Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    kumar panchal
    @kumarpanchal18_twitter
    Thank you let me do it and get back you
    kumar panchal
    @kumarpanchal18_twitter
    CTS: Timed out whilst waiting for result
    at org.forgerock.openam.cts.impl.queue.AsyncResultHandler.getResults(AsyncResultHandler.java:88)
    at org.forgerock.openam.cts.monitoring.impl.queue.TokenMonitoringResultHandler.getResults(TokenMonitoringResultHandler.java:50)
    Receiving this
    vharseko
    @vharseko
    please restart and reindex external DS after schema update and attach full openam log
    kumar panchal
    @kumarpanchal18_twitter
    Ok
    kumar pravinchandra panchal
    @kumar1801
    HI
    Asad Shakeel
    @AsadShakeel
    HI! I want to create a new JWT key/pair and change the existing one in OAuth2Provider. How can I do that?
    pawel-dev
    @pawel-dev
    I've encountered an interesting problem:
    • I'm working with OpenAM 14.2.2
    • I'm trying to set up an external data store, using Apache DS 2.0.0, in which there are about 500 users and several groups configured
    • OpenAM shows me only 100 of users from the external LDAP, in addition to the users openAm and anonymous, and no groups from LDAP
    • Any of the 100 visible users can be successfully authenticated in OpenAM, but the remaining users cannot
      Does anyone know of any limit in OpenAM, that would prevent me from accessing the remaining users? How about the groups - I need them to build authorization rules.
    Maxim Thomas
    @maximthomas
    @pawel-dev
    Hi. there is no limit in OpenAM, seems there is an issue with external data store configuration
    dieterdanger
    @dieterdanger

    Hello everyone, we have a few questions regarding OpenAM Community Edition:

    • Will trees / nodes be supported at any point in the future?
    • In general, if a new feature is implemented into the commercial product FR AccessManagement, where does the community get the source code from? Is there even a source code from ForgeRock or are all new features implemented from scratch and made to look like in the original product?
    • Does the recent version of OpenAM Community Edition support ActiveDirectory-Authentication?

    Best regards

    kumar pravinchandra panchal
    @kumar1801

    Hello Everyone,

    Is any configuration to speedup rendering on LOGIN page?
    It is taking a bit longer on landing on login page using new architecture of XUI.

    Thank you in advance.

    Maxim Thomas
    @maximthomas
    @kumar1801 Hello, you can always switch back to classic UI using system option -DXUI.enable=false
    Maxim Thomas
    @maximthomas

    @dieterdanger
    Hello

    • Will trees / nodes be supported at any point in the future?

    What do you mean about trees/nodes?

    • In general, if a new feature is implemented into the commercial product FR AccessManagement, where does the community get the source code from? Is there even a source code from ForgeRock or are all new features implemented from scratch and made to look like in the original product?

    We do not have access to ForgeRock source code, we develop the products independently

    • Does the recent version of OpenAM Community Edition support ActiveDirectory-Authentication?

    Yes, via login and password, via Kerberos and also NTLM

    kumar pravinchandra panchal
    @kumar1801

    HI.

    Are we have support on SameSite=None as chrome will not support third-party cookies from Feb 17 2020?

    If yes then how we can achieve in OpenAM-14.4.2?

    Maxim Thomas
    @maximthomas
    @kumar1801
    Hi, in current release no, but we have plans to add SameSite=Lax, None, Strict and NotSet support recently
    kumar pravinchandra panchal
    @kumar1801
    @maximthomas
    Hi
    Till, when it will be completed?
    Maxim Thomas
    @maximthomas
    @kumar1801 we don't have exact deadline, but we'll try to make it done till 17-Feb-2020.
    kumar pravinchandra panchal
    @kumar1801
    Thank you so much @maximthomas
    kumar pravinchandra panchal
    @kumar1801

    Hi,

    Is any update on SameSite implementation?

    Maxim Thomas
    @maximthomas
    Hi, I'm still working on it...
    kumar pravinchandra panchal
    @kumar1801
    Ok. Thank you @maximthomas
    Maxim Thomas
    @maximthomas
    @kumar1801 Hi, you I've done same site cooke. https://github.com/OpenIdentityPlatform/commons/tree/issues/samesite_cookie and https://github.com/OpenIdentityPlatform/OpenAM/tree/issues/samesite_cookie But did not merge into master branches yet.
    There is a new system parameter org.openidentityplatform.openam.cookie.samesite - SameSite cookie value
    kumar pravinchandra panchal
    @kumar1801

    Thank you @maximthomas .

    We will test it and get back to you.

    Is it any documentation available on how to configure this system parameter?
    Maxim Thomas
    @maximthomas
    @kumar1801 If you use tomcat, you cat set -Dorg.openidentityplatform.openam.cookie.samesite=None in setenv.shfile
    kumar pravinchandra panchal
    @kumar1801
    Ok
    kumar pravinchandra panchal
    @kumar1801

    @maximthomas We tested with basic SSO and it is working fine with SameSite = None.

    Thank you

    Maxim Thomas
    @maximthomas
    @kumar1801 Great, thanks!
    Arvind Gupta
    @arvindgu

    How to configure MD5 hash digest password encryption for Mysql IDP data store?
    I need to connect to existing Mysql database where user's passwords are hashed using MD5 Digest (One way hash).
    I do not see an option to specify the encryption scheme for password while creating a JDBC module and a Mysql data store. Also I could not find anything in documentation.

    While creating JDBC module, an option available is "Class to Transform Password Syntax". However this transformation can be applied after OpenAM retrieves the password from Mysql and that would mean I will need decrypt the MD5 hash, which won't be possible.

    My questions are:

    1. How to configure MD5 hash digest password encryption for Mysql IDP data store from OpenAM UI?
    2. Is there a way to control the password comparison process, so that I can hash the user given password and that will get compared with the hashed password stored in database? Can you pleases provide the classes, where password's are compared?

    Appreciate any help in this regards.

    winlong
    @winlong
    when executing installation on suse linux 15 leap, it shows a message :
    SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
    SLF4J: Defaulting to no-operation (NOP) logger implementation
    SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
    martipamies
    @martipamies
    Hi at all, my name is Marti Pamies and this is my first message at the Open Identity Platform Community. I am CTO of VICO Open Modeling, a company based in Barcelona. Two month ago we found this tool and it was a great surprise as the amazing features is able to provide. Now we are looking for some training to have a deeper Knowledge on it. For what I've read in a post by @vharseko some companies provides consulting and suport services. How we can get more information on it?
    Thks
    Maxim Thomas
    @maximthomas
    @arvindgu Hi, you need to implement interface com.sun.identity.authentication.modules.jdbc.JDBCPasswordSyntaxTransform and set your class implementation in Class to Transform Password Syntax setting of your JDBC module
    @winlong Hi, it is not critical message for OpenDJ console utils and does not affect their functionality
    Maxim Thomas
    @maximthomas
    @martipamies Hi, please send an RFP to support@3a-systems.ru
    kumar pravinchandra panchal
    @kumar1801

    HI @maximthomas

    Is there any option available in SSO federation using autoAuth parameter I can do federation without redirects for Microsoft applications?

    Maxim Thomas
    @maximthomas
    Hi @kumar1801 Could you provide more details about the case?
    kumar pravinchandra panchal
    @kumar1801
    @maximthomas with microsoftonline SSO page will not render in X-frame as they denying and we have to find out the solution without SSO page redirect we can do federation.
    Maxim Thomas
    @maximthomas
    @kumar1801 MS block ifame due to security issues, so this approach makes sence. As an alternative you could use OpenAM authentication API without UI
    kumar pravinchandra panchal
    @kumar1801
    @maximthomas can you please help me out for any documentation?
    Maxim Thomas
    @maximthomas
    @kumar1801 hi, what kind of help do you need?
    attriel
    @_attriel__twitter

    Hey I have what is apparently a weird question (based on my lack of search results):
    I'm trying to setup opendj on AWS EC2. I can get it to launch a primary and then any further nodes find a prior node and add themselves to the replication lists, that works great. But if i terminate anode without dsreplication disable, it stays in the list and i can't add a new replicant (timeouts i think).

    2 questoins:
    (1) is there any way to force-detach a deceased replicant by running a command/commands on the remaining nodes?
    (2) is there any configurable timeout for how long a node can be unreachable for replication before it gets dropped from the replication lists? (I don't know if such a setting exists, but if it does can it be configured)

    (my server admins tell me i can't rely on a shutdown script since a server/node could go bad and be unable to communicate it's own disconnect)
    kumar pravinchandra panchal
    @kumar1801
    @maximthomas With SameSite Configuration in IE 11 is not working correctly
    Maxim Thomas
    @maximthomas
    @kumar1801 there is a problem with IE11 itself.
    kumar pravinchandra panchal
    @kumar1801
    Yes
    Is there any way to change the response code 302 to 403 ?
    kumar pravinchandra panchal
    @kumar1801

    As due to 302 error code we are receiving pre-flight cors policy error.

    In earlier version of OpenAM modified to 403 but with new version we are receiving again 302