[email protected]

Home Members [email protected]

Learn more about our upcoming Identity Summits

show less show more
Profile picture of Karthik.Nagarajan@thomsonreuters.com

@karthik-nagarajanthomsonreuters-com

active 1 year, 10 months ago
Points balance: 210 ♪
Rank: [email protected]
  • Activity
  • Profile
  • Groups 0
  • Forums
  • Personal
  • Mentions
  • Favorites
  • Groups
  • Profile picture of Karthik.Nagarajan@thomsonreuters.com

    [email protected] commented on the post, Step up authentication OpenID Connect 4 years, 5 months ago

    Hi,

    If the application tries to login with acr=2 without going through the initial login, will OpenAM automatically show login page followed by OTP?

    Thanks,
    Karthik

  • Profile picture of Karthik.Nagarajan@thomsonreuters.com

    [email protected] replied to the topic SAML SSO IDP session upgrade in the forum Access Management 4 years, 6 months ago

    Hi Peter,

    I have a similar use case with SAML Federation.
    Let’s say I have 2 different AuthnContexts mapped to different chains:
    Context1 – Chain 1 – Auth Level 10
    Context2 – Chain 2 – Auth Level 20

    Chain 1 = LDAP module with Auth Level 10
    Chain 2 = LDAP module with Auth Level 10 + HOTP module with Auth Level 20

    If a user is already…[Read more]

  • Profile picture of Karthik.Nagarajan@thomsonreuters.com

    [email protected] replied to the topic Pass dynamic parameters for policy evaluation in the forum Access Management 4 years, 11 months ago

    Thanks Peter.
    Regarding environment map, I have a question regarding the Identity Membership condition.
    I am not sure how it works, but if I try to invoke a policy with “Identity Membership” condition, it doesn’t work. In the logs, I see InvocatorUUID not available. Should we pass any particular parameter in policy request body for “Identity…[Read more]

  • Profile picture of Karthik.Nagarajan@thomsonreuters.com

    [email protected] started the topic Pass dynamic parameters for policy evaluation in the forum Access Management 4 years, 11 months ago

    Is it possible to pass dynamic parameter values to OpenAM policy endpoint and evaluate a particular attribute against the passed value?
    For ex: I would like to pass some value like type=admin to evaluate endpoint and in the policy, I want to check if attribute “employeeType=admin”.

  • Profile picture of Karthik.Nagarajan@thomsonreuters.com

    [email protected] replied to the topic changing nameid format in IdpProxy in the forum Access Management 5 years, 2 months ago

    Ok. What is the purpose of SP or IDP Adapters? Can we write custom adapters to replace the name-id format before sending the assertion from IdpProxy to SP?

  • Profile picture of Karthik.Nagarajan@thomsonreuters.com

    [email protected] replied to the topic changing nameid format in IdpProxy in the forum Access Management 5 years, 2 months ago

    Thanks Peter. Is it possible to write any plugin to translate the NameID-Format?

  • Profile picture of Karthik.Nagarajan@thomsonreuters.com

    [email protected] started the topic changing nameid format in IdpProxy in the forum Access Management 5 years, 2 months ago

    We have IdpProxy setup like SP -> IdpProxy -> Remote Idp.
    SP supports only emailAddress nameid format and Remote Idp supports only unspecified nameid format. IdpProxy has to get assertion from Remote Idp and send it to SP.
    Is it possible to change the nameid format at IdpProxy before sending the assertion to SP? I didn’t find any configuration to…[Read more]

  • Profile picture of Karthik.Nagarajan@thomsonreuters.com

    [email protected] replied to the topic “Unable to do Single Sign On or Federation” to successURL in the forum Access Management 5 years, 3 months ago

    Hi Peter,

    I get this same error page due to the following issue:
    libSAML2:03/17/2017 03:14:28:281 PM UTC: Thread
    ERROR: IDPSSOFederate.doSSOFederate: The realm of the session does not correspond to that of the IdP,
    Thread
    ERROR: IDPSSOFederate.doSSOFederate: The realm of the session does not correspond to that of the IdP

    But, OpenAM displays a…[Read more]

  • Profile picture of Karthik.Nagarajan@thomsonreuters.com

    [email protected] replied to the topic OAuth default scope and requested scope in the forum Access Management 5 years, 4 months ago

    Thanks Scott.
    So, the only option to return default scopes as well as Scope(s) in the same request is to add all the default scopes to Scope(s) configuration and ask the client to request a union of default & Scope(s) value. Correct?

  • Profile picture of Karthik.Nagarajan@thomsonreuters.com

    [email protected] started the topic OAuth default scope and requested scope in the forum Access Management 5 years, 4 months ago

    I am defining cn,sn as default scope for a OAuth client. And, I defined givenName in Scope.
    Now, If I make a authroization request without any scope, OpenAM returns a token which has both the default scopes – cn, sn.

    If I make an authorization request with scope=givenName, OpenAM returns a token which has only givenName scope.
    My understanding…[Read more]

Profile Photo fr_philipvo Profile Photo narun

Search the forums

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.

Recent blog posts

  • Using an Authentication Tree Stage to Build a Custom UI with the ForgeRock JavaScript SDK February 26, 2020
  • Identity Workflow with AM using Zeebe and Cloud Functions February 19, 2020
  • IDM: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 23, 2020
  • DS: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
  • AM and IG: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
Visit our blog

Recent Topics

  • Handle exception in Node Patch Object
  • SP Initiated SSO – Unable to do sso or federation
  • Realm level access
  • How can I generate 32 bytes Random salt in js script
  • Bypass Login Page in Chain

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

  • Blog
  • Documentation
    • OpenAM / Access Management
    • OpenDJ / Directory Services
    • OpenIDM / Identity Management
    • OpenIG / Identity Gateway
    • OpenICF / Open Connector Framework
    • Intro to Identity
  • Forums
    • General Discussion
    • ForgeRock Products
      • OpenAM
      • OpenIDM
      • OpenDJ
      • OpenIG
      • OpenUMA
    • DevOps
    • Internet of Things
    • Documentation
    • Groups
  • Twitter
  • Facebook
  • Linkedin
  • Youtube

Log in with your credentials

Lost your password?

Forgot your details?

I remember my details