Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Oct 13 13:13
    krystofNovotny opened #117
  • Oct 12 16:05

    pavelhoral on master

    [maven-release-plugin] prepare … (compare)

  • Oct 12 16:05

    pavelhoral on 6.0.1

    (compare)

  • Oct 12 16:05

    pavelhoral on master

    Update wrensec-script version t… [maven-release-plugin] prepare … (compare)

  • Oct 12 15:37
    pavelhoral closed #116
  • Oct 12 15:37

    pavelhoral on master

    Change BUILD_TAG back to enviro… (compare)

  • Oct 12 15:12

    pavelhoral on master

    [maven-release-plugin] prepare … (compare)

  • Oct 12 15:12

    pavelhoral on 4.4.1

    (compare)

  • Oct 12 15:12

    pavelhoral on master

    [maven-release-plugin] prepare … (compare)

  • Oct 12 14:54
    krystofNovotny closed #12
  • Oct 12 14:54
    krystofNovotny commented #12
  • Oct 12 14:32

    pavelhoral on master

    Fix concat behavior. (#12) Merge pull request #13 from kry… (compare)

  • Oct 12 14:32
    pavelhoral closed #13
  • Oct 12 14:32
    pavelhoral commented #13
  • Oct 12 14:22
    krystofNovotny opened #13
  • Oct 12 13:47
    krystofNovotny edited #12
  • Oct 12 13:46
    krystofNovotny opened #12
  • Oct 12 13:06

    karelmaxa on master

    Fix URL of DockerHub repository. (compare)

  • Oct 11 08:47
    krystofNovotny commented #116
  • Oct 08 14:56
    pavelhoral commented #116
sigegcp
@sigegcp
Is it possible to create custom workflow with multiple degree of verification process? For an example, user requests permission for some resource on some server, user with user manager role needs to verify content of request (is it properly requested - if user requests one resource but choose in IAM different one - mistake correction), second is his superrion - does he needs that resource access, then third person to accept this is asset owner (head of department for that resource) then permission is granted. Every user in workflow can deny or accept request.
Pavel Horal
@pavelhoral
Yes, this is quite a common workflow setup (i.e. manager -> application owner -> role owner). You can add as many approval steps / user tasks as you need.
sigegcp
@sigegcp
Maybe I'm missing something but I don't have Manager tab only Manage.
Pavel Horal
@pavelhoral
Not sure I understand. You can define workflow with multiple user tasks and name them as you like. There is no "Manager" tab.
Karel Maxa
@karelmaxa
I would add that Wren:IDM is using Activiti workflow engine. So you can use Activiti Designer to create complex workflows with multiple user tasks.
There is no built-in workflow designer in the Wren:IDM.
sigegcp
@sigegcp
Thanks, I did not express mysqlf correctly. THe question is where in the app menu can I do that.
sigegcp
@sigegcp

Caused by: org.activiti.engine.ActivitiException: Can't find scripting engine for 'groovy'

cat pom.xml | grep groovy
<groovy.version>2.4.7</groovy.version>
<openicf.groovyconnector.version>1.4.3.0</openicf.groovyconnector.version>
<artifactId>script-groovy</artifactId>
<groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId>
<version>${groovy.version}</version>

How Can I resolve this error?

Karel Maxa
@karelmaxa
This issue has been resolved in WrenSecurity/wrenidm#88. The pull request has been already merged into master.
sigegcp
@sigegcp
Thanks, I have stared from beggining. Compiled again.
[INFO] Wren:IDM - UI - Admin .............................. FAILURE [01:50 min]
dmin: Failed to run task: 'grunt build:dev --target-version=6.0.0-SNAPSHOT' failed. (error code 6) -> [Help 1]
sigegcp
@sigegcp

[ERROR] Failed to execute goal com.github.eirslett:frontend-maven-plugin:0.0.28:grunt (grunt) on project openidm-ui-admin: Failed to run task: 'grunt build:dev --target-version=6.0.0-SNAPSHOT' failed. (error code 6) -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal com.github.eirslett:frontend-maven-plugin:0.0.28:grunt (grunt) on project openidm-ui-admin: Failed to run task

Caused by: org.apache.maven.plugin.MojoFailureException: Failed to run task

Caused by: com.github.eirslett.maven.plugins.frontend.lib.TaskRunnerException: 'grunt build:dev --target-version=6.0.0-SNAPSHOT' failed. (error code 6)

Pavel Horal
@pavelhoral
Not sure what might be the cause here. There must be some additional information somewhere as the quoted maven output just states that grunt build ended with error.
Master is buildable as our CI pipeline shows - https://github.com/WrenSecurity/wrenidm/runs/1919524213
sigegcp
@sigegcp

I was following sample workflow. In step 7:

  • Notice the same form content that was provided by user1, along with "Decision": "Accept".
  • Click "Complete" to finish the task.

When I try to complete the task I got this error:
Caused by: org.activiti.engine.impl.javax.el.PropertyNotFoundException: Cannot resolve identifier 'decision'

sigegcp
@sigegcp

I have uploaded .bar file in sample/workflow directory.

Starting the IDM i have error message:
-> Error while closing command context
org.activiti.bpmn.exceptions.XMLException: Premature end of file.

Unable to deploy activiti bundle
org.activiti.bpmn.exceptions.XMLException: Premature end of file.

Caused by: org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Premature end of file.

Ia have created bar file inside Eclipse using Activiti as addon.

Pavel Horal
@pavelhoral
Confirmed WrenSecurity/wrenidm#90 - looks like some sample workflows are not working.
withusandeep
@withusandeep
Hi Guys , i am trying to use openam for social authentication with google .Openam has to go through outbound proxy which is protected with userid/password authentication .it is failing with error "java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 authenticationrequired""
i tried https://wikis.forgerock.org/confluence/display/openam/Configure+OpenAM+to+use+outbound+web+proxy and also -Djdk.http.auth.tunneling.disabledSchemes= but nothing seems to be workig. Any help appreciated
Pavel Horal
@pavelhoral
I am not sure there is a support for authenticated outbound proxy.
But it seems it should not be that complex to add this feature yourself as it can be configured on the JVM level.
withusandeep
@withusandeep
thanks Pavel Horal. will give a try. if you can give some pointer how to acheive that would be gr8
Pavel Horal
@pavelhoral
I am not sure, where the JRE support for authenticated proxy starts/ends... many articles mention http.proxyUser and http.proxyPassword system properties. But I am not sure if those are automagically picked up and used.
withusandeep
@withusandeep
proxyUser and proxyPassword are not java system properties .I think they are part of apache http client.
Pavel Horal
@pavelhoral
If those auth options are not supported in JRE by default and you need to register Authenticator yourself, I would probably hack that piece of code into ServletContextListener and register it in AM's web.xml.
withusandeep
@withusandeep
thinking about writing a tomcat filter class and set the proxy authentication there. no idea it will work or not
that is my plan .registering in web.xml
Pavel Horal
@pavelhoral
Filter might not be the best place for this as it seems to be one-time-only thing.
withusandeep
@withusandeep
yeah you are right
Pavel Horal
@pavelhoral
Btw. check for example https://stackoverflow.com/a/40996814/865403 (mainly the first comment)... that is why I am not sure what is actually supported by JRE.
withusandeep
@withusandeep
thanks . i tested all that options and noting seems to be working . So i think. i need to write the authenticator class and load it on startup
smukkand
@smukkand
Hi to Everyone , Glad to see the effort on enhancing the forgerock community edition, I have been into the forgerock stack for quite long time. Now a days i am more into the opensource technologies for my current company. I got into this error while build from wrenidm master branch:
image.png
[INFO] Wren:IDM - Provisioner System Bundle ............... SUCCESS [ 2.907 s]
[INFO] Wren:IDM - Provisioner System Bundle - Wren:ICF .... FAILURE [ 1.635 s]
[INFO] Wren:IDM - Repository Bundle - JDBC ................ SKIPPED
[INFO] Wren:IDM - Servlet Filter Registration Handler ..... SKIPPED
[INFO] Wren:IDM - API servlet ............................. SKIPPED
[INFO] Wren:IDM - Authentication Filter ................... SKIPPED
[INFO] Wren:IDM - Web Servlet ............................. SKIPPED
[INFO] Wren:IDM - Scheduler ............................... SKIPPED
[INFO] Wren:IDM - Fragment for Jetty Security ............. SKIPPED
[INFO] Wren:IDM - Self-Service Bundle ..................... SKIPPED
[INFO] Wren:IDM - Felix Gogo Shell ........................ SKIPPED
[INFO] Wren:IDM - Credential Management Service ........... SKIPPED
[INFO] Wren:IDM - UI - Parent ............................. SKIPPED
[INFO] Wren:IDM - UI - Common ............................. SKIPPED
[INFO] Wren:IDM - UI - Admin .............................. SKIPPED
[INFO] Wren:IDM - UI - End-user ........................... SKIPPED
[INFO] Wren:IDM - UI - API Explorer ....................... SKIPPED
[INFO] Wren:IDM - Activiti BPMN 2.0 Integration ........... SKIPPED
[INFO] Wren:IDM - Maintenance Handler ..................... SKIPPED
[INFO] Wren:IDM - Custom Groovy Connector Bundler ......... SKIPPED
[INFO] Wren:IDM - ZIP File Assembly ....................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 04:06 min
[INFO] Finished at: 2021-05-03T19:50:32+05:30
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-dependency-plugin:3.1.2:copy (copy-connectorbundles) on project openidm-provisioner-openicf: Unable to find/resolve artifact. Failed to read artifact descriptor for org.forgerock.openicf.connectors:xml-connector:jar:1.1.0.3: Could not transfer artifact org.forgerock.openicf.connectors:xml-connector:pom:1.1.0.3 from/to wrensecurity-forgerock-archive (http://dl.bintray.com/wrensecurity/forgerock-archive): Access denied to: http://dl.bintray.com/wrensecurity/forgerock-archive/org/forgerock/openicf/connectors/xml-connector/1.1.0.3/xml-connector-1.1.0.3.pom -> [Help 1]
[ERROR]
Can someone help me?
Pavel Horal
@pavelhoral
That is a strange issue. Master should be 100 % buildable as our CI pipeline passes - https://github.com/WrenSecurity/wrenidm/actions/runs/796773893 .
What maven command are you using to build the project?
Pavel Horal
@pavelhoral
We might need to add xml-connector to our jfrog repository... I will look into it.
smukkand
@smukkand
Apache Maven 3.6.2 (40f52333136460af0dc0d7232c0dc0bcf0d9e117; 2019-08-27T20:36:16+05:30)
Maven home: /usr/local/Cellar/maven/3.6.2/libexec
Java version: 11.0.11, vendor: AdoptOpenJDK, runtime: /Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home
Default locale: en_SG, platform encoding: UTF-8
OS name: "mac os x", version: "11.1", arch: "x86_64", family: "mac"
here are the maven and jdk versions
I see,, ok
Pavel Horal
@pavelhoral
This issue is on our side. We will work on resolving it tomorrow.
smukkand
@smukkand
Thanks @pavelhoral , looking forward to that.
smukkand
@smukkand
Looks like similar issue exist on wrenam build too.
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-pmd-plugin:3.6:pmd (pmd) on project openam: Execution pmd of goal org.apache.maven.plugins:maven-pmd-plugin:3.6:pmd failed: Plugin org.apache.maven.plugins:maven-pmd-plugin:3.6 or one of its dependencies could not be resolved: Failed to collect dependencies at org.apache.maven.plugins:maven-pmd-plugin:jar:3.6 -> org.forgerock.openam.pmd.rules:enforce-timeservice:jar:1.0.0: Failed to read artifact descriptor for org.forgerock.openam.pmd.rules:enforce-timeservice:jar:1.0.0: Could not transfer artifact org.forgerock.openam.pmd.rules:enforce-timeservice:pom:1.0.0 from/to wrensecurity-forgerock-archive (http://dl.bintray.com/wrensecurity/forgerock-archive): Access denied to: http://dl.bintray.com/wrensecurity/forgerock-archive/org/forgerock/openam/pmd/rules/enforce-timeservice/1.0.0/enforce-timeservice-1.0.0.pom -> [Help 1]
[ERROR]
Francesco Chicchiriccò
@ilgrosso
Pavel Horal
@pavelhoral
Yap, already on it. We forgot some legacy artifacts in there.
Pavel Horal
@pavelhoral
I have moved all legacy artifacts under our JFrog release repo. Everything should be buildable again. You might get warnings about bintray - you can ignore those.
smukkand
@smukkand
@pavelhoral Unfortunately the build failed in different sections -