- ForgeRock Forum and Blog

kburkhardt commented on the post, Use Authentication Trees To Create A Great SAML Login Experience 4 weeks ago

Have you done anything to address how the service specified in the Authentication Context on the IDP is not called if the user has a valid session already?
kburkhardt started the topic Where is the AM5 Source? in the forum Access Management 3 years, 2 months ago

There isn’t any source with this release, nor can I find anything seeming to be the 14.0.0 release tag in git. Is someone able to point me to the source?
kburkhardt replied to the topic Active Session Time and "No Configuration found" in the forum Access Management 3 years, 5 months ago

Request
/json/authenticate?authIndexType=composite_advice&authIndexValue=%3CAdvices%3E%3CAttributeValuePair%3E%3CAttribute%20name=%22SessionConditionAdvice%22/%3E%3CValue%3Edeny%3C/Value%3E%3C/AttributeValuePair%3E%3C/Advices%3E&goto={MyURL}

Response
{“code”:400,”reason”:”Bad Request”,”message”:”No Configuration found”}
kburkhardt started the topic Active Session Time and "No Configuration found" in the forum Access Management 3 years, 5 months ago

When I set an active session time condition on a policy, I get the advice “<Advices><AttributeValuePair><Attribute name=”SessionConditionAdvice”/><Value>deny</Value></AttributeValuePair></Advices>”, but the request errors out with “No Configuration found”. I expected it to force re-authentication. I’ve been unable to track down what…[Read more]
kburkhardt started the topic Active Session Time and "No Configuration found" in the forum Access Management 3 years, 5 months ago

When I set an active session time condition on a policy, I get the advice “<Advices><AttributeValuePair><Attribute name=”SessionConditionAdvice”/><Value>deny</Value></AttributeValuePair></Advices>”, but I get “No Configuration found”. I expected it to force re-authentication. I’ve been unable to track down what configuration I am missing. Any…[Read more]
kburkhardt replied to the topic Account Creation – OpenAM/OpenIDM in the forum Access Management 3 years, 6 months ago

Thank you for the links. It seems obvious to me that OpenIDM should do this. My question boils down to something simple. As it stands, it appears that I will have to modify the OpenAM XUI templates to add my OpenIDM links for self-service. Is this the way to integrate the products, or have I missed something that makes more sense?
kburkhardt started the topic Account Creation – OpenAM/OpenIDM in the forum Access Management 3 years, 6 months ago

I’ve been looking for examples and/or discussions about how to handle user self-service when running both OpenAM and OpenIDM, but I have come up short. My default preconception is that OpenIDM should handle it, and I expected OpenAM to have OOB integrations to do that, but this seems not to be the case. Can someone point me to some resources, or…[Read more]
kburkhardt replied to the topic Reading additional DataStore Attributes in the forum Access Management 3 years, 9 months ago

Wouldn’t let me edit the post again, updated link – https://stash.forgerock.org/projects/OPENAM/repos/openam/browse/openam-datastore/src/main/java/org/forgerock/openam/idrepo/ldap/DJLDAPv3Repo.java?at=refs%2Ftags%2F13.0.0#795
kburkhardt started the topic Reading additional DataStore Attributes in the forum Access Management 3 years, 9 months ago

I have a custom ResourceAttribute that I need to read additional attributes from the IdRepo for special processing. The attributes are not something that I can define in the DataStore settings ahead of time. I can’t seem to find a way of accomplishing this using data store services. Has anyone done this before, and how? Thanks!

Edit:

It…[Read more]
kburkhardt started the topic Reading additional DataStore Attributes in the forum Access Management 3 years, 9 months ago

I have a custom ResourceAttribute that I need to read additional attributes from the IdRepo for special processing. The attributes are not something that I can define in the DataStore settings ahead of time. I can’t seem to find a way of accomplishing this using data store services. Has anyone done this before, and how? Thanks!
kburkhardt replied to the topic OpenAM 13.5 – How to match the release with the commit in the forum Access Management 4 years ago

Excellent, I will do that. Thank you.
kburkhardt replied to the topic OpenAM 13.5 – How to match the release with the commit in the forum Access Management 4 years ago

I have that, but it doesn’t build because of authorization to the private repositories. I suppose discouraging people from building the war is part of the point. I was hoping to have a better internal release process than unpacking the war, adding files and either repacking it or deploying the exploded war. Thanks.
kburkhardt replied to the topic OpenAM 13.5 – How to match the release with the commit in the forum Access Management 4 years ago

I have that, but it doesn’t build because of authorization to the private repositories. I suppose preventing people from building the war is part of the point. I was hoping to have a better internal release process than unpacking the war, adding files and either repacking it or deploying the exploded war. Thanks.
kburkhardt started the topic OpenAM 13.5 – How to match the release with the commit in the forum Access Management 4 years ago

Trying to attach a debugger to the 13.5 codebase, but I can’t tell which commit makes up the release. Can someone give me some direction on which commit it is, or how to find that information. Thanks!

I’ve tried using sustaining/13.5.x, but that seems to have a lot of differences.
kburkhardt started the topic OpenAM 13.5 – How to match the release with the commit in the forum Access Management 4 years ago

Trying to attach a debugger to the 13.5 codebase, but I can’t tell which commit makes up the release. Can someone give me some direction on which commit it is, or how to find that information. Thanks!
kburkhardt replied to the topic OpenIG and OpenAM in the forum Access Management 4 years, 9 months ago

Thanks for clearing that up. I had originally figured that IG was a standalone reverse proxy (Read: Costs more money to license). The statement in the OpenAM docs is just kinda confusing and I was holding on to the hope that I didn’t have to ask for more money. Here’s to adding yet another service to the quote.

Thanks!
kburkhardt started the topic OpenIG and OpenAM in the forum Access Management 4 years, 9 months ago

We are starting to evaluate the Forgerock suite of applications.

I am confused at the relationship between these two products. I had thought that they were two standalone products. The OpenAM Admin guide has the statement below, which reads that OpenIG is included with OpenAM.

5.1. Open Identity Gateway or Policy Agent? OpenAM includes both…[Read more]