Error provisioning identity with ssoadm

[rkolp]

Describe the bug
error provisioning identity with ssoadmin tools

To Reproduce
Steps to reproduce the behavior:

1. use docker to stand up openAM docker run -h openam-01.domain.com -p 8080:8080 --name openam-01 openidentityplatform/openam
2. Navigate to http://localhost:8080/openam
3. Click create default configuration and enter required passwords and wait for configuration to complete.
4. Create a bash session to docker container docker exec -it openam-01 bash
5. Install ssoadmin tools cd /usr/openam/ssoadmintools && ./setup --acceptLicense --path /usr/openam/config --log /tmp --debug /tmp
6. Create a password file echo "<password for amAdmin from Step #3> >> password.txt && chmod 400 password.txt
7. /usr/openam/ssoadmintools/openam/bin/ssoadm create-identity -u amAdmin -f /usr/openam/config/password.txt -e / -t User -i new-user --debug

Expected behavior
Identity is provisioned in openAM

Actual behavior

openam@openam-01:/usr/openam/config$ /usr/openam/ssoadmintools/openam/bin/ssoadm create-identity -u amAdmin -f /usr/openam/config/openam-password.txt -e / -t User -i newuser --debug

amUtil:02/22/2023 07:36:33:988 PM UTC: Thread[main,5,main]: TransactionId[unknown]
CloseableHttpClientHandlerProvider.get: System proxy enabled for HttpClientHandler: false
CreateIdentity.handleRequest
Message:New Generic Exception

	at com.sun.identity.idm.remote.IdRemoteServicesImpl.processException(IdRemoteServicesImpl.java:164)
	at com.sun.identity.idm.remote.IdRemoteServicesImpl.getSupportedOperations(IdRemoteServicesImpl.java:653)
	at com.sun.identity.idm.AMIdentityRepository.getAllowedIdOperations(AMIdentityRepository.java:192)
	at com.sun.identity.cli.idrepo.CreateIdentity.handleRequest(CreateIdentity.java:85)
	at com.sun.identity.cli.SubCommand.execute(SubCommand.java:296)
	at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:217)
	at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:139)
	at com.sun.identity.cli.CommandManager.serviceRequestQueue(CommandManager.java:581)
	at com.sun.identity.cli.CommandManager.<init>(CommandManager.java:178)
	at com.sun.identity.cli.CommandManager.main(CommandManager.java:155)

CommandManager.<init>
com.sun.identity.cli.CLIException: Message:New Generic Exception

	at com.sun.identity.cli.idrepo.CreateIdentity.handleRequest(CreateIdentity.java:105)
	at com.sun.identity.cli.SubCommand.execute(SubCommand.java:296)
	at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:217)
	at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:139)
	at com.sun.identity.cli.CommandManager.serviceRequestQueue(CommandManager.java:581)
	at com.sun.identity.cli.CommandManager.<init>(CommandManager.java:178)
	at com.sun.identity.cli.CommandManager.main(CommandManager.java:155)
Caused by: Message:New Generic Exception

	at com.sun.identity.idm.remote.IdRemoteServicesImpl.processException(IdRemoteServicesImpl.java:164)
	at com.sun.identity.idm.remote.IdRemoteServicesImpl.getSupportedOperations(IdRemoteServicesImpl.java:653)
	at com.sun.identity.idm.AMIdentityRepository.getAllowedIdOperations(AMIdentityRepository.java:192)
	at com.sun.identity.cli.idrepo.CreateIdentity.handleRequest(CreateIdentity.java:85)
	... 6 more

echo $? results in 127

From /tmp/IdRepo

amIdmClient:02/22/2023 07:36:37:434 PM UTC: Thread[main,5,main]: TransactionId[unknown]
ERROR: IdRemoteServicesImpl.processException(): caught remote/un-known exception -
java.rmi.RemoteException: no-server-found
	at com.sun.identity.shared.jaxrpc.SOAPClient.call(SOAPClient.java:192)
	at com.sun.identity.shared.jaxrpc.SOAPClient.send(SOAPClient.java:329)
	at com.sun.identity.shared.jaxrpc.SOAPClient.send(SOAPClient.java:315)
	at com.sun.identity.idm.remote.IdRemoteServicesImpl.getSupportedOperations(IdRemoteServicesImpl.java:639)
	at com.sun.identity.idm.AMIdentityRepository.getAllowedIdOperations(AMIdentityRepository.java:192)
	at com.sun.identity.cli.idrepo.CreateIdentity.handleRequest(CreateIdentity.java:85)
	at com.sun.identity.cli.SubCommand.execute(SubCommand.java:296)
	at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:217)
	at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:139)
	at com.sun.identity.cli.CommandManager.serviceRequestQueue(CommandManager.java:581)
	at com.sun.identity.cli.CommandManager.<init>(CommandManager.java:178)
	at com.sun.identity.cli.CommandManager.main(CommandManager.java:155)

Desktop (please complete the following information):

• OS: macOS + docker
• Browser: Chrome
• Version 110

Additional context
Other ssoadm commands work as expected.

[maximthomas]

This issue will be fixed in the next release as a workaround we suggest to add --add-exports java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED to JAVA_OPTS environment variable of the Docker image

The final command looks like this:

docker run --rm -h openam-01.domain.com -p 8080:8080 \
 -e JAVA_OPTS="--add-exports java.base/sun.security.x509=ALL-UNNAMED --add-exports java.base/sun.security.tools.keytool=ALL-UNNAMED --add-exports java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED" \
 --name openam-01 openidentityplatform/openam