Nikolaos Giannopoulos

Home Members Nikolaos Giannopoulos

Learn more about our upcoming Identity Summits

show less show more
Profile picture of Nikolaos Giannopoulos

@nikolaosgac

active 1 year, 5 months ago
Points balance: 281 ♪
Rank: Nikolaos Giannopoulos
  • Activity
  • Profile
  • Groups 0
  • Forums
  • Personal
  • Mentions
  • Favorites
  • Groups
  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic IDP Proxy NameID creation issue in the forum Access Management 3 years, 11 months ago

    Hello Stefan,

    Have you tried looking at using the transient NameID-Format?

    getIdentity(…) SPAccountMapper invoked on the IDP Proxy states the following for:

    “… The implementation of this method first checks if the NaemID-Format is transient and returns the transient user. ….”

    Also a bit of a gotcha in case it is adding to your issue is…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic Issue with realm redirection with webagents 5 and openAM 5.5.1 in the forum Access Management 4 years, 3 months ago

    So if you directly try with your web browser can you login to that /test subrealm?
    http://openam.web.domain:8080/tolltest/XUI/#login/test

    If it does work then one other thing you appear to be doing different than typical (albeit its a best practice) is to use a custom webapp context other than “openam”. Perhaps you can try to redeploy OpenAM…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic Sun DSEE to OpenDJ User Profiles in the forum Directory Services 4 years, 3 months ago

    Hi @mreagin,

    You said:

    You can avoid this if the user passwords on DSEE are encrypted in a format supported by OpenDJ. Before importing the users, assign a password policy to them that allow encrypted passwords and, after import, revert to your normal password policy.

    There is something I don’t understand here. If the user passwords are not…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic Issue with realm redirection with webagents 5 and openAM 5.5.1 in the forum Access Management 4 years, 3 months ago

    Looking at your specific issue more carefully I suspect your issue is that you are not specifying the URL properly.

    If you are using the “realm” login URL parameter then you must specify the full path of the subrealm including its parent part beginning with a / e.g. if the parent realm is “sp” and subrealm is “test” then…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic Issue with realm redirection with webagents 5 and openAM 5.5.1 in the forum Access Management 4 years, 3 months ago

    Restarting a web container that has a web agent installed on it can not hurt and would not be a limitation if it turns out to resolve your issue. That is one of the first things to try beyond restarting OpenAM as well especially if you tried install/uninstall several times and tweaked configurations in between.

    –Nikolaos

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic Sun DSEE to OpenDJ User Profiles in the forum Directory Services 4 years, 3 months ago

    Thank You both very much for the detailed responses / feedback. This was very helpful.

    –Nikolaos

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic multiple SAML CoTs in one IDP instance in the forum Access Management 4 years, 3 months ago

    You mean if you use different cookie domain you won’t be prompted that you are already logged in an can authenticate to have a different SSO session.

    So yes you can have active sessions across realms but regardless cannot have SSO across realms. So sure it does depend on the solution requirements.

    I often wish OpenAM was flexible in allowing…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic multiple SAML CoTs in one IDP instance in the forum Access Management 4 years, 3 months ago

    OpenAM most definitely does not allow SSO between realms and some would see this as a feature… at least one of our clients does as they want to restricts users straddling applications of different realms.

    If you are logged into a realm and try to hit another realm you will be told that you are already logged in to an Organization and asked if…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos started the topic Sun DSEE to OpenDJ User Profiles in the forum Directory Services 4 years, 3 months ago

    We will be migrating user profiles from a Sun DSEE 6.3.1 install to OpenDJ 3.5.2.

    I was wondering if we could get a handle on:
    – Whether user passwords will need to be reset?
    – Any issues / gotchas we might come across?

    Thank You

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic REST call to replace ssoadm create-svc in AM5 in the forum Access Management 4 years, 7 months ago

    With AM 5.5 being currently released… and as we look to AM 5.5 and have a large scripted install that heavily uses ssoadm with OpenAM 13.5.1 I wonder:

    – If we can still do a full install of AM 5.5 with our existing OpenAM 13.5.1 ssoadm commands? (to be clear I am sure there may be some minor changes/tweaks like some removed settings, etc. but…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos started the topic Migrate OpenSSO Passwords / Secret Q&A in the forum Access Management 4 years, 9 months ago

    Hello,

    We have a customer that will be migrating OpenSSO 8 / DSEE 6.3.1 users and are wondering if Passwords and/or Secret Questions and Answers will need to be reset when moving to OpenAM 13.5.1 / OpenDJ 3.5.2.

    AFAIK this should only be hashed and not encrypted and moreover should be portable.

    Can someone please corroborate/confirm. Thank…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic Minimum password length is 8 in the forum Access Management 4 years, 10 months ago

    A couple things:

    1.) The example in the bug report has “Accept-API-Version: protocol=1.0,resource=2.0” yet says that is what is needed to avoid the issue. The example probably should not have it mentioned or use it as the workaround.

    2.) Not sure the header is case-sensitive or not (you use lower case) or “moreover” how picky it is in parsing…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic SAMLRequest sometimes not URLEncoded in the forum Access Management 4 years, 10 months ago

    One thing that pops out is that the SAMLRequest value is not URL encoded. It may be intermittent because only in cases where special chars are introduced in the value that the issue arises. Do you have a RP layer in front of the OpenAM like OpenIG – I ask because we had an issue with SAML2 signing validation which was the opposite in that the…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos started the topic IDP Initiated SLO SOAP to HA OpenAM Servers in the forum Access Management 4 years, 10 months ago

    Hello,

    We are using OpenAM 13.5.1 with LB in front (actually we also have OpenIG 4.5.0 RP’s with LB in front of that).

    When a SLO (Single LogOut) SOAP call is sent to our OpenAM’s it may or may not hit the correct OpenAM server as we use passthrough SSL at the LB i.e. the session affinity really is only possible from direct client HTTPS…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic 403 issue IIS with Agent 4.1-.23 in the forum Access Management 4 years, 10 months ago

    You don’t mention what Windows OS the Agent is running on… so apologies for the guessing/assuming.

    So try this from the Windows box with the Agent:
    telnet oam.uat.csc.local 443

    If the OS is Windows Server 2012 then telnet is not installed OOB and you could install it before hand with:
    pkgmgr /iu:TelnetClient

    –Nikolaos

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic 403 issue IIS with Agent 4.1-.23 in the forum Access Management 4 years, 10 months ago

    You will get a 403 if the Agent cannot talk to the OpenAM.

    So oam.uat.csc.local:443 is the LB in front of the OpenAM servers?

    If so, can you login to OpenAM with amadmin using:
    https://oam.uat.csc.local:443/openam

    If so, also are you using a self-signed cert – if you are the Agent communication needs to trust the SSL cert which you may have…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos's profile was updated 4 years, 10 months ago

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic OpenAM: Windows Server 2016 Compatibility in the forum Access Management 4 years, 10 months ago

    As Scott mentions it “should” work as the Java JVM is key but is not supported by ForgeRock and as you are on Community Edition well you are on your own anyways so no big deal. Of course you need to make sure you have a compatible Java JVM and J2EE container that both support Windows Server 2016.

    Oracle Java JDK 8 first provided certified…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic Creating federation-only users in embedded user store on SP? in the forum Access Management 4 years, 10 months ago

    You don’t mention how/where you are creating the user on the SP side that it requires you to establish a password for every user. Are you doing this in a SP Adapter?

    We create users in a combined IDP Proxy / SP at the IDP Proxy and we simply include a random password that the user will never be able to login directly with as they will never be…[Read more]

  • Profile picture of Nikolaos Giannopoulos

    Nikolaos Giannopoulos replied to the topic Failed to fetch instance D:web_agentsiis_agentinstancesagent_1…agent.conf in the forum Access Management 4 years, 10 months ago

    So if you do a “ls” (in Powershell) on the path does the file come up?

    Also although you didn’t get this error a problem on Windows Server 2012 R2 that I found is solved by unlocking a configuration entry. Check…[Read more]

  • Load More
Profile Photo brycelin Profile Photo zvasquez

Search the forums

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.

Recent blog posts

  • Using an Authentication Tree Stage to Build a Custom UI with the ForgeRock JavaScript SDK February 26, 2020
  • Identity Workflow with AM using Zeebe and Cloud Functions February 19, 2020
  • IDM: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 23, 2020
  • DS: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
  • AM and IG: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
Visit our blog

Recent Topics

  • Handle exception in Node Patch Object
  • SP Initiated SSO – Unable to do sso or federation
  • Realm level access
  • How can I generate 32 bytes Random salt in js script
  • Bypass Login Page in Chain

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

  • Blog
  • Documentation
    • OpenAM / Access Management
    • OpenDJ / Directory Services
    • OpenIDM / Identity Management
    • OpenIG / Identity Gateway
    • OpenICF / Open Connector Framework
    • Intro to Identity
  • Forums
    • General Discussion
    • ForgeRock Products
      • OpenAM
      • OpenIDM
      • OpenDJ
      • OpenIG
      • OpenUMA
    • DevOps
    • Internet of Things
    • Documentation
    • Groups
  • Twitter
  • Facebook
  • Linkedin
  • Youtube

Log in with your credentials

Lost your password?

Forgot your details?

I remember my details