Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • May 21 00:37
    HenriBlacksmith starred OpenIdentityPlatform/OpenAM
  • May 20 19:05

    vharseko on master

    FIX Warning about RELEASE_7 htt… (compare)

  • May 20 19:05
    vharseko closed #501
  • May 20 15:32
    vharseko synchronize #501
  • May 20 08:32
  • May 19 19:49

    vharseko on master

    CASSANDRA update version (#500) (compare)

  • May 19 19:49
    vharseko closed #500
  • May 19 18:38
    vharseko commented #482
  • May 19 18:38
    vharseko closed #482
  • May 19 18:33
    vharseko assigned #468
  • May 19 18:32
    vharseko opened #501
  • May 19 18:32
    vharseko review_requested #501
  • May 19 18:28
    vharseko opened #500
  • May 19 18:15

    vharseko on master

    move CTS track/query am.protect… (compare)

  • May 19 18:15
    vharseko closed #499
  • May 19 18:15
    vharseko opened #499
  • May 19 10:43

    vharseko on master

    FIX java.lang.UnsupportedClassV… (compare)

  • May 19 10:43
    vharseko closed #498
  • May 19 09:43
    vharseko synchronize #498
  • May 19 09:38
    vharseko review_requested #498
Maxim Thomas
@maximthomas
@josecho please look at OpenIG start log, are there any errors? Does OpenIG read routes?
mssso
@mssso
@maximthomas , I am facing a lot of difficulty getting one clean build. It keeps getting stuck at one place or the other.Can you please help me with a clean build steps process.
DELL@DESKTOP-C0TO0V6 MINGW64 ~/OpenAM/openam-distribution/openam-distribution-ssoconfiguratortools (master)
$ mvn -DskipTests -Dmaven.javadoc.skip=true install
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for org.openidentityplatform.openam:openam-distribution-sso
[WARNING] 'build.plugins.plugin.version' for org.openidentityplatform.commons:maven-external-dependency-plugin is missing. @ org.openid line 1802, column 10
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO] Inspecting build with total of 1 modules...
[INFO] Installing Nexus Staging features:
[INFO] ... total of 1 executions of maven-deploy-plugin replaced with nexus-staging-maven-plugin
[INFO]
[INFO] --< org.openidentityplatform.openam:openam-distribution-ssoconfiguratortools >--
[INFO] Building OpenAM Distribution ssoConfiguratorTools 14.5.4-SNAPSHOT
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- buildnumber-maven-plugin:1.3:create (default) @ openam-distribution-ssoconfiguratortools ---
[INFO] ShortRevision tag detected. The value is '10'.
[INFO] Executing: cmd.exe /X /C "git rev-parse --verify --short=10 HEAD"
[INFO] Working directory: C:\Users\DELL\OpenAM\openam-distribution\openam-distribution-ssoconfiguratortools
[INFO] Storing buildNumber: 78b5de5d9f at timestamp: 1603375596699
[INFO] Storing buildScmBranch: master
[INFO]
[INFO] --- maven-dependency-plugin:3.1.0:copy (Copy license) @ openam-distribution-ssoconfiguratortools ---
[INFO] Configured Artifact: org.openidentityplatform:cddl-license:1.0.0:txt
[INFO] Copying cddl-license-1.0.0.txt to C:\Users\DELL\OpenAM\openam-distribution\openam-distribution-ssoconfiguratortools\target\legal
[INFO]
[INFO] >>> maven-source-plugin:3.2.0:jar (default) > generate-sources @ openam-distribution-ssoconfiguratortools >>>
[INFO]
[INFO] --- buildnumber-maven-plugin:1.3:create (default) @ openam-distribution-ssoconfiguratortools ---
[INFO]
[INFO] <<< maven-source-plugin:3.2.0:jar (default) < generate-sources @ openam-distribution-ssoconfiguratortools <<<
[INFO]
[INFO]
[INFO] --- maven-source-plugin:3.2.0:jar (default) @ openam-distribution-ssoconfiguratortools ---
[INFO]
[INFO] --- maven-javadoc-plugin:3.1.1:jar (attach-javadocs) @ openam-distribution-ssoconfiguratortools ---
[INFO] Skipping javadoc generation
[INFO]
[INFO] --- maven-assembly-plugin:3.2.0:single (openam-ssoconfiguratortools) @ openam-distribution-ssoconfiguratortools ---
[INFO] Reading assembly descriptor: src/main/assembly/openAMToolsAssembly_Descriptor.xml
[WARNING] Cannot include project artifact: org.openidentityplatform.openam:openam-distribution-ssoconfiguratortools:pom:14.5.4-SNAPSHOT
[WARNING] The POM for org.openidentityplatform.openam:openam-configurator-tool:jar:14.5.4-SNAPSHOT is missing, no dependency informatio
[WARNING] The POM for org.openidentityplatform.openam:openam-upgrade-tool:jar:14.5.4-SNAPSHOT is missing, no dependency information ava
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.652 s
[INFO] Finished at: 2020-10-22T19:36:38+05:30
[INFO] ------------------------------------------------------------------------
I switched to a windows build and i am right now stuck at this place
Maxim Thomas
@maximthomas
@josecho seems there is a lack for setting up unprotected endpoint in OpenIG for the application, I will add it soon and let you know.
@mssso checkout 14.5.3 revision, and try again https://github.com/OpenIdentityPlatform/OpenAM/tree/14.5.3
2 replies
Jose Luis Villaverde Balsa
@josecho
@maximthomas I have posted the question to the openIG forum https://gitter.im/OpenIdentityPlatform/OpenIG but you finally give an answer. If the client has no problem with the openIG license, we will use it as a solution to the integration with openAM. Thanks for looking for a solution, when you tell me that the solution is implemented I will do the proof of concept again.
Jose Luis Villaverde Balsa
@josecho
@maximthomas Thanks, we keep moving forward.
mssso
@mssso
@maximthomas , Is the Google Authenticator supported on OpenAM ? If yes, is there a reference document I can follow to configure it ?
Maxim Thomas
@maximthomas
@mssso yes, OATH Authentication module support Google Authenticator. Unforunately, we don't have a manual how to setup Google Authenticator with OpenAM yet. We'll create the manual as soon as possible.
mssso
@mssso
@maximthomas , would it be possible to expedite the process of creating the manual to setup OpenAM with Google Authenticator
Maxim Thomas
@maximthomas
@mssso , Can't promise anything, I write docs at my free time.
mssso
@mssso
@maximthomas , Thanks a ton !! I will try it out tomorrow and get back to you. Thanks again.
mssso
@mssso
@maximthomas , Thankyou, it worked.
Maxim Thomas
@maximthomas
@mssso, great! Glad I could help!
mancheaka
@mancheaka
I saw some older messages from back in February about the SameSite cookie support, it doesn't look like that was merged into master. What's the current best practice for dealing with that?
Marcelo Ohashi
@mgohashi
Hello guys, I am trying to configure using the default settings the openam and the latest docker image, but I am getting this error:
11/25/2020 03:23:02:015 PM UTC: Creating OpenAM suffix
ERROR:  The server rejected the task for the following reason: None of the
Directory Server backends are configured with the requested backend ID or base
DNs that include the specified branches
1 reply
Does anyone know why the default config is not able to configure the openam?
Marcelo Ohashi
@mgohashi
I am sorry guys, but is this the right place to put these questions?
1 reply
myregaccount
@myregaccount
@maximthomas , thanks a lot for the documentation. I am following this instruction: https://www.openidentityplatform.org/blog/how-to-add-authorization-with-openam-openig#preparation. How to add user groups from OpenAM to HTTP headers?
3 replies
Ramón Rial
@rrialq
Good days. Can anybody say me if there is OpenAM (OpenIdentityPlatform) has an authenticator for Android similar to the ForgeRock Authenticator, for using with MFA?
I didn't found nor the project in GitHub neither information in wiki pages.
Thank you.
Maxim Thomas
@maximthomas
@rrialq hello, you can use Google Authenticator with OpenAM, see https://www.openidentityplatform.org/blog/how-to-setup-2fa-with-google-authenticatior-in-openam
Ramón Rial
@rrialq
@Maxim Thomas. Thank you for the link.
I suposse no Google Account is needed, neither for the server nor the user.
Is that right?
@maximthomas Thank you for the link.
I suposse no Google Account is needed, neither for the server nor the user.
Is that right?
Maxim Thomas
@maximthomas
@rrialq yes, your are right. There is no need for a Google Account
Ramón Rial
@rrialq
maximthomas.
Ok, thank you.
I will try to configure it.
Ramón Rial
@rrialq

@maximthomas Hi again.
I have problems to generate the QR, that conforms to: otpauth://totp/<account id>@<issuer>?secret=<base32 encoded secret>&issuer=<Issuer Name>

<account id> No problem, the uid of the user.

<issuer> What do you means by issuer? The URL of the OpenAM server?

<base 32 encoded secret> No problem.

<Issuer Name> It may be any?

Thank you for your time.

Is there any way to enable logs for OATH? I did not found anything related under Debug.jsp.
Ramón Rial
@rrialq

@maximthomas Thank you.
I've just gotted.

<issuer> I've just put the LDAP domain and any Issuer Name and it works.

Ramón Rial
@rrialq
@maximthomas This scenery contains a big requirement: All users should use MFA
OpenAM does not check if user has the sunIdentityServerPPEncryptKey attribute, so OpenAM asks OTP always.
Is there anyway to ask for OTP only if the user contains the attribute?
May be with the help of a custom PAM configured in the chain before the google-authenticator and setted as sufficient?
Maxim Thomas
@maximthomas
@rrialq im afraid not, it is not possible out of the box
Ramón Rial
@rrialq
And with a custom PAM defined as sufficient in the chain ?
I will try to do that.
Ramón Rial
@rrialq

Good days.
I've just successful in setting HOTP (smtp based) authentication and OATH Google Authentication smtp based.
But I have a minor problem with HOTP.
If the mail address is in an attribute different than mail I've not successful.
I've just setted the attribute name (NEW_EMAIL_ATTRIBUTE_NAME) in Email Attribute Name, the attribute exists for the user test, and it contains a valid value, but I have the following error (I have omitted non relevant log lines):

Auto sending OTP code
HOTP.sendSMS() : Using phone attribute of telephoneNumber
HOTP.sendSMS() : IdRepoException : no phone number found with username : test
HOTP.sendSMS() : Using email attribute of NEW_EMAIL_ATTRIBUTE_NAME
HOTP.sendSMS() : IdRepo: no email found with username : test
HOTP.sendSMS() : IdRepo: no phone or email found with username : test

When I replace NEW_EMAIL_ATTRIBUTE_NAME with mail (both attributes contains the same value in my tests) then it works.
Any idea?
Thank you.

Maxim Thomas
@maximthomas
@rrialq hello,
please create an issue in the OpenAM repo, and we'll figure out what is happening
Ramón Rial
@rrialq
@maximthomas I've just seen that there is a newer OpenAM version (I am testing 14.5.4), so I will install it and test it before opening the issue.
yuna-s
@yuna-s
@maximthomas
Hi, I want to apply local time instead of UTC to the audit logging, is there a setting in OpenAM that allows me to do that?
thanks.
Maxim Thomas
@maximthomas
@yuna-s hi, are you running OpenAM in a Docker container?
yuna-s
@yuna-s
@maximthomas
Thanks for the reply!
I am also using Docker for testing, but eventually I will use war files and run it on tomcat.
Ramón Rial
@rrialq

maximthomas Hi again.
I downloaded the custom-authentication-module (inside openam-samples) to have a template to write CAM's for OpenIdentityPlatform.
I've tried to build it for versions 14.6.2 and 14.5.4, but I've got error because non available dependencies:

  • org.openidentityplatform.external.com.iplanet.jato:jato
  • org.openidentityplatform.external.com.sun.web.ui:cc

Are there in some repository?

I excluded them from openam-core dependency, and then the custom-auth-sample project buillt OK.
But I am felling that those libraries should be necessery in some sceneries.

Maxim Thomas
@maximthomas
@yuna-s can't reproduce the issue using tomcat 7, can only reproduce in Docker. But there is a Docker issue, because Docker does not know about host machine timezone. If you are still facing the problem, please create an issue in the github
@rrialq these libraries only need for rendering legacy UI, so you can develop a custom auth module without the libraries. OpenAM war file contains them.
Ramón Rial
@rrialq
maximthomas OK. So it is necessery to exclude them in dependency declaration.
Thank you.
yuna-s
@yuna-s
@maximthomas
Sorry for the late reply.
Does "can't reproduce the issue using tomcat 7" mean that there is a setting in the war file version of OpenAM(OpenAM-14.6.2.war
) that allows the local time to be displayed in the audit log?
Maxim Thomas
@maximthomas
@yuna-s there must be misunderstanding, I meant OpenAM Tomcat console log. In csv logs I see UTC instead of local time. I'm afraid you can't configure csv timezone out of the box.