Integrating IDM With the ForgeRock Identity Platform

This topic contains 10 replies, has 3 voices, and was last updated by  ravindareddy 1 week, 1 day ago.

  • Author
    Posts
  • #20003
     Mahesh Algamwar 
    Participant

    Dear All,
    I am performing POC for Integrating IDM With the ForgeRock Identity Platform and following “ForgeRock Identity Management 5.5” Sample guide. I have performed the complete guide and done with all required configuration.
    When trying to login IDM, it redirects me to OpenAM where I am providing “amadmin” credentials and it redirects to IDM url but asking again to enter openidm user credentials. below redirect url:-

    http://localhost:8080/admin/#login&preventAutoLogin=true

    I followed few suggestions given in below forum, but nothing worked.
    https://forum.forgerock.com/2017/10/integrating-idm-dj/

    Guys could you please help me to overcome this issue.
    Apart form this I didn’t find any documentation about what configuration required so that it should works for other users as well apart from amadmin/openidm-admin user (ex. two user given in sample Barbara Jensen and John Doe)

    Product Versions:
    OpenAM 5.0
    IDM 5.5

    #20012
     Mike Jang 
    Moderator

    Hi Mahesh,

    I see you’re mixing versions, AM 5.0 and IDM 5.5. That has not been tested.

    When I wrote the blog post that you’ve cited, I based it on our documented Full Stack Sample (5.5), available from Backstage.

    When you use AM 5.5, IDM 5.5, and DS 5.5, you have to make fewer changes than was required for version 5.0 of each product. For reference, see the Full Stack Sample 5.0 documentation

    Thanks,
    Mike.

    #20173
     Mahesh Algamwar 
    Participant

    Hi Mike,
    Sorry I couldn’t reply early as I was on vacation. Thanks for your inputs, I updated AM 5.0 to AM 5.5 and able to overcome the issue. Now am able to login with amadmin user. But when I am trying to login with Non-admin user then I am getting below issue. It would be great if you can provide any pointer.

    Dec 18, 2017 12:52:34 PM org.forgerock.openidm.auth.modules.DelegatedAuthModule validateRequest
    FINE: DelegatedAuthModule: Authentication successful
    Dec 18, 2017 12:52:34 PM org.forgerock.openidm.auth.modules.DelegatedAuthModule validateRequest
    FINE: DelegatedAuthModule: validateRequest END
    Dec 18, 2017 12:52:34 PM org.forgerock.openidm.audit.impl.AuditServiceImpl handleCreate
    FINE: Audit create called for access with {roles=[openidm-reg], transactionId=f827abd3-3a81-4410-b9e2-40cd60fb7dfa-8966, client={ip=127.0.0.1, port=61942}, server={ip=127.0.0.1, port=8080}, http={request={secure=false, method=POST, path=http://mymachine.hk.hsbc:8080/openidm/authentication, queryParameters={_action=[logout]}, headers={Accept=[application/json, text/javascript, */*; q=0.01], Accept-Encoding=[gzip, deflate], Accept-Language=[en-US;q=1], Cache-Control=[no-cache], Connection=[keep-alive], Content-Length=[0], Content-Type=[application/json], Host=[mymachine.hk.hsbc:8080], Origin=[http://mymachine.hk.hsbc:8080], Referer=[http://mymachine.hk.hsbc:8080/], User-Agent=[Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36], X-OpenIDM-NoSession=[false], X-OpenIDM-Password=[anonymous], X-OpenIDM-Username=[anonymous], X-Requested-With=[XMLHttpRequest]}, cookies={amlbcookie=01, iPlanetDirectoryPro=3kdbqukStcedW6YSBC8nUXmJ-PQ.*AAJTSQACMDEAAlNLABx1STNIKzFmWC9LVmxTanUvVlh3Q3l5ZXdFVU09AAJTMQAA*, i18next=en-us}}}, request={protocol=CREST, operation=ACTION, detail={action=logout}}, eventName=access, userId=anonymous, response={status=SUCCESSFUL, statusCode=null, elapsedTime=7, elapsedTimeUnits=MILLISECONDS}, timestamp=2017-12-18T07:22:34.531Z}
    Dec 18, 2017 12:52:34 PM org.forgerock.jaspi.modules.session.jwt.AbstractJwtSessionModule validateJwtSessionCookie
    FINE: Session JWT cookie found
    Dec 18, 2017 12:52:34 PM org.forgerock.jaspi.modules.session.jwt.AbstractJwtSessionModule validateJwtSessionCookie
    FINE: Invalid Jwt content
    org.forgerock.json.jose.exceptions.InvalidJwtException: not right number of dots, 1
    at org.forgerock.json.jose.common.JwtReconstruction.reconstructJwt(JwtReconstruction.java:62)
    at org.forgerock.json.jose.builders.JwtBuilderFactory.reconstruct(JwtBuilderFactory.java:73)
    at org.forgerock.jaspi.modules.session.jwt.AbstractJwtSessionModule.verifySessionJwt(AbstractJwtSessionModule.java:343)
    at org.forgerock.jaspi.modules.session.jwt.AbstractJwtSessionModule.validateJwtSessionCookie(AbstractJwtSessionModule.java:264)
    at org.forgerock.jaspi.modules.session.jwt.JwtSessionModule.validateJwtSessionCookie(JwtSessionModule.java:48)
    at org.forgerock.jaspi.modules.session.jwt.AbstractJwtSessionModule.validateRequest(AbstractJwtSessionModule.java:211)
    at org.forgerock.jaspi.modules.session.jwt.JwtSessionModule.validateRequest(JwtSessionModule.java:48)
    at org.forgerock.jaspi.modules.session.jwt.JwtSessionModule.validateRequest(JwtSessionModule.java:86)
    at org.forgerock.openidm.auth.modules.IDMAuthModuleWrapper.validateRequest(IDMAuthModuleWrapper.java:277)
    at org.forgerock.caf.authentication.framework.AuthModules$WrappedAuthModule.validateRequest(AuthModules.java:515)

    #20208
     Mike Jang 
    Moderator

    Hi Mahesh,

    Thanks for the follow-up. The error I see in what you’ve provided is:

    FINE: Invalid Jwt content

    If I saw that error, I’d check two things:

    1) The browser cache. Out of habit, I frequently use “Incognito Mode” to make sure I have a fresh browser.
    2) The dev console. I wonder if you’re seeing an error related to CORS (Cross-Origin Resource Sharing).

    Thanks,
    Mike

    #20216
     Mahesh Algamwar 
    Participant

    Hi Mike,
    Thanks for your inputs, it is working perfectly fine after doing required CORS cahnges.

    Thanks
    Mahesh

    #20232
     Mike Jang 
    Moderator

    Hi Mahesh,

    Can you share what changes you made for CORS? (I want to make sure we’re covering more cases.)

    Thanks,
    Mike

    #20254
     Mahesh Algamwar 
    Participant

    Hi Mike,

    You have already mentioned those configuration in your blog so nothing missed out, it was something at my end.. CORS seeting where not correct at first place.After correcting it according to my environment it started working fine.

    Thanks
    Mahesh

    #22256
     ravindareddy 
    Participant

    Hi ,

    I want to list the users who is having admin access ?

    Thanks
    Ravindar

    #22267
     Mike Jang 
    Moderator

    Hi ravindareddy,

    I’m not clear on what you’re asking. Are you asking for a list of users with admin access on

    1) IDM
    2) AM
    3) Both?

    And — are you asking your question in the context of the integrated identity platform (IDM, AM, DS)?

    Thanks,
    Mike

    #22280
     ravindareddy 
    Participant

    Hi Mike,

    Thanks for the reply.

    Actually i want for only OpeIDM who is having admin access need to list those.

    Thanks for your help.

    Thanks
    Ravindar

    #22284
     ravindareddy 
    Participant

    Hi Mike,

    Would be great if i get a query to list the users who is having admin access in IDM.

    Thanks again.

    Thank you
    Ravindar.

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?