- ForgeRock Forum and Blog

Andrew started the topic Set a User's password from Auth Node Script in the forum Access Management 3 years, 4 months ago

Hi There,

Just wondering if there is an API that allows me to set a user’s password in a Scripted Node without having to make a REST call?

Any suggestions that will remove the setup time for a TCP connection etc. would be appreciated. Something like whats available for getting and setting user attributes.

Cheers
Andrew replied to the topic Check OAUTH2 Session – response_type=none error in the forum Access Management 3 years, 4 months ago

I’m using 6.5.1.

I’ll try with 6.5.2.

Thanks Peter
Andrew started the topic Custom Password Policy – Error when referencing an external script in the forum Identity Management 3 years, 5 months ago

Hi There,

I need to add a new custom password policy. I have followed these instructions https://backstage.forgerock.com/docs/idm/6.5/integrators-guide/#custom-scripted-policies. Also these http://tumy-tech.com/2015/04/11/openidm-implementing-a-custom-password-policy/

Using 6.5.0.1 after adding my script to the additionalFiles value in…[Read more]
Andrew replied to the topic Error running npm run dev – end user UI in the forum Identity Management 3 years, 5 months ago

My sarcasm. “fix” for me was a reboot. I’d suggest the Mac was low on memory and not enough for the node instance to start up properly. Recommend as much free RAM as possible.
Andrew started the topic Check OAUTH2 Session – response_type=none error in the forum Access Management 3 years, 5 months ago

Hi There,

As per the manual (https://backstage.forgerock.com/docs/am/6.5/oidc1-guide/#session_management_state) you use the authorize endpoint with a response_type=none to obtain current session state.

I’ve been trying to get this to work but continue to get error…[Read more]
Andrew replied to the topic Shared State – Password in the forum Access Management 3 years, 5 months ago

AM 6.5.1 works for accessing the password from transientState in a Scripted Auth Node.

var sharedpassword= transientState.get(“password”);
Andrew started the topic Forgot Password – Success URL in the forum Identity Management 3 years, 5 months ago

Hi There,

I have a need that when a user successfully resets their password via the Forgot Password functionality in IDM 6.5 that I can specify a success URL parameter so that when their password is reset they are directed to that page. Right now, after email validation and changing password they are dropped to the IDM profile page (or in my case…[Read more]
Andrew replied to the topic Error running npm run dev – end user UI in the forum Identity Management 3 years, 5 months ago

Microsoft fix resolved this. Reboot a Mac (??) and now works. Perhaps a resource conflict.
Andrew started the topic Error running npm run dev – end user UI in the forum Identity Management 3 years, 5 months ago

Trying to run the node development server component to modify the end user UI.

Using Node 10.15.1 I he following error after running “npm run dev”

“78% module and chunk tree optimization optimize-tree” and then it hangs.

Any ideas what may be causing this?

Thanks

ANdrew
Andrew replied to the topic Remove kid value from JWT in the forum Access Management 3 years, 5 months ago

Thanks Peter – We managed to get around this. The client was posting additional information with the JWT by mistake which invalidated the signature. We good now.
Andrew replied to the topic Remove kid value from JWT in the forum Access Management 3 years, 6 months ago

Sort of on this track, is it possible to specify the kid value manually?
Andrew replied to the topic Remove kid value from JWT in the forum Access Management 3 years, 6 months ago

I’m having a problem where a 3rd party is receiving a bearer token I’ve created and signed with the default public key. They want to use a certificate in their local certificate store rather than the kid and JWKS_URI. I have tested the public key and the certificate in OpenAM with my JWT on jwt.io and they validate fine.

The 3rd party is getting…[Read more]
Andrew started the topic Remove kid value from JWT in the forum Access Management 3 years, 6 months ago

The kid value in a JWT is optional – https://tools.ietf.org/html/rfc7515#section-4.1.4.

Anyone know if there is a way to omit the kid value from a JWT generated as part of an OIDC Authorisation Code flow?

Thanks
Andrew replied to the topic OAuth2 id_token with aud contains URL in the forum Access Management 3 years, 6 months ago

Exactly. I didn’t need to customise the aud value. I just made the clientID name the replying party’s URL. Am 6.5 admin UI wouldn’t accept http:// but it would take a name with dots in it – even though it said it wouldn’t.
Andrew started the topic Device Profile Management in the forum Access Management 3 years, 6 months ago

I have setup device profiling and had a few questions that don’t seem to be documented.

1. I have set the number of profiles to be stored as 2. What should happen if I authenticate from a third device? I’ve tried this from 3 systems and all 3 seem to profile and I don;t need the strong authentication on all 3 – there are 3 profiles being…[Read more]
Andrew replied to the topic How to get the Certificate associated with a JWT signing key in the forum Access Management 3 years, 6 months ago

After exporting every certificate in the JKS and JCEKS ketstores I managed to find the one I was looking for and using jwt.io to verify. The default installation uses rsajwtsigningkey.
Andrew started the topic How to get the Certificate associated with a JWT signing key in the forum Access Management 3 years, 6 months ago

Hi There,

I have a JWT that is signed with the public key specified by the kid in the token and accessible via the JWK_URI. Using jwt.io. I can validate that this works.

I have a 3rd party that’s receiving a bearer token signed by AM 6.5 and wants the public certificate associated with the public key specified by the kid.

Where do I get this…[Read more]
Andrew replied to the topic OAuth2 id_token with aud contains URL in the forum Access Management 3 years, 6 months ago

The 3rd party changed their requirement and I was able to drop the http://. As much as AM 6.5 UI stating “.” can;t be used, it can. So I was able to specify the FQDN.
Andrew replied to the topic Export/Access id_token signing certificate in the forum Access Management 3 years, 6 months ago

Looks like I fixed this myself.

keytool -exportcert -storetype jceks -alias test -keypass changeit -keystore keystore.jceks -storepass “<.storpass>” -rfc -file keystore.pem
Andrew started the topic Export/Access id_token signing certificate in the forum Access Management 3 years, 6 months ago

Hi There, I have a 3rd party that I create a bearer token to authenticate to. They are asking for the X509 for the self-signed cert that created the signing key.

I have used the /openam/oauth2/connect/jwk_uri and supplied that and also a PEM converted version which evidently isn’t enough.

Is there and where can I get the public certificate that…[Read more]
Load More