Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Mike Schwartz
    @nynymike
    if that works, it would show the ldap server config is right ... i.e. it is accepting this attribute for the objectclass
    Technically, you are not supposed to use the ASN under the control of another organization...
    BTW, there is no requirement to use asn
    You could just name it cpfOid
    Kleber Rocha
    @klinux
    humm ok
    Mike Schwartz
    @nynymike
    inum=test,ou=people,o=jans
    objectclass: top
    objectclass: jansperson
    uid: test
    cn: Test User
    sn: test
    mail: test@test.com
    cpf: 123456
    personID: 98765643
    Kleber Rocha
    @klinux
    it works for you?
    Mike Schwartz
    @nynymike
    /opt/opendj/bin/ldapmodify -h xxxx -p 1636 -Z -X -D "cn=directory manager" -j ~/.pw -a -f test.ldif
    There is no reason it wouldn't work.
    You are using K8S ?
    Or VM?
    Kleber Rocha
    @klinux
    K8S the custom file is a config map mounted
    Mike Schwartz
    @nynymike
    Are you sure all your ldap servers have the new schema?
    I would try to add the user via an LDIF file.
    And that way it's clear the schema change is working...
    then go to the script.
    anyway, gotta run
    good luck
    Kleber Rocha
    @klinux
    thank you, I will check the installation :)
    Mike Schwartz
    @nynymike
    You may also want to check out the open banking distro
    https://www.gluu.org/docs/openbanking/1.0.0/
    that is based on janssen
    and it's open source
    It will get you a lot closer to the goal, if what you are trying to do is open banking...
    Kleber Rocha
    @klinux
    yess, I'm using that version, but with LDAP, not MySQL
    it's a problem?
    Mike Schwartz
    @nynymike
    Not for me, I love ldap
    but in this space, the cloud sql services, like amazon aurora, seem to be preferred
    also, with ldap you need to think about replication.
    Kleber Rocha
    @klinux
    Yes, it make sense, but it's only for discovery purpose, I tryied mysql but I discovery later that installation only support mysql 8, the sqlalchmy was broken with mysql 5.7
    Mike Schwartz
    @nynymike
    SQLalchemy is needed for Gluu?
    Kleber Rocha
    @klinux
    @nynymike I believe that container gluu-persistence uses sqlalchemy to load all schemes in database.
    Mike Schwartz
    @nynymike
    If there is a deployment error, feel free to open an issue on Github
    it should deploy ok...
    Kleber Rocha
    @klinux
    @nynymike the envorcents here in openbanking brazil is using janssen or gluu server 4.2, do you know about that?
    efforts
    Mohammad Abudayyeh
    @moabu
    @klinux there is no way that will work. Openbanking features do jot exist in gluu 4.2. They do in janssen as the base image is the same as gluu 5.0.0 openbankong distribution but janssen repos dont support installation of the openbanking distribution.
    Kleber Rocha
    @klinux
    @moabu thank you
    Mike Schwartz
    @nynymike
    Gluu has an Open Banking distro of the Janssen bits. It is open source. You can read the docs here: https://www.gluu.org/docs/openbanking/1.0.0/
    Kleber Rocha
    @klinux
    @nynymike yes I know, I'm running this version here to validate, do you know how we can implement mtls_endpoint_aliases in openid configuration, we not pass in the openid test becaouse this parameter is necessary.
    Kleber Rocha
    @klinux
    it's possible to configure mtls_endpoint_aliases
    ?
    Mike Schwartz
    @nynymike
    We have a feature request for this right now
    JanssenProject/jans-auth-server#136
    Kleber Rocha
    @klinux
    Hello guys, I'm trying openid tests here, when we set the mtls_endpoint_aliases, the openid tests try to use token_endpoint inside mtls_endpoint_aliases, but jans server get this error:
    Caused by: io.jans.as.model.exception.InvalidJwtException: Invalid audience: [https://matls-auth...
    there some way to fix that?
    if (audience != null && (audience.contains(appConfiguration.getIssuer()) || audience.contains(tokenUrl) || audience.contains(cibaAuthUrl))) the code only look to some types of urls
    Mike Schwartz
    @nynymike
    Gluu provides commercial support on a Janssen distribution for open banking.
    Kleber Rocha
    @klinux
    we already in touch with Davin, we are only try tests to learn janseen distribution
    we are running gluu distribution in our tests