Andrew

Home Members Andrew

Learn more about our upcoming Identity Summits

show less show more
Profile picture of Andrew

@andrew-lathamasx-com-au

active 3 years ago
Points balance: 201 ♪
Rank: Andrew
  • Activity
  • Profile
  • Groups 0
  • Forums
  • Personal
  • Mentions
  • Favorites
  • Groups
  • Profile picture of Andrew

    Andrew started the topic Set a User's password from Auth Node Script in the forum Access Management 3 years ago

    Hi There,

    Just wondering if there is an API that allows me to set a user’s password in a Scripted Node without having to make a REST call?

    Any suggestions that will remove the setup time for a TCP connection etc. would be appreciated. Something like whats available for getting and setting user attributes.

    Cheers

  • Profile picture of Andrew

    Andrew replied to the topic Check OAUTH2 Session – response_type=none error in the forum Access Management 3 years, 1 month ago

    I’m using 6.5.1.

    I’ll try with 6.5.2.

    Thanks Peter

  • Profile picture of Andrew

    Andrew started the topic Custom Password Policy – Error when referencing an external script in the forum Identity Management 3 years, 1 month ago

    Hi There,

    I need to add a new custom password policy. I have followed these instructions https://backstage.forgerock.com/docs/idm/6.5/integrators-guide/#custom-scripted-policies. Also these http://tumy-tech.com/2015/04/11/openidm-implementing-a-custom-password-policy/

    Using 6.5.0.1 after adding my script to the additionalFiles value in…[Read more]

  • Profile picture of Andrew

    Andrew replied to the topic Error running npm run dev – end user UI in the forum Identity Management 3 years, 1 month ago

    My sarcasm. “fix” for me was a reboot. I’d suggest the Mac was low on memory and not enough for the node instance to start up properly. Recommend as much free RAM as possible.

  • Profile picture of Andrew

    Andrew started the topic Check OAUTH2 Session – response_type=none error in the forum Access Management 3 years, 1 month ago

    Hi There,

    As per the manual (https://backstage.forgerock.com/docs/am/6.5/oidc1-guide/#session_management_state) you use the authorize endpoint with a response_type=none to obtain current session state.

    I’ve been trying to get this to work but continue to get error…[Read more]

  • Profile picture of Andrew

    Andrew replied to the topic Shared State – Password in the forum Access Management 3 years, 1 month ago

    AM 6.5.1 works for accessing the password from transientState in a Scripted Auth Node.

    var sharedpassword= transientState.get(“password”);

  • Profile picture of Andrew

    Andrew started the topic Forgot Password – Success URL in the forum Identity Management 3 years, 1 month ago

    Hi There,

    I have a need that when a user successfully resets their password via the Forgot Password functionality in IDM 6.5 that I can specify a success URL parameter so that when their password is reset they are directed to that page. Right now, after email validation and changing password they are dropped to the IDM profile page (or in my case…[Read more]

  • Profile picture of Andrew

    Andrew replied to the topic Error running npm run dev – end user UI in the forum Identity Management 3 years, 1 month ago

    Microsoft fix resolved this. Reboot a Mac (??) and now works. Perhaps a resource conflict.

  • Profile picture of Andrew

    Andrew started the topic Error running npm run dev – end user UI in the forum Identity Management 3 years, 1 month ago

    Trying to run the node development server component to modify the end user UI.

    Using Node 10.15.1 I he following error after running “npm run dev”

    “78% module and chunk tree optimization optimize-tree” and then it hangs.

    Any ideas what may be causing this?

    Thanks

    ANdrew

  • Profile picture of Andrew

    Andrew replied to the topic Remove kid value from JWT in the forum Access Management 3 years, 1 month ago

    Thanks Peter – We managed to get around this. The client was posting additional information with the JWT by mistake which invalidated the signature. We good now.

  • Profile picture of Andrew

    Andrew replied to the topic Remove kid value from JWT in the forum Access Management 3 years, 2 months ago

    Sort of on this track, is it possible to specify the kid value manually?

  • Profile picture of Andrew

    Andrew replied to the topic Remove kid value from JWT in the forum Access Management 3 years, 2 months ago

    I’m having a problem where a 3rd party is receiving a bearer token I’ve created and signed with the default public key. They want to use a certificate in their local certificate store rather than the kid and JWKS_URI. I have tested the public key and the certificate in OpenAM with my JWT on jwt.io and they validate fine.

    The 3rd party is getting…[Read more]

  • Profile picture of Andrew

    Andrew started the topic Remove kid value from JWT in the forum Access Management 3 years, 2 months ago

    The kid value in a JWT is optional – https://tools.ietf.org/html/rfc7515#section-4.1.4.

    Anyone know if there is a way to omit the kid value from a JWT generated as part of an OIDC Authorisation Code flow?

    Thanks

  • Profile picture of Andrew

    Andrew replied to the topic OAuth2 id_token with aud contains URL in the forum Access Management 3 years, 2 months ago

    Exactly. I didn’t need to customise the aud value. I just made the clientID name the replying party’s URL. Am 6.5 admin UI wouldn’t accept http:// but it would take a name with dots in it – even though it said it wouldn’t.

  • Profile picture of Andrew

    Andrew started the topic Device Profile Management in the forum Access Management 3 years, 2 months ago

    I have setup device profiling and had a few questions that don’t seem to be documented.

    1. I have set the number of profiles to be stored as 2. What should happen if I authenticate from a third device? I’ve tried this from 3 systems and all 3 seem to profile and I don;t need the strong authentication on all 3 – there are 3 profiles being…[Read more]

  • Profile picture of Andrew

    Andrew replied to the topic How to get the Certificate associated with a JWT signing key in the forum Access Management 3 years, 2 months ago

    After exporting every certificate in the JKS and JCEKS ketstores I managed to find the one I was looking for and using jwt.io to verify. The default installation uses rsajwtsigningkey.

  • Profile picture of Andrew

    Andrew started the topic How to get the Certificate associated with a JWT signing key in the forum Access Management 3 years, 2 months ago

    Hi There,

    I have a JWT that is signed with the public key specified by the kid in the token and accessible via the JWK_URI. Using jwt.io. I can validate that this works.

    I have a 3rd party that’s receiving a bearer token signed by AM 6.5 and wants the public certificate associated with the public key specified by the kid.

    Where do I get this…[Read more]

  • Profile picture of Andrew

    Andrew replied to the topic OAuth2 id_token with aud contains URL in the forum Access Management 3 years, 2 months ago

    The 3rd party changed their requirement and I was able to drop the http://. As much as AM 6.5 UI stating “.” can;t be used, it can. So I was able to specify the FQDN.

  • Profile picture of Andrew

    Andrew replied to the topic Export/Access id_token signing certificate in the forum Access Management 3 years, 2 months ago

    Looks like I fixed this myself.

    keytool -exportcert -storetype jceks -alias test -keypass changeit -keystore keystore.jceks -storepass “<.storpass>” -rfc -file keystore.pem

  • Profile picture of Andrew

    Andrew started the topic Export/Access id_token signing certificate in the forum Access Management 3 years, 2 months ago

    Hi There, I have a 3rd party that I create a bearer token to authenticate to. They are asking for the X509 for the self-signed cert that created the signing key.

    I have used the /openam/oauth2/connect/jwk_uri and supplied that and also a PEM converted version which evidently isn’t enough.

    Is there and where can I get the public certificate that…[Read more]

  • Load More
Profile Photo ancyss Profile Photo Rohit Gaikwad

Search the forums

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.

Recent blog posts

  • Using an Authentication Tree Stage to Build a Custom UI with the ForgeRock JavaScript SDK February 26, 2020
  • Identity Workflow with AM using Zeebe and Cloud Functions February 19, 2020
  • IDM: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 23, 2020
  • DS: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
  • AM and IG: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
Visit our blog

Recent Topics

  • Handle exception in Node Patch Object
  • SP Initiated SSO – Unable to do sso or federation
  • Realm level access
  • How can I generate 32 bytes Random salt in js script
  • Bypass Login Page in Chain

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

  • Blog
  • Documentation
    • OpenAM / Access Management
    • OpenDJ / Directory Services
    • OpenIDM / Identity Management
    • OpenIG / Identity Gateway
    • OpenICF / Open Connector Framework
    • Intro to Identity
  • Forums
    • General Discussion
    • ForgeRock Products
      • OpenAM
      • OpenIDM
      • OpenDJ
      • OpenIG
      • OpenUMA
    • DevOps
    • Internet of Things
    • Documentation
    • Groups
  • Twitter
  • Facebook
  • Linkedin
  • Youtube

Log in with your credentials

Lost your password?

Forgot your details?

I remember my details