Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    vharseko
    @vharseko
    $ ls config/schema/
    00-core.ldif 03-keystore.ldif 03-rfc2739.ldif 03-uddiv3.ldif 05-solaris.ldif
    01-pwpolicy.ldif 03-pwpolicyextension.ldif 03-rfc2926.ldif 04-rfc2307bis.ldif 06-compat.ldif
    02-config.ldif 03-rfc2713.ldif 03-rfc3112.ldif 05-rfc4876.ldif 99-user.ldif
    03-changelog.ldif 03-rfc2714.ldif 03-rfc3712.ldif 05-samba.ldif
    kumar panchal
    @kumarpanchal18_twitter
    can you please provide full path?
    vharseko
    @vharseko
    you use OpenDJ as External DS ?
    kumar panchal
    @kumarpanchal18_twitter
    Yeah
    while configuration i have provided my own LDAP as external
    vharseko
    @vharseko
    on external DS search find / -name 99-user.ldif
    kumar panchal
    @kumarpanchal18_twitter
    Meanwhile on my LDAP location?
    vharseko
    @vharseko
    yes
    kumar panchal
    @kumarpanchal18_twitter

    Ok. Just we have to import 99-user. ldif file and issue will resolve?

    Because it's hitting authenticate the request with an anonymous user to get login page of openam

    vharseko
    @vharseko
    yes
    kumar panchal
    @kumarpanchal18_twitter
    Ok
    Thank you let me do it and get back you
    kumar panchal
    @kumarpanchal18_twitter
    CTS: Timed out whilst waiting for result
    at org.forgerock.openam.cts.impl.queue.AsyncResultHandler.getResults(AsyncResultHandler.java:88)
    at org.forgerock.openam.cts.monitoring.impl.queue.TokenMonitoringResultHandler.getResults(TokenMonitoringResultHandler.java:50)
    Receiving this
    vharseko
    @vharseko
    please restart and reindex external DS after schema update and attach full openam log
    kumar panchal
    @kumarpanchal18_twitter
    Ok
    kumar pravinchandra panchal
    @kumar1801
    HI
    Asad Shakeel
    @AsadShakeel
    HI! I want to create a new JWT key/pair and change the existing one in OAuth2Provider. How can I do that?
    pawel-dev
    @pawel-dev
    I've encountered an interesting problem:
    • I'm working with OpenAM 14.2.2
    • I'm trying to set up an external data store, using Apache DS 2.0.0, in which there are about 500 users and several groups configured
    • OpenAM shows me only 100 of users from the external LDAP, in addition to the users openAm and anonymous, and no groups from LDAP
    • Any of the 100 visible users can be successfully authenticated in OpenAM, but the remaining users cannot
      Does anyone know of any limit in OpenAM, that would prevent me from accessing the remaining users? How about the groups - I need them to build authorization rules.
    Maxim Thomas
    @maximthomas
    @pawel-dev
    Hi. there is no limit in OpenAM, seems there is an issue with external data store configuration
    dieterdanger
    @dieterdanger

    Hello everyone, we have a few questions regarding OpenAM Community Edition:

    • Will trees / nodes be supported at any point in the future?
    • In general, if a new feature is implemented into the commercial product FR AccessManagement, where does the community get the source code from? Is there even a source code from ForgeRock or are all new features implemented from scratch and made to look like in the original product?
    • Does the recent version of OpenAM Community Edition support ActiveDirectory-Authentication?

    Best regards

    kumar pravinchandra panchal
    @kumar1801

    Hello Everyone,

    Is any configuration to speedup rendering on LOGIN page?
    It is taking a bit longer on landing on login page using new architecture of XUI.

    Thank you in advance.

    Maxim Thomas
    @maximthomas
    @kumar1801 Hello, you can always switch back to classic UI using system option -DXUI.enable=false
    Maxim Thomas
    @maximthomas

    @dieterdanger
    Hello

    • Will trees / nodes be supported at any point in the future?

    What do you mean about trees/nodes?

    • In general, if a new feature is implemented into the commercial product FR AccessManagement, where does the community get the source code from? Is there even a source code from ForgeRock or are all new features implemented from scratch and made to look like in the original product?

    We do not have access to ForgeRock source code, we develop the products independently

    • Does the recent version of OpenAM Community Edition support ActiveDirectory-Authentication?

    Yes, via login and password, via Kerberos and also NTLM

    kumar pravinchandra panchal
    @kumar1801

    HI.

    Are we have support on SameSite=None as chrome will not support third-party cookies from Feb 17 2020?

    If yes then how we can achieve in OpenAM-14.4.2?

    Maxim Thomas
    @maximthomas
    @kumar1801
    Hi, in current release no, but we have plans to add SameSite=Lax, None, Strict and NotSet support recently
    kumar pravinchandra panchal
    @kumar1801
    @maximthomas
    Hi
    Till, when it will be completed?
    Maxim Thomas
    @maximthomas
    @kumar1801 we don't have exact deadline, but we'll try to make it done till 17-Feb-2020.
    kumar pravinchandra panchal
    @kumar1801
    Thank you so much @maximthomas
    kumar pravinchandra panchal
    @kumar1801

    Hi,

    Is any update on SameSite implementation?

    Maxim Thomas
    @maximthomas
    Hi, I'm still working on it...
    kumar pravinchandra panchal
    @kumar1801
    Ok. Thank you @maximthomas
    Maxim Thomas
    @maximthomas
    @kumar1801 Hi, you I've done same site cooke. https://github.com/OpenIdentityPlatform/commons/tree/issues/samesite_cookie and https://github.com/OpenIdentityPlatform/OpenAM/tree/issues/samesite_cookie But did not merge into master branches yet.
    There is a new system parameter org.openidentityplatform.openam.cookie.samesite - SameSite cookie value
    kumar pravinchandra panchal
    @kumar1801

    Thank you @maximthomas .

    We will test it and get back to you.

    Is it any documentation available on how to configure this system parameter?
    Maxim Thomas
    @maximthomas
    @kumar1801 If you use tomcat, you cat set -Dorg.openidentityplatform.openam.cookie.samesite=None in setenv.shfile
    kumar pravinchandra panchal
    @kumar1801
    Ok
    kumar pravinchandra panchal
    @kumar1801

    @maximthomas We tested with basic SSO and it is working fine with SameSite = None.

    Thank you

    Maxim Thomas
    @maximthomas
    @kumar1801 Great, thanks!
    Arvind Gupta
    @arvindgu

    How to configure MD5 hash digest password encryption for Mysql IDP data store?
    I need to connect to existing Mysql database where user's passwords are hashed using MD5 Digest (One way hash).
    I do not see an option to specify the encryption scheme for password while creating a JDBC module and a Mysql data store. Also I could not find anything in documentation.

    While creating JDBC module, an option available is "Class to Transform Password Syntax". However this transformation can be applied after OpenAM retrieves the password from Mysql and that would mean I will need decrypt the MD5 hash, which won't be possible.

    My questions are:

    1. How to configure MD5 hash digest password encryption for Mysql IDP data store from OpenAM UI?
    2. Is there a way to control the password comparison process, so that I can hash the user given password and that will get compared with the hashed password stored in database? Can you pleases provide the classes, where password's are compared?

    Appreciate any help in this regards.

    winlong
    @winlong
    when executing installation on suse linux 15 leap, it shows a message :
    SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
    SLF4J: Defaulting to no-operation (NOP) logger implementation
    SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
    martipamies
    @martipamies
    Hi at all, my name is Marti Pamies and this is my first message at the Open Identity Platform Community. I am CTO of VICO Open Modeling, a company based in Barcelona. Two month ago we found this tool and it was a great surprise as the amazing features is able to provide. Now we are looking for some training to have a deeper Knowledge on it. For what I've read in a post by @vharseko some companies provides consulting and suport services. How we can get more information on it?
    Thks
    Maxim Thomas
    @maximthomas
    @arvindgu Hi, you need to implement interface com.sun.identity.authentication.modules.jdbc.JDBCPasswordSyntaxTransform and set your class implementation in Class to Transform Password Syntax setting of your JDBC module
    @winlong Hi, it is not critical message for OpenDJ console utils and does not affect their functionality
    Maxim Thomas
    @maximthomas
    @martipamies Hi, please send an RFP to support@3a-systems.ru
    kumar pravinchandra panchal
    @kumar1801

    HI @maximthomas

    Is there any option available in SSO federation using autoAuth parameter I can do federation without redirects for Microsoft applications?

    Maxim Thomas
    @maximthomas
    Hi @kumar1801 Could you provide more details about the case?