-
cristianoburgo replied to the topic opendj 5 sync password to opendim 4: javax.crypto.BadPaddingException in the forum Identity Management 4 years, 11 months ago
Enabling the debug on openidm side, i see the request correctly executed:
Request: { “method”: “action”, “resourcePath”: “policy/managed/user/f9fb2d63-e494-4ab3-906f-ffc592bc3e3b”, “action”: “validateProperty”, “additionalParameters”: { “external”: “true” }, “fields”: , “content”: { “passwordldap”: { “$crypto”: { “type”: “x-simple-encryption”,…[Read more]
-
cristianoburgo started the topic opendj 5 sync password to opendim 4: javax.crypto.BadPaddingException in the forum Identity Management 4 years, 11 months ago
I’m trying to configure the password synchronization from opendj 5 to openidm 4.
I’m using a attribute on openidm called passwordldap .If I change the password on opendj this error is shown on openidm log:
AM org.forgerock.openidm.servlet.internal.ServletConnectionFactory$4 handleException
AVVERTENZA: Resource exception: 500 Internal Server…[Read more] -
cristianoburgo replied to the topic opendj 5 sync password to opendim 4: java.security.InvalidKeyException: Illegal in the forum Identity Management 4 years, 11 months ago
just solved the issue updating the Java Cryptography Extension (JCE) to the Unlimited Strength Jurisdiction Policy Files according to my JDK and this error disappear.
-
cristianoburgo started the topic opendj 5 sync password to opendim 4: java.security.InvalidKeyException: Illegal in the forum Identity Management 4 years, 11 months ago
i’m just configured the password sync between opendj 5 and openidm 4.
When I changed the password on the opendj side, this is successfully propagated to the openidm side but this error is shown:lug 24, 2017 4:02:29 PM org.forgerock.openidm.servlet.internal.ServletConnectionFactory$4 handleException
[Read more]
WARNING: Resource exception: 500 Internal… -
cristianoburgo replied to the topic opendj 5 sync password: an error occurred while trying to load the trust store in the forum Directory Services 4 years, 11 months ago
just solved the issue, was the trust manager. I created a new one using the dsconfig and the entry is successfully created.
-
cristianoburgo started the topic opendj 5 sync password: an error occurred while trying to load the trust store in the forum Directory Services 4 years, 11 months ago
i’m following the guide to configure the password sync for opendj 5 to openidm 4.
this is my configuration:dn: cn=OpenIDM Notification Handler,cn=Account Status Notification Handlers,cn=config
[Read more]
objectClass: top
objectClass: ds-cfg-account-status-notification-handler
objectClass: ds-cfg-openidm-account-status-notification-handler
cn: OpenIDM… -
cristianoburgo started the topic Agent J2ee is not working on Tomcat 8 in the forum Access Management 5 years ago
I installed the agent tomcat_v6_agent_3.5.1 on a tomcat server 8.0.44 . The JVM is 1.7.0_141 .
On the same Tomccat i have also IG 5 installed on the root.After a correct Agent installation, i boot up the tomcat server and this error is shown repeatedly:
Caused by: java.lang.RuntimeException: Failed to load configuration:…[Read more]
-
cristianoburgo replied to the topic Policy http header response not set in the forum Access Management 5 years ago
What i experimented is that, it must be a mapping between the HTTP attributes defined into the policy and the ones defined on the webagent. So an attribute must be in both places to be shown as i want.
I don’t know if this is the desired behavior.
-
cristianoburgo started the topic Policy http header response not set in the forum Access Management 5 years ago
I have a jsp page that print all the HTTP HEADER VARIABLE, this jsp page is on a wildfly application server and it is protected by a webagent on an apache server. The apache server act as a reverse proxy and the application is configured in a virtual host.
This is the Jsp code:
<table>
[Read more]
<%
Enumeration enumeration =… -
cristianoburgo replied to the topic PASSWORD CONDITIONAL UPDATE in the forum Identity Management 5 years ago
Just solved using a “flag” field to store if the password is changed on openidm.
Then use this field during a conditional update:
object.adpwdchg == ‘1’;After the update this field is then restored to ‘0’ so during the next update the password is not changed again.
-
cristianoburgo started the topic PASSWORD CONDITIONAL UPDATE in the forum Identity Management 5 years, 1 month ago
I need to update the password from openidm to AD only if this is changed on OPENIDM.
In fact if the password is set into a mapping this is changed on AD even if it is not changed.
This has a weird behaviour because the password changed on AD change also automatically the AD attribute pwdLastset and so the user cannot change its password because…[Read more] -
cristianoburgo started the topic Stop openidm linux service fails on centos 7 in the forum Identity Management 5 years, 1 month ago
i have created the startup scritp for openidm on a CENTOS 7 machine.
The service is started correctly as openidm user but when i try to stop it with /etc/init.d/openidm stop
the service don’t stop. I can stop the service only issuing the command : pkill java .
The pid file is created correctly.This is my file:
#!/bin/sh
# chkconfig: 345 95…[Read more]
-
cristianoburgo replied to the topic DEVOPS architecture do not support OpenAM Web Policy Agent in the forum DevOps 5 years, 1 month ago
Yes, thanks a lot.
What i’m trying to do is to build an environment using OPENAM, OPENDJ and HTTPD with docker containers and managing the service scaling and clustering with swarm.
What do you think, this can be good for a production architecture or using container for OPENAM is something related to “experiment” yet ?
-
cristianoburgo started the topic DEVOPS architecture do not support OpenAM Web Policy Agent in the forum DevOps 5 years, 1 month ago
I’m just reading the devops guide for the Forgerock platform.
One limitiation is worring me: The DevOps Examples do not support OpenAM Web Policy Agent.This means that if i configure an http server as a reverse proxy front-end, cannot this run into a docker container with a web policy agent ?
Is this valid also for other components like J2ee…[Read more]
-
cristianoburgo replied to the topic CHANGE PASSWORD USING REST API in the forum Identity Management 5 years, 1 month ago
Just understanding how the gui do and that is the solution. You must insert the cookie and the re-auth password on the patch call:
urlPassword = 'https://localhost:8443/openidm/managed/user/' + userId
[Read more]
headersPatch = {'Content-Type': 'application/json','Cookie': cookie,'X-OpenIDM-Reauth-Password': 'Qwerty.1234',… -
cristianoburgo started the topic CHANGE PASSWORD USING REST API in the forum Identity Management 5 years, 1 month ago
i’m trying to do a password change using the REST API.
This is the code snippet in python:#CHANGE USER PASSWORD
import requests
import json#READING THE OBJECTID
url = 'https://localhost:8443/openidm/info/login'
headers = {'X-OpenIDM-Username': 'test1','X-OpenIDM-Password': 'Welcome3!'}
resp =…[Read more] -
cristianoburgo started the topic Executing workflow with random error executing gettasksview.js in the forum Identity Management 5 years, 1 month ago
Executing a workflow, sometimes generate an internal server error on UI on assigning or approving a task.
Reading the log server.out, it is written:Resource exception: 500 Internal Server Error: “TypeError: Cannot read property “processDefinitionId” from null (/home/openidm/openidm/bin/defaults/script/workflow/gettasksview.js#145) in…[Read more]
-
cristianoburgo replied to the topic Open IDM Admin console customization based on role memberships in the forum Identity Management 5 years, 1 month ago
Is managed/role/d59dcf20-c5a5-4574-ae96-06640908c955 assigned to the user as an “authzRole”? YES
What do you see in the browser’s network trace for the request to /openidm/info/login, when submitting the user’s credentials?
Request Headers
Accept:application/json, text/javascript, */*; q=0.01
[Read more]
Accept-Encoding:gzip, deflate, sdch, br
Acce… -
cristianoburgo's profile was updated 5 years, 2 months ago
-
cristianoburgo replied to the topic Splitting ui-admin role of OpenIDM in ui-configuration in the forum Identity Management 5 years, 2 months ago
we are trying to do the same here: https://forum.forgerock.com/topic/open-idm-admin-console-customization-based-on-role-memberships/
- Load More