From 6a410dd85157a5931784c3e7f8912a2cdc497632 Mon Sep 17 00:00:00 2001 From: Valera V Harseko Date: Wed, 13 May 2026 12:06:52 +0300 Subject: [PATCH 1/6] ci: fail "Print openidm logs" step on errors/exceptions in OpenIDM logs --- .github/workflows/build.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 12b40e165..565a24d19 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -170,7 +170,23 @@ jobs: done else echo "openidm/logs directory not found" + exit 0 fi + echo "----- Checking logs for errors/exceptions -----" + status=0 + while IFS= read -r f; do + if grep -E -n "ERROR|SEVERE|Exception|Throwable" "$f" > /tmp/log_errors.$$ 2>/dev/null; then + echo "Found errors/exceptions in $f:" + cat /tmp/log_errors.$$ + status=1 + fi + rm -f /tmp/log_errors.$$ + done < <(find openidm/logs -type f) + if [ "$status" -ne 0 ]; then + echo "Errors or exceptions detected in openidm logs" + exit 1 + fi + echo "No errors or exceptions detected in openidm logs" build-docker: runs-on: 'ubuntu-latest' services: From 9945e76bc6c42d08ef5601a724e14d264595fa0c Mon Sep 17 00:00:00 2001 From: Valera V Harseko Date: Wed, 13 May 2026 12:28:34 +0300 Subject: [PATCH 2/6] ci: fail "Print openidm logs" step on errors/exceptions in OpenIDM logs --- .github/workflows/build.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 565a24d19..8bebbfe3e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -55,8 +55,7 @@ jobs: openidm/startup.sh & timeout 3m bash -c 'until grep -q "OpenIDM ready" openidm/logs/openidm0.log.0 ; do sleep 5; done' || cat openidm/logs/openidm0.log.0 grep -q "OpenIDM ready" openidm/logs/openidm0.log.0 - ! grep "ERROR" openidm/logs/openidm0.log.0 - ! grep "SEVERE" openidm/logs/openidm0.log.0 + ! grep -E "ERROR|SEVERE|Exception|Throwable" openidm/logs/openidm0.log.0 - name: Test on Windows if: runner.os == 'Windows' run: | @@ -66,8 +65,11 @@ jobs: Start-Sleep -s 180 type logs\openidm0.log.0 findstr "OpenIDM ready" logs\openidm0.log.0 - type logs\openidm0.log.0 | find /c '"ERROR"' | findstr "0" - type logs\openidm0.log.0 | find /c '"SEVERE"' | findstr "0" + if (Select-String -Path logs\openidm0.log.0 -Pattern 'ERROR|SEVERE|Exception|Throwable' -Quiet) { + Write-Host "Errors or exceptions detected in openidm0.log.0" + Select-String -Path logs\openidm0.log.0 -Pattern 'ERROR|SEVERE|Exception|Throwable' + exit 1 + } - name: Upload failure artifacts uses: actions/upload-artifact@v7 if: ${{ failure() }} @@ -136,8 +138,7 @@ jobs: OPENIDM_OPTS="$OPTS" openidm/startup.sh $ARGS & timeout 3m bash -c 'until grep -q "OpenIDM ready" openidm/logs/openidm0.log.0 ; do sleep 5; done' || cat openidm/logs/openidm0.log.0 grep -q "OpenIDM ready" openidm/logs/openidm0.log.0 - ! grep "ERROR" openidm/logs/openidm0.log.0 - ! grep "SEVERE" openidm/logs/openidm0.log.0 + ! grep -E "ERROR|SEVERE|Exception|Throwable" openidm/logs/openidm0.log.0 - name: UI Smoke Tests (Playwright) run: | cd e2e From 35b6c450f36782c98209f17ffc126aafeb833f7a Mon Sep 17 00:00:00 2001 From: Valera V Harseko Date: Wed, 13 May 2026 13:24:35 +0300 Subject: [PATCH 3/6] Fix Felix Web Console PreferencesConfigurationPrinter not enabled Add org.apache.felix.prefs bundle to provide org.osgi.service.prefs package (including BackingStoreException class) at runtime, fixing: INFO: org.apache.felix.webconsole.internal.compendium.PreferencesConfigurationPrinter not enabled. Reason: Class org/osgi/service/prefs/BackingStoreException missing --- openidm-zip/pom.xml | 4 ++++ pom.xml | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/openidm-zip/pom.xml b/openidm-zip/pom.xml index b5b889f96..2152dca0a 100644 --- a/openidm-zip/pom.xml +++ b/openidm-zip/pom.xml @@ -272,6 +272,10 @@ org.apache.felix org.apache.felix.webconsole.plugins.packageadmin + + org.apache.felix + org.apache.felix.prefs + org.apache.geronimo.bundles json diff --git a/pom.xml b/pom.xml index 8d4ca3b33..029722aa5 100644 --- a/pom.xml +++ b/pom.xml @@ -518,6 +518,11 @@ org.apache.felix.webconsole.plugins.packageadmin ${felix.webconsole.packageadmin.version} + + org.apache.felix + org.apache.felix.prefs + 1.1.0 + org.apache.felix From 7957f5f148b29da4e9f74225d5e3a7aa5756df0b Mon Sep 17 00:00:00 2001 From: Valera V Harseko Date: Wed, 13 May 2026 17:02:58 +0300 Subject: [PATCH 4/6] Remove dead `logback.configurationFile` reference and silence noisy pax-web INFO logs --- .github/workflows/build.yml | 2 +- Dockerfile | 2 +- Dockerfile-alpine | 2 +- openidm-zip/pom.xml | 3 +-- openidm-zip/src/main/resources/bin/install-service.bat | 2 +- openidm-zip/src/main/resources/conf/logging.properties | 3 +++ openidm-zip/src/main/resources/startup.sh | 2 +- 7 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8bebbfe3e..b7b9ca52d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -129,7 +129,7 @@ jobs: run: | OPTS="" if [ -n "${{ matrix.context_path }}" ]; then - OPTS="-Dlogback.configurationFile=conf/logging-config.groovy -Dopenidm.context.path=${{ matrix.context_path }}" + OPTS="-Dopenidm.context.path=${{ matrix.context_path }}" fi ARGS="" if [ -n "${{ matrix.samples }}" ]; then diff --git a/Dockerfile b/Dockerfile index 561d723b6..9ea6cdbd4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ FROM eclipse-temurin:25-jre-jammy LABEL org.opencontainers.image.authors="Open Identity Platform Community" ENV USER="openidm" -ENV OPENIDM_OPTS="-server -XX:+UseContainerSupport --add-exports java.base/com.sun.jndi.ldap=ALL-UNNAMED -Dlogback.configurationFile=conf/logging-config.groovy" +ENV OPENIDM_OPTS="-server -XX:+UseContainerSupport --add-exports java.base/com.sun.jndi.ldap=ALL-UNNAMED" ARG VERSION diff --git a/Dockerfile-alpine b/Dockerfile-alpine index e7f32f1ab..ef3731ff5 100644 --- a/Dockerfile-alpine +++ b/Dockerfile-alpine @@ -16,7 +16,7 @@ FROM alpine:latest LABEL org.opencontainers.image.authors="Open Identity Platform Community" ENV USER="openidm" -ENV OPENIDM_OPTS="-server -XX:+UseContainerSupport -Dlogback.configurationFile=conf/logging-config.groovy" +ENV OPENIDM_OPTS="-server -XX:+UseContainerSupport" ARG VERSION diff --git a/openidm-zip/pom.xml b/openidm-zip/pom.xml index 2152dca0a..2b84098d5 100644 --- a/openidm-zip/pom.xml +++ b/openidm-zip/pom.xml @@ -22,7 +22,7 @@ ~ your own identifying information: ~ "Portions Copyrighted [year] [name of copyright owner]" ~ - ~ Portions Copyrighted 2019-2025 3A Systems LLC. + ~ Portions Copyrighted 2019-2026 3A Systems LLC. --> 4.0.0 @@ -901,7 +901,6 @@ - -Dlogback.configurationFile=conf/logging-config.groovy diff --git a/openidm-zip/src/main/resources/bin/install-service.bat b/openidm-zip/src/main/resources/bin/install-service.bat index 24b09a299..049246a0d 100644 --- a/openidm-zip/src/main/resources/bin/install-service.bat +++ b/openidm-zip/src/main/resources/bin/install-service.bat @@ -28,7 +28,7 @@ set OPENIDM_OPTS_SERVICE=%OPENIDM_OPTS: =;% rem set SERVER_START_PARAMS="-c;bin/launcher.json" set CP=bin/launcher.jar;bin/felix.jar rem JAVA_OPTS_SERVICE will be fed to the prunmgr.exe which requires all semi-colon delimiters -set JAVA_OPTS_SERVICE=%OPENIDM_OPTS_SERVICE%;-Djava.util.logging.config.file=conf\logging.properties;-Dlogback.configurationFile=conf\logging-config.xml; +set JAVA_OPTS_SERVICE=%OPENIDM_OPTS_SERVICE%;-Djava.util.logging.config.file=conf\logging.properties; rem Enable debugging uncomment the line below rem set JAVA_OPTS_SERVICE=%JAVA_OPTS_SERVICE%;-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005; diff --git a/openidm-zip/src/main/resources/conf/logging.properties b/openidm-zip/src/main/resources/conf/logging.properties index c96e84681..413daa50c 100644 --- a/openidm-zip/src/main/resources/conf/logging.properties +++ b/openidm-zip/src/main/resources/conf/logging.properties @@ -73,6 +73,9 @@ org.identityconnectors.framework.impl.api.local.LocalConnectorInfoManagerImpl.le # Suppress warnings of failed error page model validation org.ops4j.pax.web.service.spi.model.elements.ErrorPageModel.level=SEVERE +# Suppress noisy INFO records from pax-web bundle (servlet/error-page registration) +org.ops4j.pax.web.level=WARNING + # OrientDB 3.x: suppress harmless WARNINGs that we cannot act on # - OScriptManager logs "ECMAScript engine not found" when no JSR-223 javascript # engine is on the classpath (we don't ship one and don't use OrientDB JS). diff --git a/openidm-zip/src/main/resources/startup.sh b/openidm-zip/src/main/resources/startup.sh index 1ef748319..0da8279ff 100755 --- a/openidm-zip/src/main/resources/startup.sh +++ b/openidm-zip/src/main/resources/startup.sh @@ -95,7 +95,7 @@ PRGDIR=`dirname "$PRG"` [ -z "$OPENIDM_PID_FILE" ] && OPENIDM_PID_FILE="$OPENIDM_HOME"/.openidm.pid # Only set OPENIDM_OPTS if not already set -[ -z "$OPENIDM_OPTS" ] && OPENIDM_OPTS="-Dlogback.configurationFile=conf/logging-config.groovy" +[ -z "$OPENIDM_OPTS" ] && OPENIDM_OPTS="" # Set JDK Logger config file if it is present and an override has not been issued PROJECT_HOME=$OPENIDM_HOME From 9b4ea26e597fb3249642de81e00e20c7d4f8f3c6 Mon Sep 17 00:00:00 2001 From: Valera V Harseko Date: Wed, 13 May 2026 17:32:08 +0300 Subject: [PATCH 5/6] ci(windows): make log error scan case-sensitive to match Unix grep Select-String in PowerShell is case-insensitive by default, so the Windows smoke-test step was matching benign INFO records such as "ErrorServletComponent activate" / "Registered servlet at /error" against the ERROR|SEVERE|Exception|Throwable pattern and failing the build. The equivalent Unix step uses `grep -E`, which is case-sensitive, so the same lines pass on Linux/macOS. Add the -CaseSensitive flag to both Select-String invocations in the "Test on Windows" step of .github/workflows/build.yml so the check behaves identically across OSes. --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b7b9ca52d..6a488b2d1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -65,9 +65,9 @@ jobs: Start-Sleep -s 180 type logs\openidm0.log.0 findstr "OpenIDM ready" logs\openidm0.log.0 - if (Select-String -Path logs\openidm0.log.0 -Pattern 'ERROR|SEVERE|Exception|Throwable' -Quiet) { + if (Select-String -Path logs\openidm0.log.0 -Pattern 'ERROR|SEVERE|Exception|Throwable' -CaseSensitive -Quiet) { Write-Host "Errors or exceptions detected in openidm0.log.0" - Select-String -Path logs\openidm0.log.0 -Pattern 'ERROR|SEVERE|Exception|Throwable' + Select-String -Path logs\openidm0.log.0 -Pattern 'ERROR|SEVERE|Exception|Throwable' -CaseSensitive exit 1 } - name: Upload failure artifacts From 926f800cbf8b68ae23f5d47133ad27473c7c6330 Mon Sep 17 00:00:00 2001 From: Valera V Harseko Date: Wed, 13 May 2026 19:16:56 +0300 Subject: [PATCH 6/6] fix(samples/workflow): honor `openidm.context.path` in Accept Notice script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Problem The `samples/workflow` end-to-end smoke job `ui-smoke-tests (… , /myidm, samples/workflow)` consistently fails on both Java 17 and Java 26 in [Build run #25805813364](https://github.com/OpenIdentityPlatform/OpenIDM/actions/runs/25805813364) while every other matrix combination is green: | context_path | sample | result | |--------------|---------------------|----------| | (default) | samples/workflow | ✅ pass | | /myidm | samples/getting-started | ✅ pass | | /myidm | (no sample) | ✅ pass | | **/myidm** | **samples/workflow**| ❌ fail | The job's final step (`Print openidm logs`) scans `openidm/logs/*` for `ERROR|SEVERE|Exception|Throwable` and exits 1 if anything matches. With `-Dopenidm.context.path=/myidm` the workflow sample's `Accept Notice` Groovy script task in `contractorOnboarding.bpmn20.xml` was calling a hard-coded REST URL: ```groovy "url": "https://localhost:" + identityServer.getProperty('openidm.port.https') + "/openidm/selfservice/reset?_action=submitRequirements" --- .../workflow/workflow/contractorOnboarding.bpmn20.xml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/openidm-zip/src/main/resources/samples/workflow/workflow/contractorOnboarding.bpmn20.xml b/openidm-zip/src/main/resources/samples/workflow/workflow/contractorOnboarding.bpmn20.xml index ea5ddfd9c..1189345ca 100644 --- a/openidm-zip/src/main/resources/samples/workflow/workflow/contractorOnboarding.bpmn20.xml +++ b/openidm-zip/src/main/resources/samples/workflow/workflow/contractorOnboarding.bpmn20.xml @@ -13,6 +13,7 @@ information: "Portions Copyrighted [year] [name of copyright owner]". Copyright (c) 2011-2015 ForgeRock AS. All rights reserved. + Portions Copyright 2026 3A Systems, LLC. --> @@ -98,8 +99,12 @@ // Automatically send the user a password reset email // Current limitation with supplying locale via http headers requires the call to be made via http + def openidmContextPath = identityServer.getProperty('openidm.context.path', '/openidm') + if (!openidmContextPath.startsWith('/')) { + openidmContextPath = '/' + openidmContextPath + } openidm.action("external/rest", "call", [ - "url": "https://localhost:"+identityServer.getProperty('openidm.port.https')+"/openidm/selfservice/reset?_action=submitRequirements", + "url": "https://localhost:"+identityServer.getProperty('openidm.port.https')+openidmContextPath+"/selfservice/reset?_action=submitRequirements", "method": "POST", "headers": [ "Content-Type": "application/json",