Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    skr1023
    @skr1023
    Hi,
    I'm trying to build the OpenIDM(5.5.0) source code using Apache Maven 3.6.1 but I'm getting the following error.
    It probably has something to do with the authentication required to access forgerock repository for maven.
    How to resolve this issue???
    [ERROR] [ERROR] Some problems were encountered while processing the POMs:
    [FATAL] Non-resolvable parent POM for org.forgerock.openidm:openidm-project:5.5.0-SNAPSHOT: Could not transfer artifact org.forgerock:forgerock-parent:pom:2.0.10 from/to forgerock-staging-repository (http://maven.forgerock.org/repo/releases): Connect to maven.forgerock.org:80 [maven.forgerock.org/81.171.204.41] failed: Connection refused (Connection refused) and 'parent.relativePath' points at wrong local POM @ line 19, column 13
    vharseko
    @vharseko
    @skr1023 FIXED please pull and try again: https://github.com/OpenIdentityPlatform/OpenIDM#how-to-build
    kumar panchal
    @kumarpanchal18_twitter

    Hello

    After upgrading OpenAM 12 to 14 facing issue with external DS. Receiving CTS error

    ERROR: AuthD init()
    java.lang.RuntimeException: org.forgerock.openam.session.service.access.persistence.SessionPersistenceException: Failed to save session
    at org.forgerock.openam.session.service.SessionAccessManager.persistInternalSession(SessionAccessManager.java:135)
    at com.iplanet.dpro.session.service.AuthenticationSessionStore.promoteSession(AuthenticationSessionStore.java:107)
    at org.forgerock.openam.authentication.service.AuthSessionFactory.initAuthSession(AuthSessionFactory.java:105)
    at org.forgerock.openam.authentication.service.AuthSessionFactory.getAuthenticationSession(AuthSessionFactory.java:79)
    at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:224)
    at com.sun.identity.authentication.service.AuthD.<init>(AuthD.java:103)
    at com.sun.identity.authentication.service.AuthD$SingletonHolder.getInstance(AuthD.java:125)
    at com.sun.identity.authentication.service.AuthD.getAuth(AuthD.java:512)
    at com.sun.identity.authentication.service.AuthUtils.getAuthContext(AuthUtils.java:199)
    at org.forgerock.openam.core.rest.authn.core.wrappers.CoreServicesWrapper.getAuthContext(CoreServicesWrapper.java:58)
    at org.forgerock.openam.core.rest.authn.core.LoginAuthenticator.getAuthContext(LoginAuthenticator.java:197)
    at org.forgerock.openam.core.rest.authn.core.LoginAuthenticator.getLoginProcess(LoginAuthenticator.java:87)
    at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.authenticate(RestAuthenticationHandler.java:177)
    at org.forgerock.openam.core.rest.authn.RestAuthenticationHandler.initiateAuthentication(RestAuthenticationHandler.java:109)
    at org.forgerock.openam.core.rest.authn.http.AuthenticationServiceV1.authenticate(AuthenticationServiceV1.java:154)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.forgerock.openam.http.annotations.AnnotatedMethod.invoke(AnnotatedMethod.java:84)
    at org.forgerock.openam.http.annotations.Endpoints$1.handle(Endpoints.java:72)
    at org.forgerock.http.routing.Router.handle(Router.java:100)
    at org.forgerock.openam.audit.AbstractHttpAccessAuditFilter.filter(AbstractHttpAccessAuditFilter.java:73)
    at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61)
    at org.forgerock.http.routing.Router.handle(Router.java:100)
    at org.forgerock.openam.rest.RealmContextFilter.filter(RealmContextFilter.java:86)
    at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61)
    at org.forgerock.http.routing.Router.handle(Router.java:100)
    at org.forgerock.http.routing.Router.handle(Router.java:100)
    at org.forgerock.openam.rest.RealmRoutingFactory$ChfRealmRouter.handle(RealmRoutingFactory.java:147)
    at org.forgerock.http.handler.Handlers$UndescribedAsDescribableHandler.handle(Handlers.java:187)
    at org.forgerock.openam.rest.RealmRoutingFactory$HostnameFilter.filter(RealmRoutingFactory.java:124)
    at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61)
    at org.forgerock.http.routing.Router.handle(Router.java:100)
    at org.forgerock.http.routing.Router.handle(Router.java:100)
    at org.forgerock.http.routing.ResourceApiVersionRoutingFilter.filter(ResourceApiVersionRoutingFilter.java:64)
    at org.forgerock.http.handler.Handlers$1.handle(Handlers.java:61)
    at org.forgerock.caf.authentication.framework.AuthenticationFramework.grantAccess(AuthenticationFramework.java:220)
    at org.forgerock.caf.authentication.framework.AuthenticationFramework.access$400(AuthenticationFramework.java:65)
    at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:212)
    at org.forgerock.caf.authentication.framework.AuthenticationFramework$3.apply(AuthenticationFramework.java:205)
    at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:255)
    at org.forgerock.util.promise.Promises$CompletedPromise.thenAsync(Promises.java:244)
    at org.forgerock.caf.authentication.framewo
    vharseko
    @vharseko
    please attach 99-user.ldif from external DS
    kumar panchal
    @kumarpanchal18_twitter
    I didn't find this name ldif file
    vharseko
    @vharseko
    check config/schema path in base OpenDJ install
    kumar panchal
    @kumarpanchal18_twitter
    Ok
    vharseko
    @vharseko
    $ ls config/schema/
    00-core.ldif 03-keystore.ldif 03-rfc2739.ldif 03-uddiv3.ldif 05-solaris.ldif
    01-pwpolicy.ldif 03-pwpolicyextension.ldif 03-rfc2926.ldif 04-rfc2307bis.ldif 06-compat.ldif
    02-config.ldif 03-rfc2713.ldif 03-rfc3112.ldif 05-rfc4876.ldif 99-user.ldif
    03-changelog.ldif 03-rfc2714.ldif 03-rfc3712.ldif 05-samba.ldif
    kumar panchal
    @kumarpanchal18_twitter
    can you please provide full path?
    vharseko
    @vharseko
    you use OpenDJ as External DS ?
    kumar panchal
    @kumarpanchal18_twitter
    Yeah
    while configuration i have provided my own LDAP as external
    vharseko
    @vharseko
    on external DS search find / -name 99-user.ldif
    kumar panchal
    @kumarpanchal18_twitter
    Meanwhile on my LDAP location?
    vharseko
    @vharseko
    yes
    kumar panchal
    @kumarpanchal18_twitter

    Ok. Just we have to import 99-user. ldif file and issue will resolve?

    Because it's hitting authenticate the request with an anonymous user to get login page of openam

    vharseko
    @vharseko
    yes
    kumar panchal
    @kumarpanchal18_twitter
    Ok
    Thank you let me do it and get back you
    kumar panchal
    @kumarpanchal18_twitter
    CTS: Timed out whilst waiting for result
    at org.forgerock.openam.cts.impl.queue.AsyncResultHandler.getResults(AsyncResultHandler.java:88)
    at org.forgerock.openam.cts.monitoring.impl.queue.TokenMonitoringResultHandler.getResults(TokenMonitoringResultHandler.java:50)
    Receiving this
    vharseko
    @vharseko
    please restart and reindex external DS after schema update and attach full openam log
    kumar panchal
    @kumarpanchal18_twitter
    Ok
    kumar pravinchandra panchal
    @kumar1801
    HI
    Asad Shakeel
    @AsadShakeel
    HI! I want to create a new JWT key/pair and change the existing one in OAuth2Provider. How can I do that?
    pawel-dev
    @pawel-dev
    I've encountered an interesting problem:
    • I'm working with OpenAM 14.2.2
    • I'm trying to set up an external data store, using Apache DS 2.0.0, in which there are about 500 users and several groups configured
    • OpenAM shows me only 100 of users from the external LDAP, in addition to the users openAm and anonymous, and no groups from LDAP
    • Any of the 100 visible users can be successfully authenticated in OpenAM, but the remaining users cannot
      Does anyone know of any limit in OpenAM, that would prevent me from accessing the remaining users? How about the groups - I need them to build authorization rules.
    Maxim Thomas
    @maximthomas
    @pawel-dev
    Hi. there is no limit in OpenAM, seems there is an issue with external data store configuration
    dieterdanger
    @dieterdanger

    Hello everyone, we have a few questions regarding OpenAM Community Edition:

    • Will trees / nodes be supported at any point in the future?
    • In general, if a new feature is implemented into the commercial product FR AccessManagement, where does the community get the source code from? Is there even a source code from ForgeRock or are all new features implemented from scratch and made to look like in the original product?
    • Does the recent version of OpenAM Community Edition support ActiveDirectory-Authentication?

    Best regards

    kumar pravinchandra panchal
    @kumar1801

    Hello Everyone,

    Is any configuration to speedup rendering on LOGIN page?
    It is taking a bit longer on landing on login page using new architecture of XUI.

    Thank you in advance.

    Maxim Thomas
    @maximthomas
    @kumar1801 Hello, you can always switch back to classic UI using system option -DXUI.enable=false
    Maxim Thomas
    @maximthomas

    @dieterdanger
    Hello

    • Will trees / nodes be supported at any point in the future?

    What do you mean about trees/nodes?

    • In general, if a new feature is implemented into the commercial product FR AccessManagement, where does the community get the source code from? Is there even a source code from ForgeRock or are all new features implemented from scratch and made to look like in the original product?

    We do not have access to ForgeRock source code, we develop the products independently

    • Does the recent version of OpenAM Community Edition support ActiveDirectory-Authentication?

    Yes, via login and password, via Kerberos and also NTLM

    kumar pravinchandra panchal
    @kumar1801

    HI.

    Are we have support on SameSite=None as chrome will not support third-party cookies from Feb 17 2020?

    If yes then how we can achieve in OpenAM-14.4.2?

    Maxim Thomas
    @maximthomas
    @kumar1801
    Hi, in current release no, but we have plans to add SameSite=Lax, None, Strict and NotSet support recently
    kumar pravinchandra panchal
    @kumar1801
    @maximthomas
    Hi
    Till, when it will be completed?
    Maxim Thomas
    @maximthomas
    @kumar1801 we don't have exact deadline, but we'll try to make it done till 17-Feb-2020.
    kumar pravinchandra panchal
    @kumar1801
    Thank you so much @maximthomas
    kumar pravinchandra panchal
    @kumar1801

    Hi,

    Is any update on SameSite implementation?

    Maxim Thomas
    @maximthomas
    Hi, I'm still working on it...
    kumar pravinchandra panchal
    @kumar1801
    Ok. Thank you @maximthomas
    Maxim Thomas
    @maximthomas
    @kumar1801 Hi, you I've done same site cooke. https://github.com/OpenIdentityPlatform/commons/tree/issues/samesite_cookie and https://github.com/OpenIdentityPlatform/OpenAM/tree/issues/samesite_cookie But did not merge into master branches yet.
    There is a new system parameter org.openidentityplatform.openam.cookie.samesite - SameSite cookie value
    kumar pravinchandra panchal
    @kumar1801

    Thank you @maximthomas .

    We will test it and get back to you.

    Is it any documentation available on how to configure this system parameter?
    Maxim Thomas
    @maximthomas
    @kumar1801 If you use tomcat, you cat set -Dorg.openidentityplatform.openam.cookie.samesite=None in setenv.shfile
    kumar pravinchandra panchal
    @kumar1801
    Ok
    kumar pravinchandra panchal
    @kumar1801

    @maximthomas We tested with basic SSO and it is working fine with SameSite = None.

    Thank you

    Maxim Thomas
    @maximthomas
    @kumar1801 Great, thanks!