Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • May 27 11:29
  • May 26 03:56

    maximthomas on npm_and_yarn

    (compare)

  • May 26 03:56

    maximthomas on master

    Bump grunt from 1.5.2 to 1.5.3 … (compare)

  • May 26 03:56
    maximthomas closed #507
  • May 26 00:13
    dependabot[bot] labeled #507
  • May 26 00:13
    dependabot[bot] labeled #507
  • May 26 00:13
    dependabot[bot] opened #507
  • May 26 00:13

    dependabot[bot] on npm_and_yarn

    Bump grunt from 1.5.2 to 1.5.3 … (compare)

  • May 25 13:02
  • May 25 12:00
    BalSzabo opened #506
  • May 25 11:54
    BalSzabo opened #505
  • May 25 07:16
    maximthomas review_requested #504
  • May 25 07:16
    maximthomas opened #504
  • May 24 17:51

    vharseko on master

    FIX disable init DJLDAPv3Repo w… (compare)

  • May 24 17:51
    vharseko closed #503
  • May 24 15:59
    vharseko opened #503
  • May 24 03:42
  • May 24 03:41
    vestigegroup starred OpenIdentityPlatform/OpenAM
  • May 23 20:11

    vharseko on master

    CTS add cache for persistence l… (compare)

  • May 23 20:11
    vharseko closed #502
Ramón Rial
@rrialq
The problem is part of our attempt to add a rudimentary support for Mobile Connect to openam-auth-oauth2.
Our provider signed the JWT with SHA256withRSA.
It works with an old unsecure version of the provider API, that uses another algorithm.
Ramón Rial
@rrialq
Hello again.
I have wroted a custom module.
I have registered in the OpenAM, and I have created a module for use it.
My surprise is that the AttributeSchema's appears in an unsorted order (I have not found criteria on sorted them).
Is there a way to sort them?
It seems the sms.dtd supports the "order" attribute in "AttributeSchema", but I don't know if this attribute is used for sortering the UI or what.
Any ideas about sortering AttributeSchema's in UI?
Ramón Rial
@rrialq
Please, forget it.
I 'just got it using the order attribute starting at "0" value.
Thank you.
Ramón Rial
@rrialq

In my custom module authentication I'have defined a custom callback:

<ModuleProperties moduleName="MobileConnectionRequirements" version="1.0" >
<Callbacks length="0" order="1" timeout="600" header="#WILL NOT BE SHOWN#" />
<Callbacks length="1" order="2" timeout="600" header="#WILL BE SUBSTITUTED#">
<TextInputCallback isRequired="true" >
<Prompt>#PHONE_NUMBER#</Prompt>
</TextInputCallback>
</Callbacks>
</ModuleProperties>

2 replies
It is mandatory to implement a custom Login page for this?
Is there any guidelines for that?
Ramón Rial
@rrialq
Another question. I am writing a PAP. Is it possible determine de module in a chain that makes failure authentication?
I am not sure about how to test it.
In onLogonFailure I need to write an action that sends a code to a webservice depending of the module that goes into failure.
9 replies
Ramón Rial
@rrialq
More questions. This time about commons versions.
It seems there is a org.openidentityplatform.commons.audit:parent versions 2.07, 2.0.8, 2.0.9, 2.0.10, 2.0.11 and 2.0.12, but there is not tag on git repository greater than 2.0.6. Is this right for some reason?
2 replies
Ramón Rial
@rrialq

Hello everybody.
I've seen that in OpenAM (>=14.4.2) file WEB-INF/classes/log4j.properties contains an extrange first line:

#Set the global log level to ERROR.log4j.rootLogger=ERROR, ROOT

I think it should be splitted in two lines:

#Set the global log level to ERROR.
log4j.rootLogger=ERROR,ROOT

Is this right?

1 reply
Ramón Rial
@rrialq
@maximthomas I've created a pull request for solving the OpenIdentityPlatform/OpenAM#410:
openam-auth-msisdn doesn't handle multiple ldap servers.
2 replies
vugrinov
@vugrinov
Hey guys, can you help me th this error using default configuration in openam 14.6.4 in docker :
An unexpectederror occurred while attempting to initialize the command-line arguments:The provided value "-1" for argument --adminConnectorPort is not acceptable:The provided adminConnectorPort value -1 is unacceptable because it is belowthe lower bound of 1
1 reply
Ramón Rial
@rrialq
Hello, again.
I am giving my first steps with XUI customization.
I just now how to create a custom theme, how to modify some parts of the login page, how to translate it...
But I don't know how to customize the index.html page.
It seems this page is common for all themes.
I've test to copy inside root of my theme, but OpenAM doesn't see it.
Is it possible to customize index.html inside a theme? I don't want modify index.html for all realms.
Ramón Rial
@rrialq
I want to add a static header to all pages, so I need to modify the main page of every category (admin, user, login...).
Ramón Rial
@rrialq
Hello, again.
Another question.
How can I change the language in the login page without losing parameters?
It seems that there is no standard way to do this.
May be with XUI?locale=es&login# (but this way loses service parameter, for example)
What about iterating through available locales?
Ramón Rial
@rrialq
Another question. How can I check inside XUI if the locale is "en" or "es", for example?
I can't see in manual a list of variables that I can use in templates.
Ramón Rial
@rrialq
Good days, again.
One more question: Is there any way to restrict languages to a subset?
For example, my requirements are support only es (Spanish) and gl (Galician), so if the browser sends something different (for example en) it should rely to default 'gl'. I¡ve just configured the default locale at Platform, Server site and realm, but it seems there is no way to restrict languages supported.
nightswimmings
@nightswimmings
Hi! Hi, is there any way to emulatel http://idp.ssocircle.com/sso/toolbox/ossoPwDecrypt.jsp with openssl (so it's confidentially scriptable)?
marcelo
@marceloibanez
Hello community
have a question for you
do you know if openAM use log4j?
or openAM use logback?
1 reply
Christian
@spetix
Hello, is it possible to configure an openam instance using ssoadm from a remote machine? what is required to do so?
maxherrerar
@maxherrerar
Hello guys, I new with OpenAM but I can't use OpenAM with LDAPS (Active Directory)
I generated the ssl certificate, imported in Tomcat with keytool, but nothing works
the error is related to SSL handshake
maxherrerar
@maxherrerar
.With LDP tool, the connection works using LDAPS with port 636
Kilburn3G
@Kilburn3G
This message was deleted
2 replies
Kilburn3G
@Kilburn3G

After installing and configuring OpenAM 14.6.4, when I navigate to some settings in my realm, or in a new realm that I create, I get redirected back to the login page for the console. This happens mainly when I go to the subjects section

Also, I'm trying to enable merging of the debug files, but after saving the settings, I don't see the merged file

Kilburn3G
@Kilburn3G
My issue looks similar to this, but there are no solutions in this thread OpenIdentityPlatform/OpenAM#76
Maxim Thomas
@maximthomas
@Kilburn3G have you set httpOnly cookie mode? This could cause the issue. As a workaround you can disable XUI and use classic UI by setting -DXUI.enable=false system property
Peter Mihaly Avramucz
@muczy
hi all, with OpenAM 14.6.4 (with OpenDJ 4.4.9) after creating about 1M users, our systems choke when presented with a device code OAuth flow
we located that during the random code generation, OpenAM searches OpenDJ to be sure not to generate the same code twice, but this times out (> 10 seconds) with 1M users
the OpenAM and OpenDJ are located on separate powerful machines but these to-be-sure LDAP searches simply kill OpenDJ response times
we tried putting indexes in OpenDJ (coretokenstring14) which seemed like a solution but suddenly the system came to a full stop so we had to disabled the indexes
does anyone have experience with high number of users?
Peter Mihaly Avramucz
@muczy
@maximthomas actually we tried Cassandra which timed out after 20 seconds (instead of the 10 seconds in OpenDJ) so it seems like, OpenAM has some fundamental performance issue with the device code generation
in the meantime, we tried to modify OpenAM source code to remove the duplicate code check (which holds some danger of course...) and now device code generation is basically instantaneous according the tests
do you have any other suggestions or do you have any comments about such source code modification (in our environment, not talking about modifying the public OpenAM)?
Maxim Thomas
@maximthomas
@muczy sure, you can build your own war file, with your own custom classes. See
https://maven.apache.org/plugins/maven-war-plugin/overlays.html
Peter Mihaly Avramucz
@muczy
hmm, actually that's not a bad idea
thanks!
Ramón Rial
@rrialq
Hello.
I am writting a PAP.
The PAP works, but I found an extrange behaviour about sharedState Map.
If you write an authentication module that stores some custom keys in the sharedState Map, and the authentication ends with failure, the sharedState received at onLoginFailure method of PAP doesn't contains the custom keys.
May be I am missing something?
Ramón Rial
@rrialq
It seems the only way to share information between modules and PAP on failure authentication is HttpServletRequest.
But this seems to be in contradiction with the sharedState object received at pap method.
Is this right? Am I wrong?
Ramón Rial
@rrialq
May be I am wrong. I think the response is in LoginState.java.
This class contains two properties: requestMap and sharedState.
In LoginState.executePostProcessSPI method, it calls the onLoginFailure passing the requestMap, property not the sharedState property.
This conforms the documentation in AMPostAuthProcessInterface, so I am wrong.
The Post Authentication methods don't receive the sharedState, they receive the requestMap.
Maxim Thomas
@maximthomas
Hi, @rrialq
I would suggest a workaroud: you can throw an exception with all required data and then, access the data in onLoginFailure handler.
3 replies
capmatch
@capmatch

Hi all,
I found that there are not much resource/documentation on the following user cases:

  1. Install OpenAM into k8s with multiple pod
  2. The pod should be ready with installed configuration
  3. The pod with openAM are imported with SP/IDP configuration and COT

Anyone of you have do similar setup before?

4 replies
Ramón Rial
@rrialq
Hi all, again.
I have a new requirement.
In a PAP I've setted some custom attributes that I need to recover at the same time as datastore attributes, to avoid the need for two http request.
Is there a way to configure that in a similar way as DataStore User Attributes?
I know I can retrieve them specifying their names, but this requires or two requests or a very long list of parameter names to retrieve all information.
1 reply
marcelo
@marceloibanez
Hello to everyone
I have a question regarding OpenAM replication (HA enviroment)
if I create a Realm (via UI console), it is replicated in Secondary OpenAM, if later I create a COT inside this new Realms or try to modify something, it is not replicated.
question is: replication work in update leverl over an existing configs?
Thanks in advance