Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Nov 03 13:07

    pavelhoral on master

    Fix RSA JWK modulus encoding R… Merge pull request #49 from fyr… (compare)

  • Nov 03 13:07
    pavelhoral closed #49
  • Nov 03 13:04
    fyrbach synchronize #49
  • Nov 03 13:01
    fyrbach synchronize #49
  • Nov 01 22:00
    fyrbach opened #49
  • Oct 13 13:13
    krystofNovotny opened #117
  • Oct 12 16:05

    pavelhoral on master

    [maven-release-plugin] prepare … (compare)

  • Oct 12 16:05

    pavelhoral on 6.0.1

    (compare)

  • Oct 12 16:05

    pavelhoral on master

    Update wrensec-script version t… [maven-release-plugin] prepare … (compare)

  • Oct 12 15:37
    pavelhoral closed #116
  • Oct 12 15:37

    pavelhoral on master

    Change BUILD_TAG back to enviro… (compare)

  • Oct 12 15:12

    pavelhoral on master

    [maven-release-plugin] prepare … (compare)

  • Oct 12 15:12

    pavelhoral on 4.4.1

    (compare)

  • Oct 12 15:12

    pavelhoral on master

    [maven-release-plugin] prepare … (compare)

  • Oct 12 14:54
    krystofNovotny closed #12
  • Oct 12 14:54
    krystofNovotny commented #12
  • Oct 12 14:32

    pavelhoral on master

    Fix concat behavior. (#12) Merge pull request #13 from kry… (compare)

  • Oct 12 14:32
    pavelhoral closed #13
  • Oct 12 14:32
    pavelhoral commented #13
  • Oct 12 14:22
    krystofNovotny opened #13
Martin Čížek
@martincizek
Hi @hasanakgoz, the two forks have the same origin, but different maintainers / developers. That's why the future development path is going to be generally different. Still, they can use our patches and we can use their patches, it's open source. :) Btw. former OpenDJ has been renamed to Wren:DS under Wren.
sigegcp
@sigegcp
Hi all
sigegcp
@sigegcp

I'm trying to compile from source Wren IDM.

[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 02:33 min
[INFO] Finished at: 2021-02-11T12:18:00+01:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.0:compile (default-compile) on project openidm-system: Compilation failure
[ERROR] No compiler is provided in this environment. Perhaps you are running on a JRE rather than a JDK?
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <args> -rf :openidm-system

echo $JAVA_HOME
/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.275.b01-0.el7_9.x86_64

java -version
openjdk version "1.8.0_275"
OpenJDK Runtime Environment (build 1.8.0_275-b01)
OpenJDK 64-Bit Server VM (build 25.275-b01, mixed mode)

Can you help me with error log?

Pavel Horal
@pavelhoral
Hi, you need JDK to compile the project.
Seems like you are setting JAVA_HOME to JRE.
sigegcp
@sigegcp

Not sure if I have JDK.

pwd
/usr/lib/jvm
ls -la
total 12
drwxr-xr-x 3 root root 4096 Jan 22 12:04 .
dr-xr-xr-x. 50 root root 4096 Oct 27 13:55 ..
drwxr-xr-x 3 root root 4096 Dec 16 18:29 java-1.8.0-openjdk-1.8.0.275.b01-0.el7_9.x86_64
lrwxrwxrwx 1 root root 21 Jan 22 12:04 jre -> /etc/alternatives/jre
lrwxrwxrwx 1 root root 27 Jan 22 12:04 jre-1.8.0 -> /etc/alternatives/jre_1.8.0
lrwxrwxrwx 1 root root 35 Jan 22 12:04 jre-1.8.0-openjdk -> /etc/alternatives/jre_1.8.0_openjdk
lrwxrwxrwx 1 root root 51 Jan 22 12:04 jre-1.8.0-openjdk-1.8.0.275.b01-0.el7_9.x86_64 -> java-1.8.0-openjdk-1.8.0.275.b01-0.el7_9.x86_64/jre
lrwxrwxrwx 1 root root 29 Jan 22 12:04 jre-openjdk -> /etc/alternatives/jre_openjdk

Pavel Horal
@pavelhoral
If the folder name starts with jre- then it is not a JDK.
sigegcp
@sigegcp
Ok, thanks. Do I need to remove jre before puttiong jdk or they can coexist both?
Pavel Horal
@pavelhoral
They can coexist... for Maven only JAVA_HOME environment variable is important.
sigegcp
@sigegcp

Thanks. It Worked! I'm coruious... this is the latest version?

6.0.0-SNAPSHOT (revision: 6eda9aa)
Copyright 2010-16 ForgeRock AS.

Pavel Horal
@pavelhoral
It is. We will merge quite a big update to make it buildable with JDK 11+ very soon... don't mind the date in the copyright notice.
sigegcp
@sigegcp

@pavelhoral Great!
I did't introduce myself. My name is Tomislav from Croatia. Working on so called "IAM" we have, but it is (or we only have idendtity module) and now we would like to replace this soultion with IAM.

So in first step we would like to replace IDM then rest of the modules. At the moment I'm trying OpenIDM, but have some problems. As I have understood ForgeRock stopped giving source code at some point (2017?) the project contiued as OpenIdentyPlatform and other fork is Wren right?

Pavel Horal
@pavelhoral
You are quite right.
OpenIdentityPlatform and Wren are two independent forks of the original codebase. OpenIdentityPlatform chose to continue with the original project names, we have decided to change the name just to be on the safe side from the legal point of view.
janadebruyn
@janadebruyn
@sigegcp Hi Tomislav, nice to see our users reaching out, it's useful to receive feedback. I am planning to launch a small survey to gather even more of it. And you are always welcome to drop us a line here with further insights. Thanks.
sigegcp
@sigegcp
@janadebruyn Thanks. Sure I will.
sigegcp
@sigegcp
Is it possible to create custom workflow with multiple degree of verification process? For an example, user requests permission for some resource on some server, user with user manager role needs to verify content of request (is it properly requested - if user requests one resource but choose in IAM different one - mistake correction), second is his superrion - does he needs that resource access, then third person to accept this is asset owner (head of department for that resource) then permission is granted. Every user in workflow can deny or accept request.
Pavel Horal
@pavelhoral
Yes, this is quite a common workflow setup (i.e. manager -> application owner -> role owner). You can add as many approval steps / user tasks as you need.
sigegcp
@sigegcp
Maybe I'm missing something but I don't have Manager tab only Manage.
Pavel Horal
@pavelhoral
Not sure I understand. You can define workflow with multiple user tasks and name them as you like. There is no "Manager" tab.
Karel Maxa
@karelmaxa
I would add that Wren:IDM is using Activiti workflow engine. So you can use Activiti Designer to create complex workflows with multiple user tasks.
There is no built-in workflow designer in the Wren:IDM.
sigegcp
@sigegcp
Thanks, I did not express mysqlf correctly. THe question is where in the app menu can I do that.
sigegcp
@sigegcp

Caused by: org.activiti.engine.ActivitiException: Can't find scripting engine for 'groovy'

cat pom.xml | grep groovy
<groovy.version>2.4.7</groovy.version>
<openicf.groovyconnector.version>1.4.3.0</openicf.groovyconnector.version>
<artifactId>script-groovy</artifactId>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId>
<version>${groovy.version}</version>

How Can I resolve this error?

Karel Maxa
@karelmaxa
This issue has been resolved in WrenSecurity/wrenidm#88. The pull request has been already merged into master.
sigegcp
@sigegcp
Thanks, I have stared from beggining. Compiled again.
[INFO] Wren:IDM - UI - Admin .............................. FAILURE [01:50 min]
dmin: Failed to run task: 'grunt build:dev --target-version=6.0.0-SNAPSHOT' failed. (error code 6) -> [Help 1]
sigegcp
@sigegcp

[ERROR] Failed to execute goal com.github.eirslett:frontend-maven-plugin:0.0.28:grunt (grunt) on project openidm-ui-admin: Failed to run task: 'grunt build:dev --target-version=6.0.0-SNAPSHOT' failed. (error code 6) -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal com.github.eirslett:frontend-maven-plugin:0.0.28:grunt (grunt) on project openidm-ui-admin: Failed to run task

Caused by: org.apache.maven.plugin.MojoFailureException: Failed to run task

Caused by: com.github.eirslett.maven.plugins.frontend.lib.TaskRunnerException: 'grunt build:dev --target-version=6.0.0-SNAPSHOT' failed. (error code 6)

Pavel Horal
@pavelhoral
Not sure what might be the cause here. There must be some additional information somewhere as the quoted maven output just states that grunt build ended with error.
Master is buildable as our CI pipeline shows - https://github.com/WrenSecurity/wrenidm/runs/1919524213
sigegcp
@sigegcp

I was following sample workflow. In step 7:

  • Notice the same form content that was provided by user1, along with "Decision": "Accept".
  • Click "Complete" to finish the task.

When I try to complete the task I got this error:
Caused by: org.activiti.engine.impl.javax.el.PropertyNotFoundException: Cannot resolve identifier 'decision'

sigegcp
@sigegcp

I have uploaded .bar file in sample/workflow directory.

Starting the IDM i have error message:
-> Error while closing command context
org.activiti.bpmn.exceptions.XMLException: Premature end of file.

Unable to deploy activiti bundle
org.activiti.bpmn.exceptions.XMLException: Premature end of file.

Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Premature end of file.

Ia have created bar file inside Eclipse using Activiti as addon.

Pavel Horal
@pavelhoral
Confirmed WrenSecurity/wrenidm#90 - looks like some sample workflows are not working.
withusandeep
@withusandeep
Hi Guys , i am trying to use openam for social authentication with google .Openam has to go through outbound proxy which is protected with userid/password authentication .it is failing with error "java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 authenticationrequired""
i tried https://wikis.forgerock.org/confluence/display/openam/Configure+OpenAM+to+use+outbound+web+proxy and also -Djdk.http.auth.tunneling.disabledSchemes= but nothing seems to be workig. Any help appreciated
Pavel Horal
@pavelhoral
I am not sure there is a support for authenticated outbound proxy.
But it seems it should not be that complex to add this feature yourself as it can be configured on the JVM level.
withusandeep
@withusandeep
thanks Pavel Horal. will give a try. if you can give some pointer how to acheive that would be gr8
Pavel Horal
@pavelhoral
I am not sure, where the JRE support for authenticated proxy starts/ends... many articles mention http.proxyUser and http.proxyPassword system properties. But I am not sure if those are automagically picked up and used.
withusandeep
@withusandeep
proxyUser and proxyPassword are not java system properties .I think they are part of apache http client.
Pavel Horal
@pavelhoral
If those auth options are not supported in JRE by default and you need to register Authenticator yourself, I would probably hack that piece of code into ServletContextListener and register it in AM's web.xml.
withusandeep
@withusandeep
thinking about writing a tomcat filter class and set the proxy authentication there. no idea it will work or not
that is my plan .registering in web.xml
Pavel Horal
@pavelhoral
Filter might not be the best place for this as it seems to be one-time-only thing.
withusandeep
@withusandeep
yeah you are right
Pavel Horal
@pavelhoral
Btw. check for example https://stackoverflow.com/a/40996814/865403 (mainly the first comment)... that is why I am not sure what is actually supported by JRE.
withusandeep
@withusandeep
thanks . i tested all that options and noting seems to be working . So i think. i need to write the authenticator class and load it on startup
smukkand
@smukkand
Hi to Everyone , Glad to see the effort on enhancing the forgerock community edition, I have been into the forgerock stack for quite long time. Now a days i am more into the opensource technologies for my current company. I got into this error while build from wrenidm master branch:
image.png