by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Sep 18 19:57
    gaurav9822 starred OpenIdentityPlatform/OpenAM
  • Sep 18 10:53

    vharseko on master

    TRAVIS remove duplicate install… Exclude from deploy external de… Revert "REMOVE nexus-staging-ma… and 1 more (compare)

  • Sep 17 15:26

    OpenIdentityPlatformCommunity on 14.5.3

    (compare)

  • Sep 17 15:26

    OpenIdentityPlatformCommunity on master

    [ci skip] OpenIdentityPlatform/… [ci skip] OpenIdentityPlatform/… (compare)

  • Sep 17 14:40

    vharseko on master

    FIX travis timeout build (disab… (compare)

  • Sep 17 14:36

    vharseko on master

    (compare)

  • Sep 17 11:55

    vharseko on master

    downgrade maven-release-plugin … (compare)

  • Sep 17 09:04

    vharseko on master

    update maven-release-plugin <ve… Restore -DignoreSnapshots=true (compare)

  • Sep 17 08:03

    vharseko on master

    FIX travis build REMOVE nexus-staging-maven-plug… ADD dependency version openam-c… (compare)

  • Sep 17 07:28
    markusgod starred OpenIdentityPlatform/OpenAM
  • Sep 16 12:15

    vharseko on master

    Revert "Change DEFAULT_APPLICAT… Revert "Disable reset willExpir… (compare)

  • Sep 15 20:43
    ziadallaghi starred OpenIdentityPlatform/OpenAM
  • Sep 15 09:53

    vharseko on master

    FIX OSS release build Merge branch '14.5.2-branch' (compare)

  • Sep 14 21:05

    OpenIdentityPlatformCommunity on 14.5.2

    (compare)

  • Sep 14 21:05

    OpenIdentityPlatformCommunity on master

    [ci skip] OpenIdentityPlatform/… [ci skip] OpenIdentityPlatform/… (compare)

  • Sep 14 20:18

    vharseko on master

    Switch to org.openidentityplatf… (compare)

  • Sep 14 12:46
    neilcamilleri starred OpenIdentityPlatform/OpenAM
  • Sep 14 04:01
  • Sep 11 20:11
  • Sep 11 20:10
Shiva Kumar
@rahogata
An error occurred while processing this request. Contact your administrator
Shiva Kumar
@rahogata
I am running the application as given in github readme file. No logs are displayed could anyone please help me change logging configuration it will be great
vharseko
@vharseko
@shiva2991 try set -Dcom.iplanet.services.debug.level=message java property
Shiva Kumar
@rahogata
thank u, I found the logs in $HOME/openam/openam/debug directory and the cause for the error found in the stack trace is

ERROR: ConsoleServletBase.onUncaughtException
com.iplanet.jato.NavigationException: Exception encountered during forward
Root cause = [java.lang.IllegalStateException: type parameter is required]
at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:162)
at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:113)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.forgerock.openam.headers.SetHeadersFilter.doFilter(SetHeadersFilter.java:88)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:111)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.forgerock.openam.audit.context.AuditContextFilter.doFilter(AuditContextFilter.java:51)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

Root cause:
java.lang.IllegalStateException: type parameter is required
at com.sun.identity.console.task.model.OAuth2ModelImpl.getDisplayName(OAuth2ModelImpl.java:53)
at com.sun.identity.console.task.ConfigureOAuth2ViewBean.beginDisplay(ConfigureOAuth2ViewBean.java:108)
at com.iplanet.jato.taglib.UseViewBeanTag.doStartTag(UseViewBeanTag.java:149)
at org.apache.jsp.console.task.ConfigureO

vharseko
@vharseko
need "type" param in request: please attach HAR log or write steps for reproduce
Shiva Kumar
@rahogata
Hi, I was able to create oauth2 agent & successfully used OpenAM as OAuth2 provider, Is it possible to use it as broker that will generate oauth2 token by authenticating with google, facebook?
vharseko
@vharseko
@maximthomas need test OpenIdentityPlatform/OpenAM#18 (reported @shiva2991) old console UI bug ? work in XUI ?
Maxim Thomas
@maximthomas
@vharseko @shiva2991 Hello, i've tested OpenAM as OAuth2 provider. So, OAuth2 provider settings works both in old UI and XUI, OAuth2 client application settings works only in UI (there is redirect from XUI to old UI), I've set up provider for realm, registered application, autenticated, got access token, and get access token info without getting eny errors. @shiva2991 when did you get this error, you metioned earlier? How can I reproduce?
vharseko
@vharseko
@maximthomas , @shiva2991 reported problem in reverse case "OpenAM as OAuth2 Service Provider to other Identity Provider (like Facebook)"
Maxim Thomas
@maximthomas

Just set up OpenAM authentication via Facebook IDP, got fb user's attributes, but after setting new password got error:

javax.security.auth.login.LoginException: java.lang.NullPointerException
    at org.forgerock.openam.cts.CTSPersistentStoreImpl.deleteAsync(CTSPersistentStoreImpl.java:153)
    at org.forgerock.openam.authentication.modules.oauth2.OAuth.process(OAuth.java:272)
    at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1061)
    at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1229)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:219)
    at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:127)
    at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:570)
    at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:586)
    at com.sun.identity.authentication.UI.LoginViewBean.processLoginDisplay(LoginViewBean.java:1373)
    at com.sun.identity.authentication.UI.LoginViewBean.addLoginCallbackMessage(LoginViewBean.java:1517)
    at com.sun.identity.authentication.UI.LoginViewBean.getLoginDisplay(LoginViewBean.java:1023)
    at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:871)
    at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:522)
    at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
    at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
    at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBas

Created issue OpenIdentityPlatform/OpenAM#23

After disabling Prompt for password setting and activation code: option in OAuth authentication module, error disappeared.

Maxim Thomas
@maximthomas
@shiva2991 , I've just reproduced your exception, thx to @vharseko, taking OpenIdentityPlatform/OpenAM#18 to myself
Rohit Joshi
@rohit1991
Hello All :)
Rohit Joshi
@rohit1991

Hi :)
I am exploring on Open Identity community edition of OpenAM where I have one query -
Below is the link to 'Web Agent' module which is integral part of OpenAM and we can intercept and control everything with the help of this agent for OpenAM :

https://backstage.forgerock.com/docs/openam-web-policy-agents/4.1/web-pa-guide/#chap-web-pa-apache

Do we have such Web Agent module available within community edition too ? to be installed on apache web server ?

Can you please guide me with how to setup such a web agent with community edition ?
Thanks !

vharseko
@vharseko
@rohit1991 apache linux x64 ?
Rohit Joshi
@rohit1991
@vharseko , Yes..That will also fine..do u have any inputs ?
kedarjapan
@kedarjapan
Hello Guys,
I'm trying to setup OpenAM 14.1.5 war on Tomcat 8 with Windows 64 bit OS. I'm getting exact same issue as mentioned here. tried both default as well as custom configuration options.
OpenIdentityPlatform/OpenAM#57
any pointers on this issue ?
vharseko
@vharseko
@rohit1991 check https://github.com/OpenIdentityPlatform/OpenAM-Web-Agents#downloads (without proprietary FR binary license) Thanks to @FireBurn
@kedarjapan please attach full logs
kedarjapan
@kedarjapan
@vharseko logs are attached in OpenIdentityPlatform/OpenAM#57
satyadevaddepally
@satyadevaddepally
Anybody having document to use openam as idp and google apps as sp. I tried to follow configuration and keep on getting invalid saml request
satyadevaddepally
@satyadevaddepally
i followed this only i am getting invalid saml request
vharseko
@vharseko
which version ? attach a log with an error
barramandi
@barramandi

Testing OpenAM version 14.1.8 (OpenAM 14.1.8 Build 900d6316b5 )

Using the openid demo sample from https://github.com/ForgeRock/openid

Setup OIDC provider and OIDC client as per the requirement of the demo.
Start Implicit, login as user, user prompted for consent, and OIDC flow successful for first time.

Redo the Implicit flow again with same browser session, OpenAM will return error to the authorization request

{
"error_description": "Error running OIDC claims script: java.util.concurrent.ExecutionException: javax.script.ScriptException: javax.script.ScriptException: java.lang.SecurityException: Access to Java class \"java.util.LinkedHashMap$LinkedKeyIterator\" is prohibited.",
"state": "af0ifjsldkj",
"error": "not_found"
}

The issue is not present if user logged out before redoing the OIDC login flow.

vharseko
@vharseko
@barramandi Configuaration->Scripting-> for all instancess add in Engine Configuration "Java class whitelist" java.util.LinkedHashMap$LinkedKeyIterator
Oleksandr
@ahavriluk
Quick start guide is incorrect. First of all you have to specify port when you setup resource. Second you don't use name WebAgent - it won't work. You need to name it apache_agent. Then you have to make sure docker containers can talk to each other (--net host option?). Oh, yeah, apache_agent doesn't work on Mac.
vharseko
@vharseko
Maxim Thomas
@maximthomas
@ahavriluk, could you provide more info about apache_agent on Mac?
Maxim Thomas
@maximthomas

@ahavriluk,

Then you have to make sure docker containers can talk to each other (--net host option?)

default driver is bridge, according to Docker documentation:

bridge: The default network driver. If you don’t specify a driver, this is the type of network you are creating. Bridge networks are usually used when your applications run in standalone containers that need to communicate.

I think, setting network is unnecessary, containers can see each other via bridge network

Oleksandr
@ahavriluk
I had connectivity issues. The instructions could have been tested. Took me a while to figure all errors out. It still doesn't say to specify the port number when policy for Resource *://example:com/? is set. I suggest you test it from scratch: get a fresh linux VM and try to follow instructions.
Oleksandr
@ahavriluk
Another issue. I was trying to setup SAML Authentication and test it with testshib.org site.
Was getting this
00:16:33.363 - DEBUG [edu.internet2.middleware.shibboleth.idp.util.HttpServletHelper:339] - LoginContext key cookie was not present in request
00:16:33.364 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:188] - Incoming request does not contain a login context, processing as first leg of request
00:16:33.364 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:366] - Decoding message with decoder binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
00:16:33.367 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:128] - Looking up relying party configuration for http://openam.example.com:8080/openam
00:16:33.367 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:134] - No custom relying party configuration found for http://openam.example.com:8080/openam, looking up configuration based on metadata groups.
00:16:33.367 - DEBUG [edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager:157] - No custom or group-based relying party configuration found for http://openam.example.com:8080/openam. Using default relying party configuration.
00:16:33.368 - WARN [org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule:81] - SPSSODescriptor role metadata for entityID 'http://openam.example.com:8080/openam' could not be resolved
00:16:33.368 - DEBUG [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:387] - Decoded request from relying party 'http://openam.example.com:8080/openam'
00:16:33.369 - WARN [edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler:305] - No metadata for relying party http://openam.example.com:8080/openam, treating party as anonymous
00:16:33.369 - WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:222] - SAML 2 SSO profile is not configured for relying party http://openam.example.com:8080/openam
Oleksandr
@ahavriluk
Whe using Fedlet to implement SAML Service Provider, do I need a web agent installed?
Oleksandr
@ahavriluk
Oh cool!
Can I use Fedlet as SP and ADFS (active directory) or Shibboleth as IdP?
vharseko
@vharseko
@ahavriluk
Create a Fedlet configuration to enable federation between an identity provider hosted on this instance of OpenAM and a remote service provider that does not have a federation solution. Fedlet as SP -> OpenAM IDP -> OpenAM SP -> Other IdP
Oleksandr
@ahavriluk
@vharseko Is it possible to have Fedlet SP -> Other IdP? I am afraid I don't understand how to setup the link in the middle OpenAM IDP ->OpenAM SP->Other IdP. Do you have any details how to do it?
Meanwhile I have found this blog post and trying to make it work, what do you think? http://htotapally.blogspot.com/2013/11/federated-authentication-using-openam.html
vharseko
@vharseko
@ahavriluk need to try this post
Oleksandr
@ahavriluk
@vharseko that post is full of BS. I did it the other way.
BTW, do you know if this bug is fixed? Look like not matter what my assertionTimeSkew is it doesn't take my settings?
https://bugster.forgerock.org/jira/browse/OPENAM-10191
vharseko
@vharseko
@ahavriluk most likely not fixed
Maciej Debowski
@maciekdeb
Hi, I am planning to use OpenAM Community but can't find anywhere the detailed documentation of REST APIs. Are they the same as the ForgeRock product?
vharseko
@vharseko
yes, you can get prev FR Community docs in wiki https://github.com/OpenIdentityPlatform/OpenAM/wiki/Documentation
Maciej Debowski
@maciekdeb
Ok, thank you. I saw this docs in the github, but I am looking for example for something similiar to this https://backstage.forgerock.com/docs/openam/13.5/dev-guide/#sec-rest will it be consistent with the current 14th version of community version?