OpenAM: Web Policy Agent login to OpenAM fails

I am unable to identify the error source. I checked the settings dozens of times, I tried out the local and public IPs, I even tried using different web agent versions and I read everything that I could find on the topic (at least that is what it feels like).

Question: Why is my Web Agent unable to login to OpenAM?

Initial situation: I have two docker containers. The first is running a Tomcat server with OpenAM and the second is running an Apache webserver. Both containers are deployed on two different virtual machines. Both machines can reach each other via their public as well as their private IPs and in the docker-compose files 'network_mode: host' is set.

Following this offical-guide I create an agent profile using the AM console with the following specifications:

• Agent ID: WebAgent
• Agent URL: http://<public_ip_apache_server>:80
• Server URL: http://<public_ip_openam_server>:8080/openam
• password: password

Within the container running the Apache webserver, I do the following:

• Stopping the apache webserver.
• Install OpenSSL.
• Export /<path>/libcrypto.so and /<path>/libssl.so to LD_LIBRARY_PATH.
• Make sure that libc.so.6 is available, and that it supports the GLIBC_2.3 API by running strings libc.so.6 | grep GLIBC_2 within /usr/lib/x86_64-linux-gnu/.
• Creating a password file via echo password > /tmp/pwd.txt followed by chmod 400 /tmp/pwd.txt.
• Running the config command for the Web Agent:

/apache24_agent/bin/agentadmin --s "/usr/local/apache2/conf/httpd.conf" \ 
"http://<public_ip_openam_server>:8080/openam" "http://<public_ip_apache_server>:80" "/" \
"WebAgent" "/tmp/pwd.txt" --changeOwner --acceptLicence

Problem:

The last command always fails with the following output:

OpenAM Web Agent for Apache Server installation.
Validating...
Error validating OpenAM - Agent configuration.
Installation failed.
See installation log /usr/local/apache2/apache24_agent/bin/../log/install_20201227114136.log file for more details. Exiting.

Checking the error log:

2020-12-27 11:41:36  license accepted with --acceptLicence option
2020-12-27 11:41:36  license was accepted earlier
2020-12-27 11:41:36  Found user daemon, uid 1, gid 1
2020-12-27 11:41:36  Found group daemon, gid 1
2020-12-27 11:41:36  OpenSSL library status: <removed for readbility> OpenSSL v1.1.x library support is available
2020-12-27 11:41:36  validating configuration parameters...
2020-12-27 11:41:36  error validating OpenAM agent configuration
agent login to http://<public_ip_openam_server>:8080/openam fails
2020-12-27 11:41:36  installation error
2020-12-27 11:41:36  installation exit

System and software:

• OpenAM Version: 14.5.4
• Container running Apache Webserver: x86_64 system, Debian
• Version Apache: 2.4.46
• Web Policy Agent: Platform = Apache, Platform Version = 2.4, Operating System = Linux, Architecture = 64bit, Platform Version = 5.6, Version = 5.6.2.0
• OpenSSL Version: v1.1

Are you using Open Identity Platform community version? I'm afraid Web Agent 5.6.2.0 and OpenAM 14.5.4 could be incompatible. Try to use an earlier Web Agent version for example 4.1.1, or switch to OpenIG as an alternative to Web Agent. There are a couple of useful links below:

https://github.com/OpenIdentityPlatform/OpenAM/wiki/Quick-Start-Guide

https://github.com/OpenIdentityPlatform/OpenAM/wiki/How-to-Add-Authorization-and-Protect-Your-Application-With-OpenAM-and-OpenIG-Stack