Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    Maxim Thomas
    @maximthomas
    @nynymike , hey, seems WrenSecurity community is not active recently. This gitter is for Open Identity Platform Community https://www.openidentityplatform.org/
    Shivangi301293
    @Shivangi301293
    Hello everyone, I have a question regarding OpenAM version 14.5.3
    Does this version of OpenAM support generic LDAP? If not then which server can be used to implement LDAP as a data store.
    Maxim Thomas
    @maximthomas
    @Shivangi301293 hello, OpenAM supports generic LDAP as a user data store.
    Shivangi301293
    @Shivangi301293
    @maximthomas I was in the middle of OpenAM setup where we configure data store and I didn't find generic LDAP server. Instead there were "IBM Tivoli Server" and "Oracle Directory Server, should any of them be used for the data store configuration?
    Maxim Thomas
    @maximthomas
    @Shivangi301293 OpenAM does not support generic LDAP as a Configuration data store out of the box, only as User Data store.
    Shivangi301293
    @Shivangi301293
    @maximthomas There used to be an option to select the type of data store labeled “Generic LDAPv3”, now I don’t see this option any more, so is one of the existing selections equivalent? Or does something need to be done to enable this selection?
    Maxim Thomas
    @maximthomas
    @Shivangi301293, in which version the option was available? Why can't you use OpenDJ for OpenAM config data store?
    Shivangi301293
    @Shivangi301293
    @maximthomas version 14.2.2 has the option
    Shivangi301293
    @Shivangi301293
    @maximthomas We can't use OpenDJ because we have customers, who already have LDAP servers with a large number of users set up for other applications. We need to give them an opportunity to reuse these existing servers to support the applications, which also require OpenAM. The customers do not wish to set up another LDAP services (i.e. OpenDJ) and maintain users’ credentials twice.
    mancheaka
    @mancheaka
    @maximthomas I'm trying to follow the Admin Guide's instructions for setting up SAML2 in "integrated mode". The Login part works properly but Logout does not trigger SLO. I've tested that using "standalone mode" works for both Login and Logout. I see messages in the Federation and Authentication log where it seems to create the SLO request, on Logout you see a message showing the URL-encoded form of the SLO request but the request is never fired. I'm taken straight to XUI's successful logout page but the IdP session remains intact as the SLO request was never sent. The module has SLO enabled set to true and the post-processing plugin is been added to the chain. The module config is set so that the request binding is HTTP-Redirect and the response binding is HTTP-POST. Which I don't think is an issue, since the post processing plugin seems to only support HTTP-Redirect anyways. Am I missing something obvious?
    Ramón Rial
    @rrialq
    Hello.
    A few days ago I upgrade the handler-elasticsearch to support ElasticSearch 7.x.
    But I have a question about OpenAM and Audit Logging.
    I know it is possible customize the access content (I can configure it to write the tokenId in the access.scv), but I would like to write the tokenId in the authentication.csv file after a successful login. Is this possible with the version 14.5.4 or should I modify the code to allow this?
    Ustaz Jahan Zaib
    @UstazZaib_twitter

    HI
    I am new here

    Just want to know can we use Open AM in AWS Dockers and it can auto scale
    how the configuration will happen if it auto scale e.g. opendj settings and other SSO things in Open AM

    Maxim Thomas
    @maximthomas
    Hi, @UstazZaib_twitter Autoscaling OpenAM instances is not supported, OpenAM could be deployed as a StatefulSet
    https://github.com/OpenIdentityPlatform/OpenAM/wiki/How-To-Run-OpenAM-in-Kubernetes
    Mike Schwartz
    @nynymike
    If you are using the K8S distro, you can autoscale the Gluu Server openid service (oxAuth). But a big challenge is auto-scaling your backend data service. At Gluu, we use LDAP and Couchbase for persistence. Forget autoscaling LDAP... and Couchbase does not support it yet. So it's definitely the holy grail... but not easy to accomplish.
    Ustaz Jahan Zaib
    @UstazZaib_twitter
    HI Everyone
    Any guideline how to add an auto generated attribute e.g. uuid while user is doing self service registration
    Mike Schwartz
    @nynymike
    To add a user, you are probably have some kind of program calling the SCIM /Users endpoint... so I would just generate the uuid before you call that endpoint ... every language has a uuid generation library, like in python has uuid.uuid4()
    Ustaz Jahan Zaib
    @UstazZaib_twitter
    HI Mike
    i am using the Self Service OpenAM Module
    Not sure how to add a customizable attribute their
    Mike Schwartz
    @nynymike
    oh, sorry, wrong chat!!! I thought this was the JanssenProject chat. Please ignore all my above comments.
    audouts
    @audouts
    I'm trying to use OpenDJ from a server. Ideally, I think Docker would be good but I can install it. Either way, I'm having trouble getting SSL to work. Can anyone help with that?
    I have a signed certificate from LetsEncrypt that auto-renews. I tried to put that in a keystore but it doesn't seem to work.
    why this causes the Forbiddn 403 error?
    i dont understand how to use this demo else
    Maxim Thomas
    @maximthomas
    @Rammboss Which case exactly causes the problem, could you provide more info?
    Luca Leonardo Scorcia
    @lscorcia
    Hello, I'm having troubles with the latest OpenAM release on my local development vm
    OpenAM does not start anymore with error com.sun.identity.common.configuration.ConfigurationException: Configuration store is not available.

    looking at catalina.out, I can see the following messages:

    ...EmbeddedOpenDS.startServer:DS Server started.
    org.forgerock.opendj.ldap.LoadBalancer:02/08/2021 04:38:12:849 PM EST: Thread[localhost-startStop-1,5,main]: TransactionId[d0f998fb-72ca-4716-8df7-d4cbafc52678-0]
    WARNING: Connection factory 'LDAPConnectionFactory(provider=Grizzly, host='login.domain.com', port=50389, options=org.forgerock.util.Options@72ad1f53)' is no longer operational: Connect Error: Connection refused org.forgerock.opendj.ldap.LoadBalancer:02/08/2021 04:38:12:850 PM EST: Thread[localhost-startStop-1,5,main]: TransactionId[d0f998fb-72ca-4716-8df7-d4cbafc52678-0] Starting monitoring thread org.forgerock.opendj.ldap.LoadBalancer:02/08/2021 04:38:12:851 PM EST: Thread[OpenDJ LDAP SDK Default Scheduler,5,main]: TransactionId[d0f998fb-72ca-4716-8df7-d4cbafc52678-56] Attempting reconnect to offline factory 'LDAPConnectionFactory(provider=Grizzly, host='login.domain.com', port=50389, options=org.forgerock.util.Options@72ad1f53)'
    amSetupServlet:02/08/2021 04:38:12:851 PM EST: Thread[localhost-startStop-1,5,main]: TransactionId[d0f998fb-72ca-4716-8df7-d4cbafc52678-0]
    ERROR: AMSetupServlet.checkConfigProperties
    org.forgerock.opendj.ldap.ConnectionException: Connect Error: No operational connection factories available
    at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:153)
    at org.forgerock.opendj.ldap.LdapException.newLdapException(LdapException.java:114)
    at org.forgerock.opendj.ldap.LoadBalancer.getMonitoredConnectionFactory(LoadBalancer.java:291)
    at org.forgerock.opendj.ldap.LoadBalancer$MonitoredConnectionFactory.getConnection(LoadBalancer.java:120)
    at org.forgerock.opendj.ldap.ConnectionLoadBalancer.getConnection(ConnectionLoadBalancer.java:41)

    Luca Leonardo Scorcia
    @lscorcia
    my setup is with embedded openDS, nothing special
    Luca Leonardo Scorcia
    @lscorcia
    Uhm. I loaded OpenAM 14.6.1 and it gives me the same problem? Something is fishy.
    Maxim Thomas
    @maximthomas
    @lscorcia Hello, please check the latest 14.6.2 release, just tested it with the docker image and there was no problem
    Luca Leonardo Scorcia
    @lscorcia
    I think I tried everything: 14.6.2 from releases, 14.6.1 from releases, self-built 14.6.3-SNAPSHOT... always the same error. HOWEVER, twice in what I think have been at least 50 restarts, it actually started. The next restart however it was gone again. Maybe some kind of race condition when updating OpenDJ? Can I avoid running the update?
    Luca Leonardo Scorcia
    @lscorcia
    Ok, I have recovered my setup. I think there is some race condition in the initial upgrade step when updating. OpenDS goes offline and tries to rebuild the indexes, but it takes some time on my VM (5-6 seconds). This time seems to be enough to trigger the Config LDAP connection timeout when OpenAM is starting. I manually ran the index-rebuild step and with the next restart OpenAM came up again
    The command I used was:
    root@luca-vm:/var/lib/tomcat8/openam/opends/bin# ./rebuild-index -b dc=openam,dc=openidentityplatform,dc=org --rebuildAll
    Luca Leonardo Scorcia
    @lscorcia
    Uhm, the error is still present, I need to run the index-rebuild command every time it fails to start :| Is there some way I can increase the timeout?
    sigegcp
    @sigegcp

    Hi all. Can you help me with error I have received.
    I'm trying to compile from source.

    [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.1:compile (default-compile) on project maven-external-dependency-plugin: Compilation failure
    [ERROR] No compiler is provided in this environment. Perhaps you are running on a JRE rather than a JDK?
    [ERROR]
    [ERROR] -> [Help 1]
    [ERROR]
    [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
    [ERROR] Re-run Maven using the -X switch to enable full debug logging.
    [ERROR]
    [ERROR] For more information about the errors and possible solutions, please read the following articles:
    [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException

    java -version
    openjdk version "1.8.0_275"
    OpenJDK Runtime Environment (build 1.8.0_275-b01)
    OpenJDK 64-Bit Server VM (build 25.275-b01, mixed mode)

    sigegcp
    @sigegcp

    I have installed JDK and pointed $JAVA_HOME to the new JDK file.

    I have started to build the app but have some error.

    [INFO] ForgeRock UI for ForgeRock Self-Service Example 21.0.0-SNAPSHOT FAILURE [ 1.033 s]
    [INFO] Self Service Examples 21.0.0-SNAPSHOT .............. SKIPPED
    [INFO] JSON Fluent 21.0.0-SNAPSHOT ........................ SKIPPED
    [INFO] ForgeRock Doc Build Maven Plugin 21.0.0-SNAPSHOT ... SKIPPED
    [INFO] ForgeRock Documentation Default Branding 21.0.0-SNAPSHOT SKIPPED
    [INFO] ForgeRock Common Documentation Content 21.0.0-SNAPSHOT SKIPPED
    [INFO] XCite Maven Plugin 1.1.0-SNAPSHOT .................. SKIPPED
    [INFO] ForgeRock OSGi Launcher Parent 1.1.1-SNAPSHOT ...... SKIPPED
    [INFO] ForgeRock OSGi Launcher Main 1.1.1-SNAPSHOT ........ SKIPPED
    [INFO] ForgeRock OSGi Launcher Zip 1.1.1-SNAPSHOT ......... SKIPPED
    [INFO] org.openidentityplatform.commons.geo 21.0.0-SNAPSHOT SKIPPED
    [INFO] org.openidentityplatform.commons.httpdump 21.0.0-SNAPSHOT SKIPPED
    [INFO] ForgeRock Bloom Filters 1.0.2-SNAPSHOT ............. SKIPPED
    [INFO] forgerock-bloomfilter-core 1.0.2-SNAPSHOT .......... SKIPPED
    [INFO] forgerock-bloomfilter-monitoring 1.0.2-SNAPSHOT .... SKIPPED
    [INFO] ForgeRock Persistit 4.3.1 .......................... SKIPPED
    [INFO] forgerock-persistit-core 4.3.1 ..................... SKIPPED
    [INFO] forgerock-persistit-ui 4.3.1 ....................... SKIPPED
    [INFO] ForgeRock Script Parent 3.0.3 ...................... SKIPPED
    [INFO] ForgeRock Script Common 3.0.3 ...................... SKIPPED
    [INFO] ForgeRock Script - JavaScript 3.0.3 ................ SKIPPED
    [INFO] ForgeRock Script - Groovy 3.0.3 .................... SKIPPED
    [INFO] ------------------------------------------------------------------------
    [INFO] BUILD FAILURE
    [INFO] ------------------------------------------------------------------------
    [INFO] Total time: 04:23 min
    [INFO] Finished at: 2021-02-11T14:59:38+01:00
    [INFO] ------------------------------------------------------------------------
    Maxim Thomas
    @maximthomas
    @lscorcia , hello, im afraid timeout is hardcoded and equal 60 seconds to start. If you are still facing the issue, please create an issue in the github and we will add
    Embedded OpenDS timeout parameter.
    @sigegcp Hello, please provide mvn -version command output. Seems JAVA_HOME points to a directory with JRE instead of JDK
    Luca Leonardo Scorcia
    @lscorcia
    @maximthomas thanks for the check! On my dev vm, I worked around the problem by changing the current buildinfo file content to the new one from /template/ - this way no update is triggered and it now starts reliably again.
    I just discovered the openam-jp fork. They seem to have some interesting development ongoing (I was looking at PKCE for OIDC). Do you have any contacts or relationship with them? Do you think it would it be possible to contact them and ask for permission to cherry-pick some commits from their repo? Is it such permission even needed (keeping code attribution of course)?
    Maxim Thomas
    @maximthomas
    @lscorcia yes, I saw this fork, and I'll ask them for cherry-picking their commits. Hope there won't be any problem because their code is also under CDDL license
    @lscorcia if you need a specific commit you can ask them by yourself and submit a PR with required commit to Open Identity Platform repository
    Luca Leonardo Scorcia
    @lscorcia
    @maximthomas I'll try! I was looking at your issue_samesitecookie branches. Is there any particular reason why they weren't merged back then? They look fine to me!
    Maxim Thomas
    @maximthomas
    @lscorcia thank you for the review I've just created a PR OpenIdentityPlatform/OpenAM#338
    Ramón Rial
    @rrialq
    Good days. Can anybody say me if there is OpenAM (OpenIdentityPlatform) has an authenticator for Android similar to the ForgeRock Authenticator, for using with MFA?
    I didn't found nor the project in GitHub neither information in wiki pages.
    Thank you.
    sigegcp
    @sigegcp

    @maximthomas
    Thanks i have corrected JDK problem.

    Now different one I have. I'm following these procedure to install.

    git clone --recursive https://github.com/OpenIdentityPlatform/OpenIDM.git
    mvn -DskipTests -Dmaven.javadoc.skip=true clean install -f OpenIDM/OpenICF/OpenDJ/forgerock-parent
    mvn -DskipTests -Dmaven.javadoc.skip=true clean install -f OpenIDM/OpenICF/OpenDJ
    mvn -DskipTests -Dmaven.javadoc.skip=true clean install -f OpenIDM/OpenICF
    mvn clean install -f OpenIDM

    When executed: mvn -DskipTests -Dmaven.javadoc.skip=true clean install -f OpenIDM/OpenICF/OpenDJ/forgerock-parent

    I receive this:

    mvn -DskipTests -Dmaven.javadoc.skip=true clean install -f OpenIDM/OpenICF/OpenDJ/forgerock-parent

    POM file OpenIDM/OpenICF/OpenDJ/forgerock-parent specified with the -f/--file command line argument does not exist
    [INFO] Scanning for projects...
    [ERROR] [ERROR] Some problems were encountered while processing the POMs:
    [FATAL] Non-readable POM /tmp/OpenIDM/OpenIDM/OpenICF/OpenDJ/forgerock-parent: /tmp/OpenIDM/OpenIDM/OpenICF/OpenDJ/forgerock-parent (No such file or directory) @
    @
    [ERROR] The build could not read 1 project -> [Help 1]
    [ERROR]
    [ERROR] The project (/tmp/OpenIDM/OpenIDM/OpenICF/OpenDJ/forgerock-parent) has 1 error
    [ERROR] Non-readable POM /tmp/OpenIDM/OpenIDM/OpenICF/OpenDJ/forgerock-parent: /tmp/OpenIDM/OpenIDM/OpenICF/OpenDJ/forgerock-parent (No such file or directory)
    [ERROR]
    [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
    [ERROR] Re-run Maven using the -X switch to enable full debug logging.
    [ERROR]
    [ERROR] For more information about the errors and possible solutions, please read the following articles:
    [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/ProjectBuildingException

    Maxim Thomas
    @maximthomas
    @sigegcp do you have a folder OpenIDM/OpenICF/OpenDJ/forgerock-parent?
    sigegcp
    @sigegcp

    Yes.

    This is inside:
    drwxr-xr-x 14 root root 4096 Feb 15 11:30 .
    drwxr-xr-x 24 root root 4096 Feb 15 11:30 ..
    drwxr-xr-x 5 root root 4096 Feb 15 11:31 forgerock-bloomfilter
    drwxr-xr-x 2 root root 4096 Feb 15 11:31 forgerock-bom
    drwxr-xr-x 4 root root 4096 Feb 15 11:31 forgerock-build-tools
    drwxr-xr-x 22 root root 4096 Feb 15 11:31 forgerock-commons
    drwxr-xr-x 7 root root 4096 Feb 15 11:31 forgerock-guice
    drwxr-xr-x 8 root root 4096 Feb 15 11:31 forgerock-i18n-framework
    drwxr-xr-x 7 root root 4096 Feb 15 11:31 forgerock-persistit
    drwxr-xr-x 6 root root 4096 Feb 15 11:30 forgerock-script
    drwxr-xr-x 7 root root 4096 Feb 15 11:31 forgerock-ui
    -rw-r--r-- 1 root root 78 Feb 15 11:30 .git
    -rw-r--r-- 1 root root 104 Feb 15 11:30 .gitignore
    -rw-r--r-- 1 root root 1320 Feb 15 11:30 .gitmodules
    drwxr-xr-x 2 root root 4096 Feb 15 11:30 legal
    drwxr-xr-x 4 root root 4096 Feb 15 11:31 maven-external-dependency-plugin
    -rw-r--r-- 1 root root 60989 Feb 15 11:30 pom.xml
    -rw-r--r-- 1 root root 307 Feb 15 11:30 README.md
    drwxr-xr-x 3 root root 4096 Feb 15 11:30 src
    -rw-r--r-- 1 root root 514 Feb 15 11:30 .travis.yml