by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    dieterdanger
    @dieterdanger

    Hello everyone, we have a few questions regarding OpenAM Community Edition:

    • Will trees / nodes be supported at any point in the future?
    • In general, if a new feature is implemented into the commercial product FR AccessManagement, where does the community get the source code from? Is there even a source code from ForgeRock or are all new features implemented from scratch and made to look like in the original product?
    • Does the recent version of OpenAM Community Edition support ActiveDirectory-Authentication?

    Best regards

    kumar pravinchandra panchal
    @kumar1801

    Hello Everyone,

    Is any configuration to speedup rendering on LOGIN page?
    It is taking a bit longer on landing on login page using new architecture of XUI.

    Thank you in advance.

    Maxim Thomas
    @maximthomas
    @kumar1801 Hello, you can always switch back to classic UI using system option -DXUI.enable=false
    Maxim Thomas
    @maximthomas

    @dieterdanger
    Hello

    • Will trees / nodes be supported at any point in the future?

    What do you mean about trees/nodes?

    • In general, if a new feature is implemented into the commercial product FR AccessManagement, where does the community get the source code from? Is there even a source code from ForgeRock or are all new features implemented from scratch and made to look like in the original product?

    We do not have access to ForgeRock source code, we develop the products independently

    • Does the recent version of OpenAM Community Edition support ActiveDirectory-Authentication?

    Yes, via login and password, via Kerberos and also NTLM

    kumar pravinchandra panchal
    @kumar1801

    HI.

    Are we have support on SameSite=None as chrome will not support third-party cookies from Feb 17 2020?

    If yes then how we can achieve in OpenAM-14.4.2?

    Maxim Thomas
    @maximthomas
    @kumar1801
    Hi, in current release no, but we have plans to add SameSite=Lax, None, Strict and NotSet support recently
    kumar pravinchandra panchal
    @kumar1801
    @maximthomas
    Hi
    Till, when it will be completed?
    Maxim Thomas
    @maximthomas
    @kumar1801 we don't have exact deadline, but we'll try to make it done till 17-Feb-2020.
    kumar pravinchandra panchal
    @kumar1801
    Thank you so much @maximthomas
    kumar pravinchandra panchal
    @kumar1801

    Hi,

    Is any update on SameSite implementation?

    Maxim Thomas
    @maximthomas
    Hi, I'm still working on it...
    kumar pravinchandra panchal
    @kumar1801
    Ok. Thank you @maximthomas
    Maxim Thomas
    @maximthomas
    @kumar1801 Hi, you I've done same site cooke. https://github.com/OpenIdentityPlatform/commons/tree/issues/samesite_cookie and https://github.com/OpenIdentityPlatform/OpenAM/tree/issues/samesite_cookie But did not merge into master branches yet.
    There is a new system parameter org.openidentityplatform.openam.cookie.samesite - SameSite cookie value
    kumar pravinchandra panchal
    @kumar1801

    Thank you @maximthomas .

    We will test it and get back to you.

    Is it any documentation available on how to configure this system parameter?
    Maxim Thomas
    @maximthomas
    @kumar1801 If you use tomcat, you cat set -Dorg.openidentityplatform.openam.cookie.samesite=None in setenv.shfile
    kumar pravinchandra panchal
    @kumar1801
    Ok
    kumar pravinchandra panchal
    @kumar1801

    @maximthomas We tested with basic SSO and it is working fine with SameSite = None.

    Thank you

    Maxim Thomas
    @maximthomas
    @kumar1801 Great, thanks!
    Arvind Gupta
    @arvindgu

    How to configure MD5 hash digest password encryption for Mysql IDP data store?
    I need to connect to existing Mysql database where user's passwords are hashed using MD5 Digest (One way hash).
    I do not see an option to specify the encryption scheme for password while creating a JDBC module and a Mysql data store. Also I could not find anything in documentation.

    While creating JDBC module, an option available is "Class to Transform Password Syntax". However this transformation can be applied after OpenAM retrieves the password from Mysql and that would mean I will need decrypt the MD5 hash, which won't be possible.

    My questions are:

    1. How to configure MD5 hash digest password encryption for Mysql IDP data store from OpenAM UI?
    2. Is there a way to control the password comparison process, so that I can hash the user given password and that will get compared with the hashed password stored in database? Can you pleases provide the classes, where password's are compared?

    Appreciate any help in this regards.

    winlong
    @winlong
    when executing installation on suse linux 15 leap, it shows a message :
    SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
    SLF4J: Defaulting to no-operation (NOP) logger implementation
    SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
    martipamies
    @martipamies
    Hi at all, my name is Marti Pamies and this is my first message at the Open Identity Platform Community. I am CTO of VICO Open Modeling, a company based in Barcelona. Two month ago we found this tool and it was a great surprise as the amazing features is able to provide. Now we are looking for some training to have a deeper Knowledge on it. For what I've read in a post by @vharseko some companies provides consulting and suport services. How we can get more information on it?
    Thks
    Maxim Thomas
    @maximthomas
    @arvindgu Hi, you need to implement interface com.sun.identity.authentication.modules.jdbc.JDBCPasswordSyntaxTransform and set your class implementation in Class to Transform Password Syntax setting of your JDBC module
    @winlong Hi, it is not critical message for OpenDJ console utils and does not affect their functionality
    Maxim Thomas
    @maximthomas
    @martipamies Hi, please send an RFP to support@3a-systems.ru
    kumar pravinchandra panchal
    @kumar1801

    HI @maximthomas

    Is there any option available in SSO federation using autoAuth parameter I can do federation without redirects for Microsoft applications?

    Maxim Thomas
    @maximthomas
    Hi @kumar1801 Could you provide more details about the case?
    kumar pravinchandra panchal
    @kumar1801
    @maximthomas with microsoftonline SSO page will not render in X-frame as they denying and we have to find out the solution without SSO page redirect we can do federation.
    Maxim Thomas
    @maximthomas
    @kumar1801 MS block ifame due to security issues, so this approach makes sence. As an alternative you could use OpenAM authentication API without UI
    kumar pravinchandra panchal
    @kumar1801
    @maximthomas can you please help me out for any documentation?
    Maxim Thomas
    @maximthomas
    @kumar1801 hi, what kind of help do you need?
    attriel
    @_attriel__twitter

    Hey I have what is apparently a weird question (based on my lack of search results):
    I'm trying to setup opendj on AWS EC2. I can get it to launch a primary and then any further nodes find a prior node and add themselves to the replication lists, that works great. But if i terminate anode without dsreplication disable, it stays in the list and i can't add a new replicant (timeouts i think).

    2 questoins:
    (1) is there any way to force-detach a deceased replicant by running a command/commands on the remaining nodes?
    (2) is there any configurable timeout for how long a node can be unreachable for replication before it gets dropped from the replication lists? (I don't know if such a setting exists, but if it does can it be configured)

    (my server admins tell me i can't rely on a shutdown script since a server/node could go bad and be unable to communicate it's own disconnect)
    kumar pravinchandra panchal
    @kumar1801
    @maximthomas With SameSite Configuration in IE 11 is not working correctly
    Maxim Thomas
    @maximthomas
    @kumar1801 there is a problem with IE11 itself.
    kumar pravinchandra panchal
    @kumar1801
    Yes
    Is there any way to change the response code 302 to 403 ?
    kumar pravinchandra panchal
    @kumar1801

    As due to 302 error code we are receiving pre-flight cors policy error.

    In earlier version of OpenAM modified to 403 but with new version we are receiving again 302

    Mike Schwartz
    @nynymike
    Hi guys.
    What's the story with OpenIdentityPlatform?
    Is there a new open source version of OpenDJ that was forked?
    kumar pravinchandra panchal
    @kumar1801
    @maximthomas is there any way to change error code in openam
    Maxim Thomas
    @maximthomas
    @kumar1801 Could you create an issue in the project?
    shivammukhi
    @shivammukhi
    Hi guys,
    Has anyone implemented scripted rest connector? Why is it not visible in the drop down of new connector page ?
    jimmydevenportdxc
    @jimmydevenportdxc

    We found a problem in OpenIDM with Configure->Authentication not loading, it seems to be missing the codemirror folder?

    It gets 404s on:

    • admin/libs/codemirror/lib/codemirror.js
    • admin/libs/codemirror/mode/groovy/groovy.js
    • admin/libs/codemirror/mode/javascript/javascript.js
    • admin/libs/codemirror/addon/display/placeholder.js

    There is no "codemirror" folder in /path/to/openidm/ui/admin/default/libs/.

    Link Configure->Social ID Providers gets a 404 on admin/libs/codemirror/mode/xml/xml.js

    Link Configure->System Preferences gets the same 404s as Configure->Authentication (same 4).

    Is there a missing folder that someone forgot to put into the zip?

    Thanks!

    jimmydevenportdxc
    @jimmydevenportdxc
    I solved my own problem by downloading codemirror.zip from codemirror.net and putting the correct files in /path/to/openidm/ui/admin/default/libs/codemirror/...
    jimmydevenportdxc
    @jimmydevenportdxc
    Actually, OpenIdentityPlatform/OpenIDM#6 already fixed this? Why doesn't the latest openidm-5.5.0.zip have the fix then?