- ForgeRock Forum and Blog

Gregory Wright replied to the topic Why CREST? in the forum General Discussion 5 years, 11 months ago

I went back an re-read the section on safe methods, and it seems like the change of session state would be permitted, if that is not the purpose of the call (e.g., the purpose of the query method from the client perspective is not to change session state, but to query the current status of the session).

This definition of safe methods does…

[Read more]
Gregory Wright started the topic Resource Type UUID in OpenAM 13 in the forum Access Management 5 years, 11 months ago

I am curious about the rationale behind exposing the resource type UUID in the REST API for OpenAM, and requiring its use in the resource type, policy set and policy REST APIs. This seems a bit “unfriendly” from a configuration maintainer perspective in that now instead of being able to simply POST a series of CM’ed JSON files to load up an…[Read more]
Gregory Wright replied to the topic Want to build OpenAM with custom IdRepo in the forum Access Management 5 years, 11 months ago

Two other links that might be helpful as examples / explanation of overlays that are not specific to OpenAM:

Walkthrough of overlaying the contents of an existing WAR

Example project showing how to customize CAS modules using Maven overlays

Hope this helps both of us!
Gregory Wright replied to the topic Want to build OpenAM with custom IdRepo in the forum Access Management 5 years, 11 months ago

I’d been looking into this myself, and if I am reading things correctly, the best / recommended approach to customizing a distribution of OpenAM is to leverage the overlay feature of the Maven WAR plugin. My understanding of this is that you create a Maven project that will be used to overlay the OpenAM WAR contents with the files you want…[Read more]
Gregory Wright replied to the topic Want to build OpenAM with custom IdRepo in the forum Access Management 5 years, 11 months ago

I’d been looking into this myself, and if I am reading things correctly, the best / recommended approach to customizing a distribution of OpenAM is to leverage the overlay feature of the Maven WAR plugin. My understanding of this is that you:

Create a Maven project that will be used to overlay the OpenAM WAR contents with the files you want…[Read more]
Gregory Wright replied to the topic Want to build OpenAM with custom IdRepo in the forum Access Management 5 years, 11 months ago

I’d been looking into this myself, and if I am reading things correctly, the best / recommended approach to customizing a distribution of OpenAM is to leverage the overlay feature of the Maven WAR plugin. My understanding of this is that you:

Create a Maven project that will be used to overlay the OpenAM WAR contents with the files you want…[Read more]
Gregory Wright replied to the topic Accessing external data sources via server-side script in the forum Access Management 6 years, 1 month ago

@jamiebowen would it be possible to get someone to look at this? Circling back around to this finally, and would love to have an answer.
Gregory Wright started the topic Accessing external data sources via server-side script in the forum Access Management 6 years, 3 months ago

I have a few questions with regards to the server-side scripting capability for policy conditions added in OpenAM 13:

* Does the HTTP client interface support HTTPS with mutual PKI authentication, for accessing web services that require a client PKI certificate?

* If so, how does OpenAM choose the client certificate to be used?

* Is there a way…[Read more]
Gregory Wright replied to the topic Windows Socket Create Error Under Git Bash in the forum Directory Services 6 years, 4 months ago

I can only assume that sometime prior to upgrading the versions of Git and Java, things worked more by accident than design (e.g., the Windows Java environment got picked up by the version Bash provided by the prior version of Git). Once I defined the OPENDJ_JAVA_HOME environment variable for my Windows user as described in the installation…[Read more]
Gregory Wright started the topic Windows Socket Create Error Under Git Bash in the forum Directory Services 6 years, 4 months ago

I have not had a fruitful day of tracking down an answer to this via Google, so I am turning to you all to see if someone else has run into this issue or something similar. Any help would be greatly appreciated.

I am running into the following error when trying to run the LDAP utility commands and the control-panel application for OpenDJ (2.7 and…[Read more]
Gregory Wright replied to the topic Why CREST? in the forum General Discussion 6 years, 4 months ago

Thank you very much for the additional insight James. It was not apparent from the documentation that query operations for tokens or sessions might have the side effect of expiring / invalidating the token or session. Is this also a side effect of other CREST API calls, or is it only triggered by the token / session queries?
Gregory Wright started the topic Why CREST? in the forum General Discussion 6 years, 9 months ago

I am just curious as to the rationale behind how the ForgeRock Common REST (CREST) API was derived, and why it does not conform to the more traditional REST use of HTTP verbs. An existing forum or blog post, wiki article or documentation link would be fine (I see in the OpenAM Developers manual that this is a conscious divergence, but I’d like to…[Read more]
Gregory Wright replied to the topic OpenAM: Authentication requirements for authorization decisions in the forum Access Management 7 years, 3 months ago

Rogerio,

Thank you very much, that seems to confirm for me that we’ll need to pass through the authentication token of the requesting user.

Kind regards,
Greg
Gregory Wright replied to the topic OpenAM: Authentication requirements for authorization decisions in the forum Access Management 7 years, 3 months ago

I know there are JEE agents, which from what I can tell handle the authentication and authorization for access to the URL of a web service or application. It is implemented as a filter, which in my experience equates to deciding access at a somewhat coarse / medium level of granularity for access to a specific web resource. But a significant part…[Read more]
Gregory Wright started the topic OpenAM: Authentication requirements for authorization decisions in the forum Access Management 7 years, 3 months ago

We are evaluating OpenAM as an entitlements provider for not only protecting web applications and services, but also supporting authorization for access to data being exposed by web services. At its simplest:

User --> Web App --> Web Service --> Database

Where the User submits a query through the Web App, and the Web Service needs to decide if…[Read more]
Gregory Wright replied to the topic Removing objectsClasses and attributeTypes from ldap using ObjectID only in the forum Directory Services 7 years, 5 months ago

Thank you Ludo – at least we have a definitive answer.
Gregory Wright's profile was updated 7 years, 5 months ago
Gregory Wright replied to the topic Removing objectsClasses and attributeTypes from ldap using ObjectID only in the forum Directory Services 7 years, 5 months ago

Using the following LDIF:
dn: cn=schema changetype: modify delete: objectClasses objectClasses: ( 1.1.2.2.2 NAME 'myObjectClass' )

And the following command:
ldapmodify -p 389 -D "CN=Directory Manager" -f ./remove-object-class.ldif -w mypassword

Gets the following result:
Processing MODIFY request for cn=schema MODIFY operation…[Read more]
Gregory Wright replied to the topic Removing objectsClasses and attributeTypes from ldap using ObjectID only in the forum Directory Services 7 years, 5 months ago

Using the following LDIF:
`
dn: cn=schema
changetype: modify
delete: objectClasses
objectClasses: ( 1.1.2.2.2 NAME ‘myObjectClass’ )
`
And the following command:
`
ldapmodify -p 389 -D “CN=Directory Manager” -f ./remove-object-class.ldif -w mypassword
`
Gets the following result:
`
Processing MODIFY request for cn=schema
MODIFY operation…[Read more]
Gregory Wright replied to the topic Using embedded OpenDJ for unit / integration testing in the forum Directory Services 7 years, 6 months ago

Thank you Ludo, the MemoryBackend seems to do the trick, at least for testing our direct interactions with LDAP. The next step will be to see if we can wire it into Spring Security for integration tests.
Load More