by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
Nino
@ninobosteels_gitlab
just through docker or rather openshift?
and what's your experience with this image?
vharseko
@vharseko
used on docker and openshift
Nino
@ninobosteels_gitlab
used? in the past?
are you interested to discuss this in more detail?
vharseko
@vharseko
@ninobosteels_gitlab yes
Nino
@ninobosteels_gitlab
are you experienced in openAM management?
elvisbar
@elvisbar
Hi, I have an issue updating the AssertionIDRequestService location in the UI for a hosted IDP entity. I am using OpenAM community v14.2.2. anyone know where I can update the url for this property? Thanks
Christian
@spetix
hi everybody is there anybody expert of radius authentication module? My company needs to decode one more attribute and pass it "somehow" to post authentication modulue in order to use that as group name for user.. so question 1) how we can extend radius decoding? 2) how do we pass the new attribute along the chain to post authentication plugin?
vharseko
@vharseko
@elvisbar uriAssertionIDRequest
Bill Major
@rwmajor2
I would like to have a Q&A forum, as I am new to OpenAM and trying to get it setup. is this room active?
Maxim Thomas
@maximthomas
Hi, yes, it is active. Do you have any questions?
barramandi
@barramandi
Hi, I did a load test comparing OpenAM 13.5/14.4.2 with plain username/password login (DataStore module) and found for 14.4.2, the login performance degrade gradually while it's constant for 13.5.
vharseko
@vharseko
@barramandi please provide more info about test load script
barramandi
@barramandi
For the test, XUI is disabled for Login form (search for XUI under XML in ou=1.0,ou=iPlanetAuthService config store and change to false, restart Tomcat)
Christian
@spetix
shall i ask you why you're not publishing artifacts/sources in a maven repository?
vharseko
@vharseko
@barramandi thanks
vharseko
@vharseko
@barramandi can you create jastack PID from server process ?
kumar pravinchandra panchal
@kumar1801
Hi
prabhakar thopa
@pthopa
i used the openam docker image @https://hub.docker.com/r/openidentityplatform/openam/ to run openam as an openid provider.. but the id_token that i got back does not have the "nonce" attribute, which is causing my spring security client to fail the oauth login.. is there any configuration that needs to be turned on to get back the nonce attribute as part of the id_token? i verified that when making the authorize call, i am sending a nonce, which should be included in the id_token, but it is not..
prabhakar thopa
@pthopa
@vharseko thanks
prabhakar thopa
@pthopa
@vharseko the docker image on dockerhub was last built 5 months ago and does not have the fix #198 you referenced.. does that mean i have to build the docker image locally if i need the fix?
Maxim Thomas
@maximthomas
@Evgenyx82 It should be, but we have not tested it yet
Stefano
@spontillo77

With OPENAM 14.4.2 I have the following exception when I try to add an OpenAM Identity Subject to a Policy:
'code'
com.iplanet.jato.NavigationException: Exception encountered during forward
Root cause = [org.forgerock.i18n.LocalizedIllegalArgumentException: The provided value "xtauctionsALL" could not be parsed as a valid distinguished name because the last non-space character was part of the attribute name 'xtauctionsALL']
at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:380)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:162)
at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:113)
at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:229)
at com.sun.identity.console.policy.SubjectOpViewBeanBase.handleBtnFilterRequest(SubjectOpViewBeanBase.java:484)
at com.sun.identity.console.policy.IdentitySubjectAddViewBean.handleBtnFilterRequest(IdentitySubjectAddViewBean.java:244)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)

I try with many groups names but the result is always the same

Wenjing Liu
@betterliuwj

Hey, with the latest and 14.5.1 OpenAM docker running, I always encounter this ERROR message when following the quickstart guide to setup basic openAM.

ERROR: created internalAppSSOToken:WnEwa1lRRzhMakdvVzg1N3JCRUFBZz09MTabcdefgh==, authInitialized: false, SystemProperties.isServerMode(): true,  SystemProperties.get(AMADMIN_MODE): null
amSecurity:04/24/2020 04:10:24:823 AM UTC: Thread[http-nio-8080-exec-3,5,main]: TransactionId[7ac18dc5-ac86-41cb-b1f7-c29f500fd4d4-14]
ERROR: created internalAppSSOToken:YkVBNFphUXRUU2lkZ3FzNHJCRUabcdefghicyNA==, authInitialized: false, SystemProperties.isServerMode(): true,  SystemProperties.get(AMADMIN_MODE): null

Tho the UI browser page shows configuration successful created....But when I press Proceed to login, I got invalid token and the page just empty.....Checked the docker log, showing

ESAPI: WARNING: System property [org.owasp.esapi.opsteam] is not set
ESAPI: WARNING: System property [org.owasp.esapi.devteam] is not set
ESAPI: Attempting to load ESAPI.properties via file I/O.
ESAPI: Attempting to load ESAPI.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /usr/local/tomcat/ESAPI.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory: .esapi/ESAPI.properties
ESAPI: Not found in 'user.home' (/home/openam) directory: /home/openam/esapi/ESAPI.properties
ESAPI: Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
ESAPI: Attempting to load ESAPI.properties via the classpath.
ESAPI: SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from '/ (root)' using current thread context class loader!
ESAPI: SecurityConfiguration for Validator.ConfigurationFile.MultiValued not found in ESAPI.properties. Using default: false
ESAPI: Attempting to load validation.properties via file I/O.
ESAPI: Attempting to load validation.properties as resource file via file I/O.
ESAPI: Not found in 'org.owasp.esapi.resources' directory or file not readable: /usr/local/tomcat/validation.properties
ESAPI: Not found in SystemResource Directory/resourceDirectory: .esapi/validation.properties
ESAPI: Not found in 'user.home' (/home/openam) directory: /home/openam/esapi/validation.properties
ESAPI: Loading validation.properties via file I/O failed.
ESAPI: Attempting to load validation.properties via the classpath.
ESAPI: validation.properties could not be loaded by any means. fail.. Caught java.lang.IllegalArgumentException; exception message was: java.lang.IllegalArgumentException: Failed to load ESAPI.properties as a classloader resource.
log4j:WARN No appenders could be found for logger (IntrusionDetector).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.

Any idea? Im using Docker for Mac...I noticed on the forcerock doc, it is said for macos, the web policy agent is not built for apache http server on macos. Is it related? Thanks

Maxim Thomas
@maximthomas
@betterliuwj Hi, it is not a critical message, it just notion for creating admin access token and does not affect functionality. You can see it in the source code:
https://github.com/OpenIdentityPlatform/OpenAM/blob/797192ba86247198fe512aad0e3095b1d1b62b2a/openam-core/src/main/java/com/sun/identity/security/AdminTokenAction.java#L306
Wenjing Liu
@betterliuwj
@maximthomas Thanks for your reply! I have sorted my issue out. It turned out that I needed to clear the browser session to fix the invalid token/session error message problem when trying to Proceed to login page. All good now :)
openam2020
@openam2020
Hello, I just deployed OpenAM-14.5.1.war into Tomcat on my Mac and went through the initial configuration setup (create new configuration). The setup completed successfully. I was then led to the login page. I provided the same username/password as I did during the setup but getting the Authentication Failed message. Any idea why?
openam2020
@openam2020
Figured it out. The issue was - I was using a browser window that disabled cookies.
Nicholas Sushkin
@nsushkin
Hi, everyone. What's the recommended version of Tomcat for OpenAM and JEE Agents? Would it work in the latest Tomcat 9, Tomcat 8.5? I think the latest FR version before fork was validated with 8.0, but that's getting old. Thanks.
Nicholas Sushkin
@nsushkin
Anybody running OpenAM in Tomcat 9, 8.5?
Maxim Thomas
@maximthomas
@nsushkin Hi, tested with Tomcat 8.5. Works great
1 reply
Aurelien
@CanalWood
Hello All,
I would like to upgrade our old release of OpenAM from 13.0 to the last release of OpenAM.
I've question about how to manage agent with our Docker Container App.
Could you explain how you use it?
Maxim Thomas
@maximthomas
@CanalWood
Hello, what do you mean about manage? What problem are you trying to solve?
Aurelien
@CanalWood
Hello @maximthomas,
My question is : How to configure the containers to add the Agent?
On my swarm I've many containers. What's the best solution to add Agent on my containers?
Use a proxy or add a container with httpd with the Agent conf or another solution?
Aurelien
@CanalWood
Oh! thanks @maximthomas , I will look this articles.