vharseko on master
setNextModule: allow resetCurre… (compare)
maximthomas on master
Bump OpenDJ to 4.5.1-SNAPSHOT (… (compare)
github-actions[bot] on master
[maven-release-plugin] prepare … (compare)
github-actions[bot] on 14.6.6
github-actions[bot] on master
[maven-release-plugin] prepare … (compare)
vharseko on master
vharseko on 14.6.6
github-actions[bot] on master
[maven-release-plugin] prepare … (compare)
github-actions[bot] on 14.6.6
github-actions[bot] on master
[maven-release-plugin] prepare … (compare)
vharseko on master
fix NT auth module vulnerabilit… (compare)
maximthomas Hi again.
I downloaded the custom-authentication-module (inside openam-samples) to have a template to write CAM's for OpenIdentityPlatform.
I've tried to build it for versions 14.6.2 and 14.5.4, but I've got error because non available dependencies:
Are there in some repository?
I excluded them from openam-core dependency, and then the custom-auth-sample project buillt OK.
But I am felling that those libraries should be necessery in some sceneries.
Hello everyone. I am working on adding support for something similar to the extention for requesting attributes.
I figured that I could use the AttributeMapper
to manipulate the attributes but I am missing the extension data from the AuthN request.
Anyone got an idea how to get the AuthN request within the AttributeMapper
?
I guess one option would be to use the session but I think that is just a workaround. Any input helps. Thanks
http://openam.example.com:9000/openam/oauth2/access_token
http://openam.example.com:9000/openam/oauth2/authorize
http://openam.example.com:9000/openam/oauth2/userinfo
i've seen this one on a code base on github but i want to know if they have official docs as reference?
Good days.
I have a problem with OpenAM running inside Tomcat with JDK 8 (Sun and Azul JDK tested), and SHA256withRSA Algorithm in OpenAM 14.5.4.
I have got this Exception:
amAuth:09/24/2021 05:06:53:843 PM CEST: Thread[http-nio-24780-exec-3,5,main]: TransactionId[ecfa7a6a-e6ab-42eb-a005-82d2a247c573-35826615]
ERROR: JwsSigningException
org.forgerock.json.jose.exceptions.JwsSigningException: Unsupported Signing Algorithm, SHA256withRSA
at org.forgerock.json.jose.jws.handlers.HmacSigningHandler.signWithHMAC(HmacSigningHandler.java:81)
at org.forgerock.json.jose.jws.handlers.HmacSigningHandler.verify(HmacSigningHandler.java:104)
This problem is related with BouncyCastle, because it is the library which provides SHA256withRSA.
The problem seems to be with the Mac.java (JCE), when Mac.getInstance(algorithm); that throws NoSuchAlgoritmException.
I can see that SHA256withRSA algorithm is provided with BouncyCastle (log file), but it seems there is a problem with the JceSecurity.canUseProvider( s.getProvider() ). Do you know the right way to enable this in OpenAM inside Tomcat?
I suspect the problem is that I need to add to the trusted CA one certificate related to Bounce Castle library, but I am not sure about this.
Have you seen this problem before?
Any ideas?
In my custom module authentication I'have defined a custom callback:
<ModuleProperties moduleName="MobileConnectionRequirements" version="1.0" >
<Callbacks length="0" order="1" timeout="600" header="#WILL NOT BE SHOWN#" />
<Callbacks length="1" order="2" timeout="600" header="#WILL BE SUBSTITUTED#">
<TextInputCallback isRequired="true" >
<Prompt>#PHONE_NUMBER#</Prompt>
</TextInputCallback>
</Callbacks>
</ModuleProperties>
Hello everybody.
I've seen that in OpenAM (>=14.4.2) file WEB-INF/classes/log4j.properties contains an extrange first line:
#Set the global log level to ERROR.log4j.rootLogger=ERROR, ROOT
I think it should be splitted in two lines:
#Set the global log level to ERROR.
log4j.rootLogger=ERROR,ROOT
Is this right?