handat

Home Members handat

Learn more about our upcoming Identity Summits

show less show more
Profile picture of handat

@handat

active 4 years, 3 months ago
Points balance: 416 ♪
Rank: handat
  • Activity
  • Profile
  • Groups 2
  • Forums
  • Personal
  • Mentions
  • Favorites
  • Groups
  • Profile picture of handat

    handat replied to the topic Unable to install OpenAM with Amster in the forum Access Management 4 years, 3 months ago

    Use JDK 1.8 rather than 1.7

  • Profile picture of handat

    handat replied to the topic Revoke all the refresh token issued to the user during resetpassword in the forum Access Management 4 years, 3 months ago

    Try passing in an empty Set instead of null to the search

  • Profile picture of handat

    handat replied to the topic Getting custom claims in OpenID Connect Access Tokens in the forum Access Management 4 years, 4 months ago

    Have a look at this: https://bugster.forgerock.org/jira/browse/OPENAM-11445

    I looked at STS with a custom mapping class to add custom claims to generate a stateless access token. That works fine but I had to add custom headers too :(

  • Profile picture of handat

    handat replied to the topic Data Store LDAP server list is reordered by OpenAM in the forum Access Management 4 years, 4 months ago

    I have not tried it myself, but maybe if you import the config using amster it may retain its order?

  • Profile picture of handat

    handat replied to the topic Handle 500 error with PEP filter in the forum Identity Gateway 4 years, 4 months ago

    Actually, I figured it out. I was mistakenly expecting the filter that follows the PEP filter to be able to handle the error, but it turns out the filter before the PEP filter actually does it. I had the PEP filter sandwiched between two custom scripted filters and debugging the wrong filter, ie the one after and not the one before.

  • Profile picture of handat

    handat started the topic Handle 500 error with PEP filter in the forum Identity Gateway 4 years, 4 months ago

    I’ve configured the PEP filter and it works well when the SSO session is valid. However, if it is expired, then a 500 error is thrown and execution does not continue to the next filter in the chain so it cannot replace the error page with something custom. How can I handle this error condition so that I can display a custom error page? The…[Read more]

  • Profile picture of handat

    handat replied to the topic OpenIG not returning access token in the forum Access Management 4 years, 4 months ago

    You would need to configure the access token to be stateless in order for it to be in JWT format. Not sure if that option is available in 13.0, but it is available in 13.5 and newer.

  • Profile picture of handat

    handat replied to the topic Getting custom claims in OpenID Connect Access Tokens in the forum Access Management 4 years, 4 months ago

    There’s no interface for you to customize the access token unlike the groovy script for the ID token.

  • Profile picture of handat

    handat replied to the topic OpenAM Authentication issue with openDJ datastore. in the forum Access Management 4 years, 5 months ago

    Did you increase your open file limits?

  • Profile picture of handat

    handat replied to the topic Free Self -Learning Material in the forum Access Management 4 years, 5 months ago

    Try the blogs and the associated videos. There is a lot of good info in the videos and there are quite of lot of them.

  • Profile picture of handat

    handat replied to the topic RS256 token validation failure in the forum Access Management 4 years, 5 months ago

    It happened to me when my token had an extra r or l right at the end. Removing that very last char resulted in successful validation.

  • Profile picture of handat

    handat replied to the topic jwk_uri in the forum Access Management 4 years, 5 months ago

    Answering my own question for anyone who is interested, it turns out that it was easier than I thought.

    Basically, this is all I needed:

    RsaJWK jwk = new RsaJWK((RSAPublicKey)key, KeyUse.SIG, jwsAlgorithm.name(), kid, x5u, x5t, x5c);
    System.out.println(jwk.toJsonString());

    Then stick that into jwk_uri file under the keys section.

  • Profile picture of handat

    handat replied to the topic Error during initial config of OpenAM 5.5.1 in the forum Access Management 4 years, 5 months ago

    Try connecting to AD using LDAPS instead of LDAP.

  • Profile picture of handat

    handat started the topic jwk_uri in the forum Access Management 4 years, 5 months ago

    I am using the OPENID CONNECT ID_TOKEN BEARER authentication module to allow authentication using a third party ID token and jwk_url for validation. This is fine if the third party provides their jwk_url and it is accessible. However, there are some who do not provide it and instead just provide their public certificate out of band. Now I would…[Read more]

  • Profile picture of handat

    handat replied to the topic ldap and ldaps password are different? in the forum Directory Services 4 years, 6 months ago

    It appears in 5.5, the LDAP connection handler defaults to startTLS, so if you are using ldapsearch on LDAP protocol, you need to use the -Z option.

  • Profile picture of handat

    handat replied to the topic OpenAm how to default inetuserstatus to Active in the forum Access Management 4 years, 6 months ago

    It is not there by default, but you can add the attribute in your mapping. Just create a new target attribute.

  • Profile picture of handat

    handat started the topic transactional authz strategy specifier in the forum Access Management 4 years, 6 months ago

    I am looking at the AM 5.5 transactional authz conditions and wanting to use the Auth Level Authentication Strategy. I am wondering what the valid Strategy Specifier is for that. I understand that when you do any of the other Authentication strategies, the user will need to authenticate to the specified chain/realm/tree/module, but what about the…[Read more]

  • Profile picture of handat

    handat replied to the topic Internal OpenAM 13.5 server with SAML 2 redirection in the forum Access Management 4 years, 7 months ago

    You can change this in the web container, ie if you are using tomcat, then you can change the tomcat connector. Alternatively, you can also add a FQDN mapping in AM advanced config, ie com.sun.identity.server.fqdnMap=ex.ter.nal.ip
    com.sun.identity.server.fqdnMap=in.ter.nal.ip

  • Profile picture of handat

    handat replied to the topic How to specify certificate alias for ClientHandler in the forum Identity Gateway 4 years, 7 months ago

    Hi,

    Thanks for confirming. That means that each keystore can only have a single private key and the alias does not matter as it would just get the only private key. If there were more private keys, it would fail? There is no hardcoded default alias it will try to look for?

  • Profile picture of handat

    handat started the topic How to specify certificate alias for ClientHandler in the forum Identity Gateway 4 years, 7 months ago

    I’m trying to configure mutual authentication for https connections where OpenIG is connecting to a TLS enabled site that requires a client certificate to be presented for mutual authentication. I’ve configured a keyManager containing the client certificate that IG needs to present. How do I specify that certificate? Logically, one would add an…[Read more]

  • Load More
Profile Photo druckers Profile Photo whozya2530

Search the forums

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.

Recent blog posts

  • Using an Authentication Tree Stage to Build a Custom UI with the ForgeRock JavaScript SDK February 26, 2020
  • Identity Workflow with AM using Zeebe and Cloud Functions February 19, 2020
  • IDM: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 23, 2020
  • DS: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
  • AM and IG: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
Visit our blog

Recent Topics

  • Handle exception in Node Patch Object
  • SP Initiated SSO – Unable to do sso or federation
  • Realm level access
  • How can I generate 32 bytes Random salt in js script
  • Bypass Login Page in Chain

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

  • Blog
  • Documentation
    • OpenAM / Access Management
    • OpenDJ / Directory Services
    • OpenIDM / Identity Management
    • OpenIG / Identity Gateway
    • OpenICF / Open Connector Framework
    • Intro to Identity
  • Forums
    • General Discussion
    • ForgeRock Products
      • OpenAM
      • OpenIDM
      • OpenDJ
      • OpenIG
      • OpenUMA
    • DevOps
    • Internet of Things
    • Documentation
    • Groups
  • Twitter
  • Facebook
  • Linkedin
  • Youtube

Log in with your credentials

Lost your password?

Forgot your details?

I remember my details