-
Fernando A. Barbeiro Campos replied to the topic Prevent consent page OpenAM 13 in the forum Access Management 5 years, 10 months ago
Hi @guy_malachi
I’m not 100% sure, but as far as I know, OpenAM doesn’t have an out-of-box fashion way where it is possible just to flag an option to skip Consent Page in version 13.
In version 13.5 I’m sure that they have and it works well.There is a work-around procedure that will describe anyway (it can have anothers, this one worked for…[Read more]
-
Fernando A. Barbeiro Campos replied to the topic /tokenInfo Endpoint retrieving isMemberOf group information with Tivoli in the forum Access Management 5 years, 10 months ago
Good suggestion @andrew-potter, I completely agree with you. I’ll try as soon as possible.
Thanks again :D
Regards,
-
Fernando A. Barbeiro Campos replied to the topic /tokenInfo Endpoint retrieving isMemberOf group information with Tivoli in the forum Access Management 5 years, 10 months ago
At the end of the day, the attribute that I need to add to my LDAP User Attributes, as well as to my scope was “ibm-allgroups”.
Thanks for the collaborations Andrew.
-
Fernando A. Barbeiro Campos replied to the topic /tokenInfo Endpoint retrieving isMemberOf group information with Tivoli in the forum Access Management 5 years, 10 months ago
-
Fernando A. Barbeiro Campos replied to the topic /tokenInfo Endpoint retrieving isMemberOf group information with Tivoli in the forum Access Management 5 years, 10 months ago
Just in order to provide further details:
This is a CURL with OpenDJ as DataStore
$ curl http://openam.example.com:8080/openam/oauth2/tokeninfo?access_token=XXXXYYYY{"scope":"isMemberOf"],"realm":"/employee","isMemberOf":"cn=ROLE_EMPLOYEE,ou=groups,ou=employee,dc=example,dc=com","token_type":"Bearer","expires_in":22,"client_id":"poc",…
[Read more] -
Fernando A. Barbeiro Campos replied to the topic /tokenInfo Endpoint retrieving isMemberOf group information with Tivoli in the forum Access Management 5 years, 10 months ago
Just in order to provide further details:
This is a CURL with OpenDJ as DataStore
$ curl http://openam.example.com:8080/openam/oauth2/tokeninfo?access_token=XXXXYYYY{"scope":"isMemberOf"],"realm":"/employee","isMemberOf":"cn=ROLE_EMPLOYEE,ou=groups,ou=employee,dc=example,dc=com","token_type":"Bearer","expires_in":22,"client_id":"poc",…
[Read more] -
Fernando A. Barbeiro Campos started the topic /tokenInfo Endpoint retrieving isMemberOf group information with Tivoli in the forum Access Management 5 years, 10 months ago
Hi guys,
Simple question:
I had configured an OpenDJ as my DataStore and once I assigned a user to a group, I could retrieve it through the /openam/oauth2/tokeninfo?access_token=XXXXX endpoint (yes I’m dealing with OAuth2 providers and the value of groups returns since I had “isMemberOf” among my scopes and once I had defined under my datastore,…[Read more] -
Fernando A. Barbeiro Campos replied to the topic Openam Login page customization in the forum Access Management 5 years, 10 months ago
By the way, just to help:
https://backstage.forgerock.com/#!/docs/openam/13.5/dev-guide
Look for 2.1.1.4. Authentication and Logout
-
Fernando A. Barbeiro Campos replied to the topic Openam Login page customization in the forum Access Management 5 years, 10 months ago
Hi Sathish,
I don’t know whether it’s your scenario or not, but if you’re willing to implement an authentication based on username / password, maybe a Zero Page Login could be suitable for you.
Essentially, according the doc, all that you have to do is implement a mechanism that do a post for a defined endpoint openam/json/authenticate:
$ curl…
[Read more] -
Fernando A. Barbeiro Campos replied to the topic Converting STS Token: OpenAM -> SAML2 in the forum Access Management 5 years, 11 months ago
Hi Peter, very useful clue. I could generate my SAML assertion. Thank you so much.
A useful link is that one (https://idmdude.com/2014/02/09/how-to-configure-openam-signing-keys/) and after I have comprehended completely the certificate question, I was able to generate the SAML.
By the way, there is a small mistake in my JSON above… intead…[Read more]
-
Fernando A. Barbeiro Campos replied to the topic Converting STS Token: OpenAM -> SAML2 in the forum Access Management 5 years, 11 months ago
Hi Peter, very useful clue. I could generate my SAML assertion. Thank you so much.
A useful link is that one (https://idmdude.com/2014/02/09/how-to-configure-openam-signing-keys/) and after I have comprehended completely the certificate question, I was able to generate the SAML.
By the way, there is a small mistake in my JSON above… intead…[Read more]
-
Fernando A. Barbeiro Campos replied to the topic Trial / Getting Started crashes, can't login in the forum Access Management 5 years, 11 months ago
Hi @brado77,
Given that you’re evaluating the platform, one suggestion (then you decide whether is suitable or not for you) is to use a Docker Container to create an image and run a container with OpenAM. At least for my team, this approach helped when we’re at this same phase.
Here are some clues about…[Read more]
-
Fernando A. Barbeiro Campos replied to the topic Tomcat gives 404 for /openam in the forum Access Management 5 years, 11 months ago
Hi @peterolsen
I don’t know whether your problem is exactly similar as one I have some months ago, but I had to expose OpenAM on 80 port. To do so, I edited server.xml from my OpenAM installation – tomcat/conf/server.xml
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8444" />Anyway, my…[Read more]
-
Fernando A. Barbeiro Campos started the topic Converting STS Token: OpenAM -> SAML2 in the forum Access Management 5 years, 11 months ago
Hi guys, I need to convert an OpenAM token into a SAML2 and the appropriate subject confirmation for my case is HOLDER_OF_KEY. Given that, I read the documentation and it’s well defined there that:
When generating an assertion with a holder-of-key subject confirmation method, the proof_token_state property is required. The value for this property…
-
Fernando A. Barbeiro Campos started the topic Converting STS Token: OpenAM -> SAML2 in the forum Access Management 5 years, 11 months ago
Hi guys, I need to convert an OpenAM token into a SAML2 and the appropriate subject confirmation for my case is HOLDER_OF_KEY. Given that, I read the documentation and it’s well defined there that:
When generating an assertion with a holder-of-key subject confirmation method, the proof_token_state property is required. The value for this property…
-
Fernando A. Barbeiro Campos replied to the topic AMUncaughtException while configuring Rest STS in the forum Access Management 5 years, 11 months ago
Hi there,
sorry about delaying the answer, but at the end of the day I was having trouble because I was using OpenAM running into a container.
I was able to solve it by defining into my docker-compose file an entry:
extra_hosts:
– “openam.example.com:192.168.99.100”Where 192.168.99.100 obviously represents my Docker local…[Read more]
-
Fernando A. Barbeiro Campos replied to the topic AMUncaughtException while configuring Rest STS in the forum Access Management 6 years ago
Does anyone have already seen this error?
Thanks,
-
Fernando A. Barbeiro Campos replied to the topic AMUncaughtException while configuring Rest STS in the forum Access Management 6 years ago
Hello @peter-major
I believe that I found the log you had mentioned. It seems that the problem is relationed with an UnknownHostException: openam.example.com, it is a clue, but, being honest, I’m not sure what exactly is wrong…amConsole:07/22/2016 09:11:32:111 AM UTC: Thread: TransactionId
ERROR:…[Read more] -
Fernando A. Barbeiro Campos replied to the topic AMUncaughtException while configuring Rest STS in the forum Access Management 6 years ago
Hi @peter-major
Sorry for the poor description from my part.
My current version is: OpenAM 13.0.0 Build 5d4589530d (2016-January-14 21:15)I’m running my OpenAM instance on Docker and the logs that I’m seeing are:
/openam/log/activity.csv
/openam/log/config.csv
/openam/log/access.csvIs there any other place where I can find an useful log?
-
Fernando A. Barbeiro Campos started the topic AMUncaughtException while configuring Rest STS in the forum Access Management 6 years ago
Hello everyone,
I’m not getting success while configuring a Rest STS with OpenAM. Basically, the flow is demonstrated into the image above.
The result that I’m getting is a AMUncaughtException, which one I couldn’t see anything to have a clue in logs and anywhere else.
Does this configuration require previous step?
Am I doing something wrong?Thanks,
- Load More