-
Nicolas Seigneur replied to the topic ForgeRock Prometheus Monitoring on Kubernetes in the forum DevOps 4 years, 1 month ago
I corrected the entry and I have added a simple RSS feed to our Main Page and Blog, you should be able to pick it up under http://idstacks.io/
Thanks again for pointing this out.
Nicolas
-
Nicolas Seigneur replied to the topic ForgeRock Prometheus Monitoring on Kubernetes in the forum DevOps 4 years, 1 month ago
Thanks for the feedback JnRouvignac.
Regarding setting
/metrics/prometheus
asHTTP Anonymous
we did try to set this with the interactivedsconfig
and it was rejected, this was before we ran the server in--productionMode
. I will clarify in our post that it is protected by default.Adding RSS feed to the blog is on top of the list, we will add a…[Read more]
-
Nicolas Seigneur started the topic ForgeRock Prometheus Monitoring on Kubernetes in the forum DevOps 4 years, 1 month ago
Having used Prometheus Monitoring in our infrastructure for over a year, we were very excited to see ForgeRock adding support for Prometheus Metrics in the complete 6.0 release.
We wanted to share more with the ForgeRock Community, specifically around DevOps. For that reason, we have started a new blog with two entries explaining the concepts and…[Read more]
-
Nicolas Seigneur replied to the topic J2ee agent header does not have values for custom profile attributes in the forum Access Management 6 years, 3 months ago
Somehow, there’s always a bunch of trial and error to get this working on my end as well, specifically with custom attributes.
Another trick I used in the past, is to go to /openam/Debug.jsp and set logging level to Message for the Session.
When you log out, it will print the whole session for this user in /debug/Session. This can be useful to…[Read more] -
Nicolas Seigneur replied to the topic SAML does not work with Inter Domain SSO in the forum Access Management 6 years, 3 months ago
When you enable CDSSO, you need to have a “Home Domain” where the User Agent can be sent to validate if a cookie already exists. The reason is that if you do not have a cookie in one domain, it does not necessarily indicate that you are not logged in, for this reason, you are sent to OpenAM /UI/Login where the CDSSO servlet will kick in and…[Read more]
-
Nicolas Seigneur replied to the topic HA Configuration in the forum Access Management 6 years, 3 months ago
You simply need to enable replication between the OpenDJ1 and OpenDj2 External Config Store. This will keep both config store in synch, providing the same services on both instances.
Nicolas
-
Nicolas Seigneur replied to the topic ssoadm error : Cannot bootstrap the systemnull in the forum Access Management 6 years, 3 months ago
Can you validate if you have symlinks in /usr/share/tomcat8/openam?
-
Nicolas Seigneur replied to the topic J2ee agent header does not have values for custom profile attributes in the forum Access Management 6 years, 3 months ago
I believe I ran into similar issue in the past. My solution was to rely on “Session Attributes Processing” instead of the Profile Attribute Processing.
1. Navigate to Realm -> Authentication -> All Core Settings…
2. In “User Attribute Mapping to Session Attribute” set pai|pai
3. In J2EE Agent “Session Attributes Processing” set…[Read more] -
Nicolas Seigneur replied to the topic ssoadm error : Cannot bootstrap the systemnull in the forum Access Management 6 years, 3 months ago
Dhillip, if you had to use sudo, that means the current user has no access to the file content as you had to elevate your privilege to do so.
You need to make sure the user you are running ssoadm command from can see the content of that file without using sudo.
Nicolas
-
Nicolas Seigneur replied to the topic ssoadm error : Cannot bootstrap the systemnull in the forum Access Management 6 years, 3 months ago
Hello Dhilip, with the same user as you are running ssoadm, can you view the content of the file?
In the file, you should see information pertaining to the Configuration Directory connection.
-
Nicolas Seigneur replied to the topic OpenAM Security Advisory in the forum Access Management 6 years, 3 months ago
I believe the complete list is to be found in the Knowledge Base:
https://backstage.forgerock.com/#!/knowledge/kb?t=df9926e360b6981885f40d16f08fd5bb
-
Nicolas Seigneur replied to the topic Send Notification to user on registration in the forum Access Management 6 years, 3 months ago
In that scenario, you would have to configure OpenIDM to provision users in your OpenDJ. You would then use OpenIDM for all Identity Related tasks, including creating the user account. Once this is done, you can refer to OpenIDM Documentation on how to trigger an email to be sent during the onCreate events as it’s pretty straight forward.
-
Nicolas Seigneur replied to the topic Why OpenAM is not updating with OpenDJ data in the forum Access Management 6 years, 3 months ago
Is UID/CN part of the DN?
If so, with OpenAM 11.0.1+ you should disable the “DN Cache” at the bottom of the DataStore configuration.
Nicolas Seigneur
-
Nicolas Seigneur replied to the topic ssoadm error : Cannot bootstrap the systemnull in the forum Access Management 6 years, 3 months ago
You should be able to locate the BootStrap file that OpenAM uses to connect to his Config Directory to Bootstrap itself.
From the error message, it looks like the file is simply not found
Make sure you have “/usr/share/tomcat8/openam/bootstrap” and that the file is visible and content readable by the user you are running ssoadm from.
Nicolas Seigneur
-
Nicolas Seigneur replied to the topic Send Notification to user on registration in the forum Access Management 6 years, 3 months ago
There’s not Workflow engine in OpenAM. This sounds like a job for OpenIDM.
Nicolas Seigneur
-
Nicolas Seigneur replied to the topic HA Configuration in the forum Access Management 6 years, 3 months ago
For the config store, this is easily done by going to:
Configuration -> Server and Sites -> OpenAM1 -> Directory Configuration
The changes should be reflected in /opt/openam/openam/bootstrapFor the User Store, as Config Store are replicated, the value will be identical. I see a few solutions to achieve your desired Architecture:
1. Add a Load…[Read more] -
Nicolas Seigneur replied to the topic Why OpenAM is not updating with OpenDJ data in the forum Access Management 6 years, 3 months ago
By default, OpenAM should be relying on LDAP Persistent search to keep the cache from getting dirty.
If you do not see the “fresh” information in OpenAM, I would make sure you do not have issues with persistent search see under /debug/IdRepo.
Regarding caching control, you can refer to the following entry, it is old but still relevant: https://bl…[Read more]
-
Nicolas Seigneur replied to the topic Beginners Question (Functionality) in the forum General Discussion 6 years, 3 months ago
By default, OpenAM can be deployed with a embedded LDAP directory that serves as the configuration repository.
You can see Rajesh’s excellent blog to get started:
-
Nicolas Seigneur replied to the topic Fine Grained Authorization using OpenAM 13 in the forum Access Management 6 years, 3 months ago
Hello Saurabh, it would be helpful to know how you are protecting the page.
One design you could investigate is to use the Web Agents in response attributes. You could use the Web Agents to inject Headers that could be used by the application to perform the fine grain authorization and render the links accordingly.
If you give us more…[Read more]
-
Nicolas Seigneur replied to the topic Cannot Access Apache Page "Forbidden" in the forum Access Management 7 years, 4 months ago
I would look at /Agent_001/logs/debug/amAgent as well as the content of the iPlanetDirectoryPro cookie.
I you have a session with OpenAM, you will see a long string in the iPLanetDirectoryPro cookie. That means you’re getting Single Signed On. This is likely the case because otherwise, this would mean that the agent is not protecting the…[Read more]
- Load More