bertalanvoros

Home Members bertalanvoros

Learn more about our upcoming Identity Summits

show less show more
Profile picture of bertalanvoros

@bertalanvoros

active 4 years, 3 months ago
Points balance: 669 ♪
Rank: bertalanvoros
  • Activity
  • Profile
  • Groups 0
  • Forums
  • Personal
  • Mentions
  • Favorites
  • Groups
  • Profile picture of bertalanvoros

    bertalanvoros started the topic OpenIG PEP and Oauth in the forum Identity Gateway 4 years, 3 months ago

    Hello All,

    Is it possible or would it make sense at all to combine oauth and openam policy enforcement?
    In terms of getting an token by oauth then also being matched against the relevant policies in openam when accessing certain resources on an api.

    Essentially replacing the browser login part of the PEP example with a token obtained by…[Read more]

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic IG PEP redirect loop in the forum Identity Gateway 4 years, 3 months ago

    Hi, thanks again.
    Ended up rebuilding only to encounter the same problem.
    I then restarted the browser.
    Yes, they are on the same domain.
    All is well now.
    Thanks a lot once more.

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic IG PEP redirect loop in the forum Identity Gateway 4 years, 3 months ago

    One sideeffect, I can no longer log in into the OpenAM gui.
    Is it possible to recover from that without having to reinstall?

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic IG PEP redirect loop in the forum Identity Gateway 4 years, 3 months ago

    Thanks a lot Joachim, everything is now working as expected.
    Also thanks for the advice about OAuth2.

  • Profile picture of bertalanvoros

    bertalanvoros started the topic IG PEP redirect loop in the forum Identity Gateway 4 years, 3 months ago

    Hello All,

    I am configuring yet another proof of concept to test IG as a PEP to protect an api.

    I have set up everything according to the guide.
    (https://backstage.forgerock.com/docs/ig/5.5/gateway-guide/#chap-pep)

    When I try to access my test api, I get redirected to the AM login page where after a successful login having obtained the cookie…[Read more]

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 4 months ago

    Thanks a lot for all the responses.
    No luck unfortunately.
    The best I can get out of OpenAM when using MS AD as the user data store is a ldap error 53 when the initial configuration attempts to create a demo user.

    I even set up a test AD with a service account for openam that has full access and all password complexity requirements turned off to…[Read more]

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 4 months ago

    FINAL UPDATE:
    I turned off all password complexity requirements in the test AD.
    Still getting the same error.

    I give up.

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 4 months ago

    UPDATE:

    Quickly set up a test domain controller, created a user for openam that has full access to AD and getting a new error at the same step:

    02/14/2018 04:54:41:159 PM UTC: Creating demo user.
    AMSetupServlet.processRequest: errorMessage:Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception. ldap…[Read more]

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 4 months ago

    Just tested and the MS AD domain controller can be reached from the OpenAM machine by both pinging and on the relevant ports.

    Still getting the same error when the initial config is being applied.

    02/14/2018 02:48:30:523 PM UTC: Creating demo user.
    AMSetupServlet.processRequest: errorMessage:Plug-in org.forgerock.openam.idrepo.
    ldap.DJLDAPv3Repo…[Read more]

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 4 months ago

    Thanks a lot, this is really helpful.
    I am testing now if this is a connectivity problem.

  • Profile picture of bertalanvoros

    bertalanvoros started the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 4 months ago

    Hello All,

    I am doing an evaluation of OpenAM and OpenIG once more.
    Active Directory is used as the User Data Store.

    The account used to bind to AD is a read only account which I assume has something to do with this error.
    This used to work on previous version.

    Could someone confirm that this is the case or if I should look somewhere…[Read more]

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic OpenIG websockets compatibility in the forum Identity Gateway 5 years ago

    Does anyone know if this is likely to make it into 5.5?

  • Profile picture of bertalanvoros

    bertalanvoros started the topic OpenIG websockets compatibility in the forum Identity Gateway 5 years ago

    Hello All,

    Does anyone know if OpenIG supports websockets?

    I have been working on a proof of concept where OpenIG would be fronting an application that uses websockets.

    My current OpenIG config seems to fail when the application would instruct the client to change protocol.

    I am using OpenIG 5.

    Thanks in advance

  • Profile picture of bertalanvoros

    bertalanvoros started the topic OpenIG as saml SP agains an idP that is not OpenAM in the forum Identity Gateway 5 years ago

    Hello All,

    Long time no see!

    I am looking into using OpenIG as a saml service provider against an identity provider that is not OpenAM.

    The scenario:
    I have an app that would be protected by IG5 using saml against an idp of a third party.
    The idp in question is Ping Federate and it’s a component outside of my control.

    I have to admit that I am…[Read more]

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic Stuck during Default configuration in the forum Access Management 6 years ago

    How many CPUs and how much memory does the vm have?
    Is tomcat running on Linux in a VM or on a physical host?

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic Stuck during Default configuration in the forum Access Management 6 years ago

    Hello,

    I had similar issues when the VM I was running it on didn’t have enough resources.
    In my case a VM with a single CPU and 1GB of ram wasn’t enough.
    Now the VM running OpenAM has 2 CPUs and 4GB of RAM.

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic Dynamic user profile creation – MS Active Directory in the forum Access Management 6 years, 1 month ago

    Thanks Peter for the explanation.
    This cleared things up.

  • Profile picture of bertalanvoros

    bertalanvoros started the topic Dynamic user profile creation – MS Active Directory in the forum Access Management 6 years, 1 month ago

    Hello All,

    Could someone explain the implications of using dynamic user profile creation when the datastore is MS Active Directory?

    How does this work in practice?

    The reason I am asking is because there is a set of users to be authenticated by OpenAM that do not exist in AD, only in an external database.

    An OpenIG route that is dependent on…[Read more]

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic Openam – MS Active Directory Datastore question in the forum Access Management 6 years, 1 month ago

    This is all true, but from an usability point of view when you are installing OpenAM for the first time you expect to see all your users or an indication that the list is limited for the reasons mentioned above.

  • Profile picture of bertalanvoros

    bertalanvoros replied to the topic Can't set module options in authentication chain in the forum Access Management 6 years, 1 month ago

    Hello All,

    I have the same problem and I can confirm that setting it using ssoadmin works.

  • Load More
Profile Photo tuncgultekin Profile Photo tomasihs

Search the forums

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.

Recent blog posts

  • Using an Authentication Tree Stage to Build a Custom UI with the ForgeRock JavaScript SDK February 26, 2020
  • Identity Workflow with AM using Zeebe and Cloud Functions February 19, 2020
  • IDM: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 23, 2020
  • DS: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
  • AM and IG: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
Visit our blog

Recent Topics

  • Handle exception in Node Patch Object
  • SP Initiated SSO – Unable to do sso or federation
  • Realm level access
  • How can I generate 32 bytes Random salt in js script
  • Bypass Login Page in Chain

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

  • Blog
  • Documentation
    • OpenAM / Access Management
    • OpenDJ / Directory Services
    • OpenIDM / Identity Management
    • OpenIG / Identity Gateway
    • OpenICF / Open Connector Framework
    • Intro to Identity
  • Forums
    • General Discussion
    • ForgeRock Products
      • OpenAM
      • OpenIDM
      • OpenDJ
      • OpenIG
      • OpenUMA
    • DevOps
    • Internet of Things
    • Documentation
    • Groups
  • Twitter
  • Facebook
  • Linkedin
  • Youtube

Log in with your credentials

Lost your password?

Forgot your details?

I remember my details