Add applications to dashboard

This topic has 14 replies, 3 voices, and was last updated 5 years, 7 months ago by Peter Major.

  • Author
    Posts
  • #2608
     david.suarez
    Participant

    Hi!

    I have the following configurations on my OpenAM 12.0.

    A realm connected sucessfully to an AD. Where I can see their users and groups and also, the user can modify its own password from form. Also, I have configurated a profile as required. Finally, the data storage for the realm is an Active Directory.

    I am following the steps on Chapter 11 (http://docs.forgerock.org/en/openam/latest/admin-guide/index/chap-dashboard.html) but I cannot complete 11.4 because there no SERVICE section in any USER PROFILE.

    I am completely stack on this.

    Thank you in advanced
    D

    • This topic was modified 5 years, 9 months ago by david.suarez.
    • This topic was modified 5 years, 9 months ago by Peter Major.
    #2613
     Peter Major
    Moderator

    For the dashboard service to work you will need to add the custom directory schema definitions to your Active Directory instance.
    Could you elaborate on what do you exactly mean by “no SERVICE section in any USER PROFILE”? Is there a specific error message that you are getting?

    #2641
     david.suarez
    Participant

    I have checked that I only use Active Directory instance in the realm, and it connects to my server. The functions such as lock account or change password are working. And also, I have an Active Directory data storage.

    However, my problem is that I’m trying to add app to users dashboard. I am trying to find where I have to configure it because there is not option inside of user profile (step 11.4 from manual above)

    I have configured my bussiness AD data but there is no sight of it:

    Useruniversal id=test2,ou=user,dc=openam,dc=forgerock,dc=org

    From the log amAuthentication.access I can extract the following information

    “2015-01-20 22:44:13” “Inicio de sesión satisfactorio|isNoSession=false” 9832a1dab11704e801 id=test2,ou=user,dc=openam,dc=forgerock,dc=org 127.0.0.1 INFO dc=openam,dc=forgerock,dc=org AUTHENTICATION-100 “cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org” “Not Available” DataStore 127.0.0.1

    “2015-01-20 22:46:15” “Cierre de sesión” 9832a1dab11704e801 id=test2,ou=user,dc=openam,dc=forgerock,dc=org 127.0.0.1 INFO dc=openam,dc=forgerock,dc=org AUTHENTICATION-300 “cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org” “Not Available” DataStore 127.0.0.1

    Thank you!

    #2650
     Peter Major
    Moderator

    Theoretically you should be able to assign dashboards on the Access Control – <realm> – Subjects page. Each user should have a “Services” tab where you should be able to assign the dashboard service to the user (as long as the directory schema has the necessary attribute and objectclass definitions).

    #2652
     david.suarez
    Participant

    I am afraid but there is no tab. As I mentioned before, the User universal id doesn’t correspond with our AD data.

    The user profile for authentication or data store is matched only by samaccountname.

    #2653
     Peter Major
    Moderator

    The universal ID has nothing to do with the actual DN in the data store. The Services tab should be right there inbetween the General and the Group tab (after clicking on a given user entry in the table under the Subjects tab).

    #2812
     david.suarez
    Participant

    Okey. I was wondering if the problem exists between the AD and the OpenAM, I would like to check the schema. I am trying to debug how the search for users it is performed, and I am checking every single file in mydatafolder/opends.

    I realised most of user cannot login into AD but one-word accounts such as Administrator, openam, test, test2,… I guess the atribute mapping is not right. Also, in those user, the authentications is done but I cannot received AD messages such as “password expired”, I only see “wrong data”.

    Where should I search the log or the config files for that?

    Thank you so much in advanced!

    #2848
     david.suarez
    Participant

    I would like to know if it is possible to debug this problem because I am really stack on this. I have realised this could be the real problem “No user profile found”. I guess the problem is the atributte mapping but I cannot find any clue.

    If the profile is required/dinamyc, I have the problem. If I ignore the profile I can login successfully but the web stays in the login

    “2015-01-27 17:36:16” “El perfil de usuario no existe” “Not Available” “cn=test.test,ou=sistemas,ou=central,ou=bzn,dc=bzn2,dc=biz” 127.0.0.1 INFO dc=openam,dc=forgerock,dc=org AUTHENTICATION-203 “cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org” “Not Available” AD 127.0.0.1

    However, If I do the same with other AD user:

    “2015-01-27 17:35:53” “Inicio de sesión satisfactorio|isNoSession=false” e0cab031a9f2bc801 CN=test2,OU=Administracion,OU=Central,OU=ADESIS,DC=adesis,DC=biz 127.0.0.1 INFO dc=openam,dc=forgerock,dc=org AUTHENTICATION-100 “cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org” “Not Available” AD 127.0.0.1

    Thank you in advance

    #2858
     Peter Major
    Moderator

    The “User has no profile in this organization” error usually means that the Data Store is possibly incorrectly set up. Note, that the authentication and the profile lookup are two different things, and they both have to be set up in a similar manner: at the end of the authentication the returned principal will need to exist in the configured data store.

    #2861
     david.suarez
    Participant

    If I access with amAdmin, I can find all users inside the data store of that realm. And everyone have their atributtes. As I mentioned before, only one-word users can authenticate and be redirected to their profile.

    #3027
     Peter Major
    Moderator

    This sounds like a bug, but not something I’ve came across thus far (and actually I would assume that functionality like this works within OpenAM). What kind of errors do you get when you log in with a user that has spaces in the username?

    #3066
     david.suarez
    Participant

    This is the log from de amAuthentication.access File.

    The user test can access to see the profile but the user david.suarez can’t

    “2015-01-27 17:00:27” “Inicio de sesión satisfactorio|isNoSession=false” ce9dfbe1d58646f201 CN=test2,OU=Administracion,OU=Central,OU=BZN,DC=BZN,DC=biz 127.0.0.1 INFO dc=openam,dc=forgerock,dc=org AUTHENTICATION-100 “cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org” “Not Available” AD 127.0.0.1

    “2015-01-27 17:00:29” “Cierre de sesión” ce9dfbe1d58646f201 CN=test2,OU=Administracion,OU=Central,OU=ADESIS,DC=adesis,DC=biz 127.0.0.1 INFO dc=openam,dc=forgerock,dc=org AUTHENTICATION-300 “cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org” “Not Available” AD 127.0.0.1

    “2015-01-27 17:00:54” “Inicio de sesión satisfactorio|isNoSession=false” c1f116eaf9a2156101 “CN=David Suarez,OU=AA,OU=Central,OU=BZN,DC=BZN,DC=biz” 127.0.0.1 INFO dc=openam,dc=forgerock,dc=org AUTHENTICATION-100 “cn=dsameuser,ou=DSAME Users,dc=openam,dc=forgerock,dc=org” “Not Available” AD 127.0.0.1

    #3081
     Peter Major
    Moderator

    These were the audit logs, you should look at the debug logs instead:
    https://wikis.forgerock.org/confluence/display/openam/Collect+debug+log+files+from+OpenAM

    #3712
     LeeGath
    Participant

    Hi,

    Did anyone find a way to resolve this? I seem to be experiencing the same problem. I notice if I have an embedded DJ store, the tab appears. However, if I just have the AD data store it isn’t present. I can only assume it’s something to do with the AD schema, but as far as I can tell the ldif’s have run ok.

    Thanks

    Lee

    #3738
     Peter Major
    Moderator

    The Services tab only pops under Subjects up if the data store’s “LDAPv3 Plug-in Supported Types and Operations” setting has user=service.

Viewing 15 posts - 1 through 15 (of 15 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?