Nicolas Seigneur

Home Members Nicolas Seigneur

Learn more about our upcoming Identity Summits

show less show more
Profile picture of Nicolas Seigneur

@nseigneurindigoconsulting-ca

active 1 year ago
Points balance: 382 ♪
Rank: Indie Mixtape
  • Activity
  • Profile
  • Groups 2
  • Forums
  • Personal
  • Mentions
  • Favorites
  • Groups
  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic ForgeRock Prometheus Monitoring on Kubernetes in the forum DevOps 4 years, 1 month ago

    I corrected the entry and I have added a simple RSS feed to our Main Page and Blog, you should be able to pick it up under http://idstacks.io/

    Thanks again for pointing this out.

    Nicolas

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic ForgeRock Prometheus Monitoring on Kubernetes in the forum DevOps 4 years, 1 month ago

    Thanks for the feedback JnRouvignac.

    Regarding setting /metrics/prometheus as HTTP Anonymous we did try to set this with the interactive dsconfig and it was rejected, this was before we ran the server in --productionMode. I will clarify in our post that it is protected by default.

    Adding RSS feed to the blog is on top of the list, we will add a…[Read more]

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur started the topic ForgeRock Prometheus Monitoring on Kubernetes in the forum DevOps 4 years, 1 month ago

    Having used Prometheus Monitoring in our infrastructure for over a year, we were very excited to see ForgeRock adding support for Prometheus Metrics in the complete 6.0 release.

    We wanted to share more with the ForgeRock Community, specifically around DevOps. For that reason, we have started a new blog with two entries explaining the concepts and…[Read more]

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic J2ee agent header does not have values for custom profile attributes in the forum Access Management 6 years, 3 months ago

    Somehow, there’s always a bunch of trial and error to get this working on my end as well, specifically with custom attributes.

    Another trick I used in the past, is to go to /openam/Debug.jsp and set logging level to Message for the Session.
    When you log out, it will print the whole session for this user in /debug/Session. This can be useful to…[Read more]

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic SAML does not work with Inter Domain SSO in the forum Access Management 6 years, 3 months ago

    When you enable CDSSO, you need to have a “Home Domain” where the User Agent can be sent to validate if a cookie already exists. The reason is that if you do not have a cookie in one domain, it does not necessarily indicate that you are not logged in, for this reason, you are sent to OpenAM /UI/Login where the CDSSO servlet will kick in and…[Read more]

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic HA Configuration in the forum Access Management 6 years, 3 months ago

    You simply need to enable replication between the OpenDJ1 and OpenDj2 External Config Store. This will keep both config store in synch, providing the same services on both instances.

    Nicolas

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic ssoadm error : Cannot bootstrap the systemnull in the forum Access Management 6 years, 3 months ago

    Can you validate if you have symlinks in /usr/share/tomcat8/openam?

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic J2ee agent header does not have values for custom profile attributes in the forum Access Management 6 years, 3 months ago

    I believe I ran into similar issue in the past. My solution was to rely on “Session Attributes Processing” instead of the Profile Attribute Processing.

    1. Navigate to Realm -> Authentication -> All Core Settings…
    2. In “User Attribute Mapping to Session Attribute” set pai|pai
    3. In J2EE Agent “Session Attributes Processing” set…[Read more]

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic ssoadm error : Cannot bootstrap the systemnull in the forum Access Management 6 years, 3 months ago

    Dhillip, if you had to use sudo, that means the current user has no access to the file content as you had to elevate your privilege to do so.

    You need to make sure the user you are running ssoadm command from can see the content of that file without using sudo.

    Nicolas

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic ssoadm error : Cannot bootstrap the systemnull in the forum Access Management 6 years, 3 months ago

    Hello Dhilip, with the same user as you are running ssoadm, can you view the content of the file?

    In the file, you should see information pertaining to the Configuration Directory connection.

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic OpenAM Security Advisory in the forum Access Management 6 years, 3 months ago

    I believe the complete list is to be found in the Knowledge Base:

    https://backstage.forgerock.com/#!/knowledge/kb?t=df9926e360b6981885f40d16f08fd5bb

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic Send Notification to user on registration in the forum Access Management 6 years, 3 months ago

    In that scenario, you would have to configure OpenIDM to provision users in your OpenDJ. You would then use OpenIDM for all Identity Related tasks, including creating the user account. Once this is done, you can refer to OpenIDM Documentation on how to trigger an email to be sent during the onCreate events as it’s pretty straight forward.

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic Why OpenAM is not updating with OpenDJ data in the forum Access Management 6 years, 3 months ago

    Is UID/CN part of the DN?

    If so, with OpenAM 11.0.1+ you should disable the “DN Cache” at the bottom of the DataStore configuration.

    Nicolas Seigneur

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic ssoadm error : Cannot bootstrap the systemnull in the forum Access Management 6 years, 3 months ago

    You should be able to locate the BootStrap file that OpenAM uses to connect to his Config Directory to Bootstrap itself.

    From the error message, it looks like the file is simply not found

    Make sure you have “/usr/share/tomcat8/openam/bootstrap” and that the file is visible and content readable by the user you are running ssoadm from.

    Nicolas Seigneur

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic Send Notification to user on registration in the forum Access Management 6 years, 3 months ago

    There’s not Workflow engine in OpenAM. This sounds like a job for OpenIDM.

    Nicolas Seigneur

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic HA Configuration in the forum Access Management 6 years, 3 months ago

    For the config store, this is easily done by going to:
    Configuration -> Server and Sites -> OpenAM1 -> Directory Configuration
    The changes should be reflected in /opt/openam/openam/bootstrap

    For the User Store, as Config Store are replicated, the value will be identical. I see a few solutions to achieve your desired Architecture:
    1. Add a Load…[Read more]

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic Why OpenAM is not updating with OpenDJ data in the forum Access Management 6 years, 3 months ago

    By default, OpenAM should be relying on LDAP Persistent search to keep the cache from getting dirty.

    If you do not see the “fresh” information in OpenAM, I would make sure you do not have issues with persistent search see under /debug/IdRepo.

    Regarding caching control, you can refer to the following entry, it is old but still relevant: https://bl…[Read more]

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic Beginners Question (Functionality) in the forum General Discussion 6 years, 3 months ago

    By default, OpenAM can be deployed with a embedded LDAP directory that serves as the configuration repository.

    You can see Rajesh’s excellent blog to get started:

    ForgeRock OpenAM Installation in a Linux Container

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic Fine Grained Authorization using OpenAM 13 in the forum Access Management 6 years, 3 months ago

    Hello Saurabh, it would be helpful to know how you are protecting the page.

    One design you could investigate is to use the Web Agents in response attributes. You could use the Web Agents to inject Headers that could be used by the application to perform the fine grain authorization and render the links accordingly.

    If you give us more…[Read more]

  • Profile picture of Nicolas Seigneur

    Nicolas Seigneur replied to the topic Cannot Access Apache Page "Forbidden" in the forum Access Management 7 years, 4 months ago

    I would look at /Agent_001/logs/debug/amAgent as well as the content of the iPlanetDirectoryPro cookie.

    I you have a session with OpenAM, you will see a long string in the iPLanetDirectoryPro cookie. That means you’re getting Single Signed On. This is likely the case because otherwise, this would mean that the agent is not protecting the…[Read more]

  • Load More
Profile Photo Ryan Profile Photo yasudak

Search the forums

Leaderboard

The leaderboard is based on our rockin' informal points system, read about it here.

Recent blog posts

  • Using an Authentication Tree Stage to Build a Custom UI with the ForgeRock JavaScript SDK February 26, 2020
  • Identity Workflow with AM using Zeebe and Cloud Functions February 19, 2020
  • IDM: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 23, 2020
  • DS: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
  • AM and IG: Zero Downtime Upgrade Strategy Using a Blue/Green Deployment January 22, 2020
Visit our blog

Recent Topics

  • Handle exception in Node Patch Object
  • SP Initiated SSO – Unable to do sso or federation
  • Realm level access
  • How can I generate 32 bytes Random salt in js script
  • Bypass Login Page in Chain

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

  • Blog
  • Documentation
    • OpenAM / Access Management
    • OpenDJ / Directory Services
    • OpenIDM / Identity Management
    • OpenIG / Identity Gateway
    • OpenICF / Open Connector Framework
    • Intro to Identity
  • Forums
    • General Discussion
    • ForgeRock Products
      • OpenAM
      • OpenIDM
      • OpenDJ
      • OpenIG
      • OpenUMA
    • DevOps
    • Internet of Things
    • Documentation
    • Groups
  • Twitter
  • Facebook
  • Linkedin
  • Youtube

Log in with your credentials

Lost your password?

Forgot your details?

I remember my details