• Hi Keith, thanks for the reply. Is there any way to define the login page that the CDSSO servlet sends the user to? I’m confused about your statement, “That page is configurable as a standard login page” — are you saying that the CDSSO can only send you to the built-in login page, with the customization limitations that we already know of.

  • Hello. I have requirements that leave the built-in OpenAM login page insufficient for my needs. I understand this is not uncommon. I also have requirements for CDSSO (most specifically: protection against Cookie Hijacking).

    However, I find that when the WPA is configured for CDSSO, then it seems the WPA ignores the “OpenAM Login URL” on the…[Read more]

  • I thought I would follow-up on this, in case anyone stumbles onto this thread in the future. I found that my Shibboleth IdP was sending “uid” as as the “FriendlyName”, but “urn:oid:0.9.2342.19200300.100.1.1” was the actual value I needed to input in as the Auto Federation Attribute.

    I had tried this in the past, and it didn’t work, but I think it…[Read more]

  • I am trying to use Shibboleth as an IDP and OpenAM as a SP. I would like to use the uid attribute (which is not the NameID) for Auto Federation. I have Auto Federation enabled on my SP configuration, and I’ve entered “uid” as the attribute. One additional item perhaps worth mentioning is that I’m using “Required” for User Profile settings, and my…[Read more]

  • I am trying to use Shibboleth as an IDP and OpenAM as a SP. I would like to use the uid attribute (which is not the NameID) for Auto Federation. I have Auto Federation enabled on my SP configuration, and I’ve entered “uid” as the attribute. One additional item perhaps worth mentioning is that I’m using “Required” for User Profile settings, and my…[Read more]

  • Hello, I have a requirement to impersonate users. Please spare me the waggling fingers, there are legitimate needs for this. I know there is an impersonate module but it’s not supported for production use.

    So to implement, I configured an Authentication chain, which is protected at the network layer to only one authorized application. The goal of…[Read more]

  • Hi Rogerio, thank you for your thoughts! Would it be appropriate to use the OpenAM user data store for the root realm, and then configure Active Directory (my production user data store) in the sub-realm? I anticipate very centralized administration of my OpenAM deployment, but there is a possibility that other Realms with other data stores may…[Read more]

  • Hello, I am developing my organization’s OpenAM architecture. I am trying to decide what is the best initial Realm architecture. The initial installation, and my initial configuration has my datastores and authentication happening in the root realm. But as I consider the uncertain future, it occurs to me that this may not be the best long-term…[Read more]

  • Just to follow up in case others run into this, I was able to solve the problem. I used an LDAP Browser to open the configuration settings in the embedded OpenDJ and was able to navigate to the location where the CTS configuration errors were made. After correcting the values and restarting the OpenAM servers, all was well.

  • Hi, I set up an instance of OpenDJ on my OpenAM server and configured the CTS to use the external store. After restarting the server, OpenAM is not happy. I can’t log in. How can I revert the CTS change if I can’t log into the OpenAM console?

  • Jim Mulvey's profile was updated 5 years, 10 months ago

  • Jim Mulvey changed their profile picture 5 years, 10 months ago