Manager installations, this string is specified in the server.xml file as secret= "namnetiq" by default. You do not need to make any change to server.xml in this regard.
However, the Tomcat service might not get loaded if you upgrade an existing Access Manager setup to 4.5.2 and Tomcat to version 8.5.51. You might see the following error in the Tomcat catalina.log file:
SEVERE [main] org.apache.catalina.core.StandardService.startInternal Failed to start connector [Connector[AJP/1.3-8009]]
org.apache.catalina.LifecycleException: Protocol handler start failed
Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid.
'
To workaround this issue, after upgrading Tomcat to version 8.5.51, perform the following steps:
Open the server.xml file. This file is located in the following path:
Linux: /opt/novell/nam/mag/conf/server.xml
Add the secret required attribute. Set it to true by specifying a a non-null or non-zero length string.
NOTE:The value of this secret required attribute must be same in server.xml files of each component.
For example:
Embedded Service Provider configuration:
Linux: /opt/novell/nam/mag/conf/server.xml
/opt/novell/nam/mag/conf/server.xml <Connector port="9009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" address="127.0.0.1" minSpareThreads="25" maxThreads="600" backlog="0" connectionTimeout="20000" packetSize="65536" maxPostSize="65536" secret="namnetiq" />^M
Access Manager Appliance:
Linux: /opt/novell/nam/idp/conf/server.xml
/opt/novell/nam/idp/conf/server.xml -->^M <Connector port="9019" enableLookups="false" secure="true" scheme="https" protocol="com.novell.nam.tomcat.ajp.NAMAjpNIOProtocol" address="127.0.0.1" minSpareThreads="25" maxThreads="600" backlog="0" connectionTimeout="20000" packetSize="65536" maxPostSize="2097152" secret="namnetiq" />^M
Save the file and restart the Apache Tomcat Service.
The following are examples of Apache vhost.d/*snippets:
Path: /opt/novell/nam/mag/webapps/agm/WEB-INF/config/apache2/vhosts.d/NAM-Service.conf
ProxyPass /AGLogout ajp://127.0.0.1:9009/nesp/app/plogout secret=namnetiq
ProxyPass /nidp/nidpsecure ajp://127.0.0.1:9019/nidp secret=namnetiq
ProxyPass /nidp ajp://127.0.0.1:9019/nidp secret=namnetiq
ProxyPass /nesp ajp://127.0.0.1:9009/nesp secret=namnetiq
Embedded Service Provider configuration:
Path: /opt/novell/nam/mag/webapps/agm/WEB-INF/config/apache2/vhosts.d/soapbc.conf
ProxyPass /AGLogout ajp://127.0.0.1:9009/nesp/app/plogout secret=namnetiq ProxyPass /nesp ajp://127.0.0.1:9009/nesp secret=namnetiq