Kabi Patt

Home Members Kabi Patt

Learn more about our upcoming Identity Summits

show less show more
Profile picture of Kabi Patt

@kabi-pattgmail-com

active 1 year, 12 months ago
Points balance: 239 ♪
Rank: Kabi Patt
  • Activity
  • Profile
  • Groups 0
  • Forums
  • Personal
  • Mentions
  • Favorites
  • Groups
  • Profile picture of Kabi Patt

    Kabi Patt replied to the topic IG for internal and external Apps in the forum Identity Gateway 3 years, 2 months ago

    Basically, we do not want to use password replay option to log in to backend applications.As per the above-given possibilities, HeaderFilter and CryptoHeaderFilter are one way of communicating authenticated user identity information to backend applications.

    Hi Joachim
    Thank you for sharing your insight. Few follow up questions on the above…[Read more]

  • Profile picture of Kabi Patt

    Kabi Patt replied to the topic Using Single Login screen for a chain that has multiple authn modules in the forum Access Management 3 years, 3 months ago

    Thank you Brad,
    The solution worked !

    Kabi

  • Profile picture of Kabi Patt

    Kabi Patt replied to the topic Using Single Login screen for a chain that has multiple authn modules in the forum Access Management 3 years, 3 months ago

    Hi Andy,
    The AM version is 6.0.0.4.

    This chain is used for Radius authentication and attached to a Radius client. FR does not support authentication for Radius yet.

    Thanks,
    Kabi

  • Profile picture of Kabi Patt

    Kabi Patt started the topic Using Single Login screen for a chain that has multiple authn modules in the forum Access Management 3 years, 3 months ago

    My authentication chain :-

    (1) Radius Module (Requisite) –> Radius-UserId / Radius-Password
    (2) Ldap Module (Sufficient) –> Ldap-UserId/ Ldap-Password.

    No usability issue for Radius Authentication, User enters Radius-Uid/ Radius-Pwd to Radius-Login screen and get authenticated.

    But for Ldap authentication, User goes thru two Login…[Read more]

  • Profile picture of Kabi Patt

    Kabi Patt started the topic Best practice :- COT for every SP ? in the forum Access Management 4 years, 4 months ago

    We have one IDP and multiple SPs tied together in one Circle Of Trust (COT). We are debating whether to create a SP-Specific COT instead of using just one generic COT.

    What is the best practice ?

  • Profile picture of Kabi Patt

    Kabi Patt replied to the topic Invoking SP Specific Authentication Chain in AM in the forum Access Management 4 years, 4 months ago

    Thank you Scott, Will try the solution you suggested. Currently we wrote IDP-Adapter for this which is really not necessary.

    Yes we can check membership check in Adaptive Risk Module. But How will I bring the SP-ID in to this equation ? We have groups meant for specific SP-ID.

    Thanks,
    Kabi

  • Profile picture of Kabi Patt

    Kabi Patt replied to the topic Invoking SP Specific Authentication Chain in AM in the forum Access Management 4 years, 4 months ago

    Thanks Scott for the explanations. My use case is complex and looks like I will end in creating multiple IDPs for each case. Here are my use cases :-

    (1) SP1 will use just Kerberos for all users.
    (2) SP2 will use Kerberors for all users + 2Fa for user with “SP2-Admin” group .
    (3) SP3 will use 2FA for all users.

    I don’t see any issues for…[Read more]

  • Profile picture of Kabi Patt

    Kabi Patt started the topic Invoking SP Specific Authentication Chain in AM in the forum Access Management 4 years, 4 months ago

    We are using AM 5.5.1 as IDP. The IDP is linked to to the realm’s default authentication chain configured in Realm > Authentication > Setting > Core “Organization Authentication Configuration”. The default authentication-chain is currently set to Kerberos. So all our SPs are going thru kerberos authentication.

    However, our requirement is to…[Read more]

  • Profile picture of Kabi Patt

    Kabi Patt replied to the topic OpenIG as a reverseProxy in the forum Identity Gateway 5 years, 9 months ago

    I found my mistake. I had kept the .openig file in $TOMCAT_HOME folder instead of $HOME (/root in my case) directory. Once I transferred the .openif directory to $HOME, rest started working as expected. I also moved the app1 specific routing syntax from config.json to routes/01-app-routes.json file for clean separation. I guess config.json meant…[Read more]

  • Profile picture of Kabi Patt

    Kabi Patt replied to the topic OpenIG as a reverseProxy in the forum Identity Gateway 5 years, 9 months ago

    Thanks Joachim for quick reply. Yes that condition should be “/app1”.

    (1) What is the difference between config.json and route JSON file in “routes” directory ?
    (2) Can I put the above said configuration in 01-app1-route.json file with no config.json file ?
    (3) my config.json file has following entries, which suppose to show the log in…[Read more]

  • Profile picture of Kabi Patt

    Kabi Patt replied to the topic Using OpenIG as a regular ReverseProxy similar to NGINX or Apache in the forum Identity Gateway 5 years, 9 months ago

    Hi
    I am new to OpenIG. Few questions on the configuration mentioned above.

    (1) “baseURI”: “http://1.1.1.1:8080” :- Is this the IP where the target app “www.acme.com” is hosted ?
    (2) When to use config.json file vs “../routes/xxx.json” . Can the config.json file be empty ?

    Thanks,
    Kabi

  • Profile picture of Kabi Patt

    Kabi Patt replied to the topic Using OpenIG as a regular ReverseProxy similar to NGINX or Apache in the forum Identity Gateway 5 years, 9 months ago

    Hi
    I am new to OpenIG. Few questions on the configuration mentioned above.

    (1) “baseURI”: “http://1.1.1.1:8080” :- Is this the IP wheretarget app “www.acme.com” is hosted ?
    (2) When to use config.json file vs “../routes/xxx.json” . Can the config.json file be empty ?

    Thanks,
    Kabi

  • Profile picture of Kabi Patt

    Kabi Patt started the topic OpenIG as a reverseProxy in the forum Identity Gateway 5 years, 9 months ago

    Hi ,

    I am new to Open IG. Trying to use OpenIG as a proxy to start with.

    I have a sample app http://box1.abc.com/app1 running in box and I wanted to access it thru http://openig.abc.com/app1 (this is the box2 for openIG) . I followed the instruction mentioned section 2.4 in…[Read more]

  • Profile picture of Kabi Patt

    Kabi Patt's profile was updated 5 years, 9 months ago

  • Profile picture of Kabi Patt

    Kabi Patt started the topic Searching the OpenDJ Forum ? in the forum Directory Services 5 years, 9 months ago

    Bill, I am new to the ForgeRock Forum. Is there any way I can search the existing forum for specific topic like OpenDJ or OpenAM ? The search icon on the top menu brings the results beyond forum content.

    Kabi

  • Profile picture of Kabi Patt

    Kabi Patt replied to the topic Open DJ Not starting :- could not acquire an exclusive lock on file server.lock in the forum Directory Services 5 years, 9 months ago

    Bill, I am new to the ForgeRock Forum. Is there any way I can search the existing forum for specific topic like OpenDJ or OpenAM ? The search icon on the top menu brings the results beyond forum content.

    Kabi

  • Profile picture of Kabi Patt

    Kabi Patt replied to the topic Open DJ Not starting :- could not acquire an exclusive lock on file server.lock in the forum Directory Services 5 years, 9 months ago

    Thank you Bill,
    That strace command was very helpful. I found that the configuration was not complete. I ran the setup again and the issue got resolved.

    Thanks,
    Kabi

  • Profile picture of Kabi Patt

    Kabi Patt started the topic Open DJ Not starting :- could not acquire an exclusive lock on file server.lock in the forum Directory Services 5 years, 9 months ago

    Hi
    I did a fresh installation of OpenDJ on RHEL. Running start-ds command is giving me following error. I am running start-ds command as the same user used for installing OpenDJ.

    The Directory Server could not acquire an exclusive lock on file /apps/forgerock/opendj/locks/server.lock: The attempt to obtain an exclusive lock on file…[Read more]

  • Profile picture of Kabi Patt

    Kabi Patt replied to the topic OpenAM in OSX El Captain :- not loading the login page in the forum Access Management 5 years, 10 months ago

    Thank you Peter. I resolved it by upgrading to openam 14 snapshot war file. I did not check the jason response before. Openam 13 has some issues I guess.

    Thanks
    Kabi

  • Profile picture of Kabi Patt

    Kabi Patt started the topic OpenAM in OSX El Captain :- not loading the login page in the forum Access Management 5 years, 10 months ago

    Hi,

    I am trying to showcase some OpenAM capabilities to my management. So installed OpenAM 13.0 with Embeded-DJ on Tomcat 8 with JDK 8 on my OSX-El-Captain. I installed and completed the OpenAM configuration, but no luck in getting the the first login screen to the admin console so far.

    I am getting “Loading….” message for the URL…[Read more]

Profile Photo dearseban Profile Photo ref3000

Search the forums

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.

Recent blog posts

  • Using an Authentication Tree Stage to Build a Custom UI with the ForgeRock JavaScript SDK February 26, 2020
  • Identity Workflow with AM using Zeebe and Cloud Functions February 19, 2020
  • IDM: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 23, 2020
  • DS: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
  • AM and IG: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
Visit our blog

Recent Topics

  • Handle exception in Node Patch Object
  • SP Initiated SSO – Unable to do sso or federation
  • Realm level access
  • How can I generate 32 bytes Random salt in js script
  • Bypass Login Page in Chain

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

  • Blog
  • Documentation
    • OpenAM / Access Management
    • OpenDJ / Directory Services
    • OpenIDM / Identity Management
    • OpenIG / Identity Gateway
    • OpenICF / Open Connector Framework
    • Intro to Identity
  • Forums
    • General Discussion
    • ForgeRock Products
      • OpenAM
      • OpenIDM
      • OpenDJ
      • OpenIG
      • OpenUMA
    • DevOps
    • Internet of Things
    • Documentation
    • Groups
  • Twitter
  • Facebook
  • Linkedin
  • Youtube

Log in with your credentials

Lost your password?

Forgot your details?

I remember my details