-
bertalanvoros started the topic OpenIG PEP and Oauth in the forum Identity Gateway 4 years, 3 months ago
Hello All,
Is it possible or would it make sense at all to combine oauth and openam policy enforcement?
In terms of getting an token by oauth then also being matched against the relevant policies in openam when accessing certain resources on an api.Essentially replacing the browser login part of the PEP example with a token obtained by…[Read more]
-
bertalanvoros replied to the topic IG PEP redirect loop in the forum Identity Gateway 4 years, 3 months ago
Hi, thanks again.
Ended up rebuilding only to encounter the same problem.
I then restarted the browser.
Yes, they are on the same domain.
All is well now.
Thanks a lot once more. -
bertalanvoros replied to the topic IG PEP redirect loop in the forum Identity Gateway 4 years, 3 months ago
One sideeffect, I can no longer log in into the OpenAM gui.
Is it possible to recover from that without having to reinstall? -
bertalanvoros replied to the topic IG PEP redirect loop in the forum Identity Gateway 4 years, 3 months ago
Thanks a lot Joachim, everything is now working as expected.
Also thanks for the advice about OAuth2. -
bertalanvoros started the topic IG PEP redirect loop in the forum Identity Gateway 4 years, 3 months ago
Hello All,
I am configuring yet another proof of concept to test IG as a PEP to protect an api.
I have set up everything according to the guide.
(https://backstage.forgerock.com/docs/ig/5.5/gateway-guide/#chap-pep)When I try to access my test api, I get redirected to the AM login page where after a successful login having obtained the cookie…[Read more]
-
bertalanvoros replied to the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 4 months ago
Thanks a lot for all the responses.
No luck unfortunately.
The best I can get out of OpenAM when using MS AD as the user data store is a ldap error 53 when the initial configuration attempts to create a demo user.I even set up a test AD with a service account for openam that has full access and all password complexity requirements turned off to…[Read more]
-
bertalanvoros replied to the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 4 months ago
FINAL UPDATE:
I turned off all password complexity requirements in the test AD.
Still getting the same error.I give up.
-
bertalanvoros replied to the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 4 months ago
UPDATE:
Quickly set up a test domain controller, created a user for openam that has full access to AD and getting a new error at the same step:
02/14/2018 04:54:41:159 PM UTC: Creating demo user.
AMSetupServlet.processRequest: errorMessage:Plug-in org.forgerock.openam.idrepo.ldap.DJLDAPv3Repo encountered a ldap exception. ldap…[Read more] -
bertalanvoros replied to the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 4 months ago
Just tested and the MS AD domain controller can be reached from the OpenAM machine by both pinging and on the relevant ports.
Still getting the same error when the initial config is being applied.
02/14/2018 02:48:30:523 PM UTC: Creating demo user.
AMSetupServlet.processRequest: errorMessage:Plug-in org.forgerock.openam.idrepo.
ldap.DJLDAPv3Repo…[Read more] -
bertalanvoros replied to the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 4 months ago
Thanks a lot, this is really helpful.
I am testing now if this is a connectivity problem. -
bertalanvoros started the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 4 months ago
Hello All,
I am doing an evaluation of OpenAM and OpenIG once more.
Active Directory is used as the User Data Store.The account used to bind to AD is a read only account which I assume has something to do with this error.
This used to work on previous version.Could someone confirm that this is the case or if I should look somewhere…[Read more]
-
bertalanvoros replied to the topic OpenIG websockets compatibility in the forum Identity Gateway 5 years ago
Does anyone know if this is likely to make it into 5.5?
-
bertalanvoros started the topic OpenIG websockets compatibility in the forum Identity Gateway 5 years ago
Hello All,
Does anyone know if OpenIG supports websockets?
I have been working on a proof of concept where OpenIG would be fronting an application that uses websockets.
My current OpenIG config seems to fail when the application would instruct the client to change protocol.
I am using OpenIG 5.
Thanks in advance
-
bertalanvoros started the topic OpenIG as saml SP agains an idP that is not OpenAM in the forum Identity Gateway 5 years ago
Hello All,
Long time no see!
I am looking into using OpenIG as a saml service provider against an identity provider that is not OpenAM.
The scenario:
I have an app that would be protected by IG5 using saml against an idp of a third party.
The idp in question is Ping Federate and it’s a component outside of my control.I have to admit that I am…[Read more]
-
bertalanvoros replied to the topic Stuck during Default configuration in the forum Access Management 6 years ago
How many CPUs and how much memory does the vm have?
Is tomcat running on Linux in a VM or on a physical host? -
bertalanvoros replied to the topic Stuck during Default configuration in the forum Access Management 6 years ago
Hello,
I had similar issues when the VM I was running it on didn’t have enough resources.
In my case a VM with a single CPU and 1GB of ram wasn’t enough.
Now the VM running OpenAM has 2 CPUs and 4GB of RAM. -
bertalanvoros replied to the topic Dynamic user profile creation – MS Active Directory in the forum Access Management 6 years, 1 month ago
Thanks Peter for the explanation.
This cleared things up. -
bertalanvoros started the topic Dynamic user profile creation – MS Active Directory in the forum Access Management 6 years, 1 month ago
Hello All,
Could someone explain the implications of using dynamic user profile creation when the datastore is MS Active Directory?
How does this work in practice?
The reason I am asking is because there is a set of users to be authenticated by OpenAM that do not exist in AD, only in an external database.
An OpenIG route that is dependent on…[Read more]
-
bertalanvoros replied to the topic Openam – MS Active Directory Datastore question in the forum Access Management 6 years, 1 month ago
This is all true, but from an usability point of view when you are installing OpenAM for the first time you expect to see all your users or an indication that the list is limited for the reasons mentioned above.
-
bertalanvoros replied to the topic Can't set module options in authentication chain in the forum Access Management 6 years, 1 month ago
Hello All,
I have the same problem and I can confirm that setting it using ssoadmin works.
- Load More