by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
vharseko
@vharseko
@ahavriluk most likely not fixed
Maciej Debowski
@maciekdeb
Hi, I am planning to use OpenAM Community but can't find anywhere the detailed documentation of REST APIs. Are they the same as the ForgeRock product?
vharseko
@vharseko
yes, you can get prev FR Community docs in wiki https://github.com/OpenIdentityPlatform/OpenAM/wiki/Documentation
Maciej Debowski
@maciekdeb
Ok, thank you. I saw this docs in the github, but I am looking for example for something similiar to this https://backstage.forgerock.com/docs/openam/13.5/dev-guide/#sec-rest will it be consistent with the current 14th version of community version?
Does the ForgeRock product base on the community edition?
vharseko
@vharseko

Ok, thank you. I saw this docs in the github, but I am looking for example for something similiar to this https://backstage.forgerock.com/docs/openam/13.5/dev-guide/#sec-rest will it be consistent with the current 14th version of community version?

yes, more relevant: https://backstage.forgerock.com/docs/am/5/dev-guide/#chap-dev-rest

Does the ForgeRock product base on the community edition?

please check history: http://www.timeforafork.com

Maciej Debowski
@maciekdeb
If I get this page correclty the ForgeRock product since 13 or even 11 is completly different
but v13 in Community and in ForgeRock is the same
right?
and the 5th version that you sent is the next version after the 13th of ForgeRock (they didn't keep the ordering - 5th, 6th and so on are newer than 13th)
and acutally the OpenRock was the old repo that was associated with ForgeRock
Maciej Debowski
@maciekdeb
the last version there is 13th
since then there was one major version with open source license
and at the same time ForgeRock started working on the closed version - thats why the versioning 5, 6, 6.5 appeared
vharseko
@vharseko
OpenAM Community v14 like FR AM v5
Nino
@ninobosteels_gitlab
hi !
how production ready do you think the docker image is ? https://hub.docker.com/r/openidentityplatform/openam
vharseko
@vharseko
we use in production
Nino
@ninobosteels_gitlab
just through docker or rather openshift?
and what's your experience with this image?
vharseko
@vharseko
used on docker and openshift
Nino
@ninobosteels_gitlab
used? in the past?
are you interested to discuss this in more detail?
vharseko
@vharseko
@ninobosteels_gitlab yes
Nino
@ninobosteels_gitlab
are you experienced in openAM management?
elvisbar
@elvisbar
Hi, I have an issue updating the AssertionIDRequestService location in the UI for a hosted IDP entity. I am using OpenAM community v14.2.2. anyone know where I can update the url for this property? Thanks
Christian
@spetix
hi everybody is there anybody expert of radius authentication module? My company needs to decode one more attribute and pass it "somehow" to post authentication modulue in order to use that as group name for user.. so question 1) how we can extend radius decoding? 2) how do we pass the new attribute along the chain to post authentication plugin?
vharseko
@vharseko
@elvisbar uriAssertionIDRequest
Bill Major
@rwmajor2
I would like to have a Q&A forum, as I am new to OpenAM and trying to get it setup. is this room active?
Maxim Thomas
@maximthomas
Hi, yes, it is active. Do you have any questions?
barramandi
@barramandi
Hi, I did a load test comparing OpenAM 13.5/14.4.2 with plain username/password login (DataStore module) and found for 14.4.2, the login performance degrade gradually while it's constant for 13.5.
vharseko
@vharseko
@barramandi please provide more info about test load script
barramandi
@barramandi
For the test, XUI is disabled for Login form (search for XUI under XML in ou=1.0,ou=iPlanetAuthService config store and change to false, restart Tomcat)
Christian
@spetix
shall i ask you why you're not publishing artifacts/sources in a maven repository?
vharseko
@vharseko
@barramandi thanks
vharseko
@vharseko
@barramandi can you create jastack PID from server process ?
kumar pravinchandra panchal
@kumar1801
Hi
prabhakar thopa
@pthopa
i used the openam docker image @https://hub.docker.com/r/openidentityplatform/openam/ to run openam as an openid provider.. but the id_token that i got back does not have the "nonce" attribute, which is causing my spring security client to fail the oauth login.. is there any configuration that needs to be turned on to get back the nonce attribute as part of the id_token? i verified that when making the authorize call, i am sending a nonce, which should be included in the id_token, but it is not..
prabhakar thopa
@pthopa
@vharseko thanks
prabhakar thopa
@pthopa
@vharseko the docker image on dockerhub was last built 5 months ago and does not have the fix #198 you referenced.. does that mean i have to build the docker image locally if i need the fix?
Maxim Thomas
@maximthomas
@Evgenyx82 It should be, but we have not tested it yet
Stefano
@spontillo77

With OPENAM 14.4.2 I have the following exception when I try to add an OpenAM Identity Subject to a Policy:
'code'
com.iplanet.jato.NavigationException: Exception encountered during forward
Root cause = [org.forgerock.i18n.LocalizedIllegalArgumentException: The provided value "xtauctionsALL" could not be parsed as a valid distinguished name because the last non-space character was part of the attribute name 'xtauctionsALL']
at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:162)
at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:113)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:229)
at com.sun.identity.console.policy.SubjectOpViewBeanBase.handleBtnFilterRequest(SubjectOpViewBeanBase.java:484)
at com.sun.identity.console.policy.IdentitySubjectAddViewBean.handleBtnFilterRequest(IdentitySubjectAddViewBean.java:244)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)

I try with many groups names but the result is always the same

Wenjing Liu
@betterliuwj

Hey, with the latest and 14.5.1 OpenAM docker running, I always encounter this ERROR message when following the quickstart guide to setup basic openAM.

ERROR: created internalAppSSOToken:WnEwa1lRRzhMakdvVzg1N3JCRUFBZz09MTabcdefgh==, authInitialized: false, SystemProperties.isServerMode(): true,  SystemProperties.get(AMADMIN_MODE): null
amSecurity:04/24/2020 04:10:24:823 AM UTC: Thread[http-nio-8080-exec-3,5,main]: TransactionId[7ac18dc5-ac86-41cb-b1f7-c29f500fd4d4-14]
ERROR: created internalAppSSOToken:YkVBNFphUXRUU2lkZ3FzNHJCRUabcdefghicyNA==, authInitialized: false, SystemProperties.isServerMode(): true,  SystemProperties.get(AMADMIN_MODE): null

Tho the UI browser page shows configuration successful created....But when I press Proceed to login, I got invalid token and the page just empty.....Checked the docker log, showing

ESAPI: WARNING: System property [org.owasp.esapi.opsteam] is not set
ESAPI: WARNING: System property [org.owasp.esapi.devteam] is not set
ESAPI: Attempting to load ESAPI.properties via file I/O.
ESAPI: Attempting to load ESAPI.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /usr/local/tomcat/ESAPI.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI.properties
ESAPI: Not found in 'user.home' (/home/openam) directory: /home/openam/esapi/ESAPI.properties
ESAPI: Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
ESAPI: Attempting to load ESAPI.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader!
ESAPI: SecurityConfiguration for Validator.ConfigurationFile.MultiValued not found in ESAPI.properties. Using default: false
ESAPI: Attempting to load validation.properties via file I/O.
ESAPI: Attempting to load validation.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /usr/local/tomcat/validation.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory: .esapi/validation.properties
ESAPI: Not found in 'user.home' (/home/openam) directory: /home/openam/esapi/validation.properties
ESAPI: Loading validation.properties via file I/O failed.
ESAPI: Attempting to load validation.properties via the classpath.
ESAPI: validation.properties could not be loaded by any means. fail.. Caught java.lang.IllegalArgumentException; exception message was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
log4j:WARN No appenders could be found for logger (IntrusionDetector).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.

Any idea? Im using Docker for Mac...I noticed on the forcerock doc, it is said for macos, the web policy agent is not built for apache http server on macos. Is it related? Thanks