-
[email protected] started the topic How to invalidate all the current user sessions at the moment? in the forum Access Management 3 years, 1 month ago
Hi,
Is there any OpenAM rest point or something which I can use to delete all the existing sessions for the given user (userid)?
Note: I know that we can do by going to OpenAM console but I have a need to do it programatically on some customer’s action.
Thanks,
Anji. -
[email protected] started the topic Expiring the individual ForgeRock User password in DJ in the forum Directory Services 3 years, 2 months ago
Hi Team,
I have a requirement to expire the individual customer/User’s password after certain period of time. Is there any built-in/out of the box feature in DJ that I can leverage?
E.g. I have a user SAM in my DJ and I want to expire SAM’s password in next two days or after 48 hours so that he will get failure when he try to…[Read more]
-
[email protected] replied to the topic Change RDN from one attribute to another in the forum Directory Services 3 years, 3 months ago
Thanks Brad. The link that you have given explains how to change the value of the RDN and doesn’t show how to change the RDN attribute itself. Can you confirm please?
Thanks,
Anji. -
[email protected] started the topic Change RDN from one attribute to another in the forum Directory Services 3 years, 3 months ago
Hi,
Right now we have around 15Million records in production and UID is our RDN. But we want to change the RDN from UID to some other GUID attribute. And both of these(UID and GUID) attributes exist and are already populated with the values. So we need to just flip the RDN attribute without affecting any data.
Current: DN:…[Read more]
-
[email protected] started the topic OpenAM AMLB cookie for stickiness in the forum Access Management 3 years, 4 months ago
Is there a good documentation on how AMLB cookie works for stickiness?. We need to configure that on AWS ELB to maintain the stickiness. Please help.
-
[email protected] started the topic OpenDJ Restricted password list file in the forum Directory Services 3 years, 5 months ago
Hi, We want to maintain a file which contains the list of bad passwords that we don’t want our customers to choose. Is there a way to achieve this in OpenDJ? This is not the password history related one which is specific to customer. But this Restricted list should apply basically to all DJ users.
Any help here will be appreciated.
Thanks,
Anji. -
[email protected] replied to the topic OpenAM Rest Endpoints for user provisioning and authentication in the forum Access Management 3 years, 6 months ago
Thanks Simon. Yeah we thought the same for Authentication but thinking what can we do for user provisioning (/users) for create user and update user using the OpenAM Rest Endpoints.
Thanks,
Anji. -
[email protected] replied to the topic OpenAM Rest Endpoints for user provisioning and authentication in the forum Access Management 3 years, 6 months ago
Also, I am looking at OpenAM level and not at OpenDJ level. We are not planning to use OpenAM Rest endpoints for Authentication and Provisioning and we don’t want to invoke OpenDJ directly.
-
[email protected] replied to the topic OpenAM Rest Endpoints for user provisioning and authentication in the forum Access Management 3 years, 6 months ago
Thank you so much Brad for the inputs. Can you please give me some clue/pointers how can we do this?
Thanks,
Anji. -
[email protected] started the topic OpenAM Rest Endpoints for user provisioning and authentication in the forum Access Management 3 years, 6 months ago
Hello all, we are using the forgerock OpenAM Rest APIs for authentication and UserProfile management. We have a requirement to send the encrypted username and encrypted password all the way upto ForgeRock OpenAM. If we do so, is there a way to decrypt username/password before doing the authentication and before it gets stored in the OpenDJ.…[Read more]
-
[email protected] replied to the topic Lock and Unlock user Account Manually Using REST APIs in the forum Directory Services 4 years ago
Thanks Ludo. But we don’t want to use the OpenDJ rest API directly. We want to use the OpenAM rest API to create/read/update/delete users. Also we want to use the OpenAM Rest API for lock and unlock the user as well.
Do you see any potential solution around this. We don’t want to change the password to unlock the user.
Thanks,
Anji. -
[email protected] started the topic Password Policy in the forum Access Management 4 years ago
Hi, I have created the custom password policy. My requirement is to get different properties of user using REST API /json/users/<username> like “invalidattempts”, “lastlogingtimestamp”, account locked or not locked etc… Is there a way to fetch all this information using OpenAM rest endpoints for any given user in single call?
-
[email protected] started the topic Lock and Unlock user Account Manually Using REST APIs in the forum Directory Services 4 years ago
I am wondering that I am not able to find out any REST API to lock the user account and unlock the user Account manually using the REST APIs. I think there should be feature to be able to lock/unlock the account without really changing the password. Is this intentionally not provided or just was missed out?
We have a use case where we need to…[Read more]
-
[email protected] replied to the topic OpenAM Token Refresh in the forum Access Management 4 years, 1 month ago
Thanks Scott. So you say that actual token string will not be changed on refresh but it the idle time will be reset in the openAM session to keep it alive. So this means that Token(actual string I mean) will remain constant for for its life time then.
I was reading some articles saying that it is good idea to change the token string every time it…[Read more]
-
[email protected] started the topic Implicit Token Refresh not happening on Policy evaluation call from OpenIG PEP in the forum Access Management 4 years, 1 month ago
We are using OpenIG policy enforcement filter for policy evaluations. I am under the impression that token would be refreshed when it is touched for policy evaluation but it seems it is not happening. Can you please let me know your thoughts on this? Is this the expected or is Forgerock going to make any changes to this behaviour?
Thanks,
Anji. -
[email protected] started the topic Implicit Token Refresh not happening on Policy evaluation call from OpenIG PEP in the forum Access Management 4 years, 1 month ago
We are using OpenIG policy enforcement filter for policy evaluations. I am under the impression that token would be refreshed when it is touched for policy evaluation but it seems it is not happening. Can you please let me know your thoughts on this? Is this the expected or is Forgerock going to make any changes to this behaviour?
Thanks,
Anji. -
[email protected] started the topic OpenAM Token Refresh in the forum Access Management 4 years, 1 month ago
We are using the stateful sessions. When we call the OpenAM’s token refresh Rest API, idle time is getting reflected/updated but it seems that token is not getting changed on refresh. Isn’t the token supposed to be changed when token is refreshed for its idle time in the backend?
Is that true that in stateful world will we have the same token…[Read more]
-
[email protected] started the topic OpenAM Token Refresh in the forum Access Management 4 years, 1 month ago
We are using the stateful sessions. When we call the OpenAM’s token refresh Rest API, idle time is getting reflected/updated but it seems that token is not getting changed on refresh. Isn’t the token supposed to be changed when token is refreshed for its idle time in the backend?
Is that true that in stateful world, we will have the same token…[Read more]
-
[email protected] started the topic SSO CrossDomain with OpenIG PEP without agent in the forum Access Management 4 years, 1 month ago
Is that a good idea to do SSO cross domain using just OpenIG Policy Enforcement Filter without any agent? If so, do we really need CORS to be enabled on openAM?
-
[email protected] started the topic Session Upgrade Using OpenAM Rest API in the forum Access Management 4 years, 2 months ago
Hi,
Is there a way to upgrade the existing session token to the given authentication level using any OpenAM Rest end points? In my case, I just want to believe the client and should just change the AuthLevel without doing any real next level authentication?
Please let me know.
Thanks,
Anji. - Load More
