This topic has 173 replies, 8 voices, and was last updated 1 day, 11 hours ago by 
-
Posts
-
Hello,
I’m Bao from Falls Church, Virginia. I’ve been a user of OpenAM starting from version 10.0.0. Currently trying to find a way to move to a newer version of OpenAM.Hi Jamie,
I’m working in consulting firm and started working with ForgeRock. I have prior experience with other Access Management products. The current project involves building DevOps capability for our client. I need certain information on these OOTB IDM attributes below, what are these and what each is meant for ?
Attribute Property Label Type
roles Provisioning Roles Relationship
manager Manager Relationship
authzRoles Authorization Roles Relationship
reports Direct Reports Relationship
effectiveRoles Effective Roles Array
effectiveAssignments Effective Assignments Array
lastSync Last Sync timestamp Object
kbaInfo Array
preferences Preferences Object
consentedMappings Consented Mappings ArrayHi at all,
I have a problem that I need help with. My Use Case is: When a new user is added to DJ by an administrator, the user is required to reset his password at initial login. This also applies when an administrator resets a user’s password. The problem is that IDM does not set the pwdReset attribute in DJ to false for a user initiated password reset, so the user can log in normally. On the contrary, with an implicitSync, the pwdReset is set to true.
I have installed IDM 6.5.03 and DJ 6.5 on my virtual machine. Both systems can communicate with each other. Up to now, IDM has configured the user self-service functionality, bidirectional synchronization to the DJ and a connector. The following password policy has been configured in DJ:
Property : Value(s)
——————————————:————————————
account-status-notification-handler : –
allow-expired-password-changes : true
allow-multiple-password-values : false
allow-pre-encoded-passwords : false
allow-user-password-changes : true
default-password-storage-scheme : Salted SHA-512
deprecated-password-storage-scheme : –
expire-passwords-without-warning : false
force-change-on-add : true
force-change-on-reset : true
grace-login-count : 0
idle-lockout-interval : 0 s
java-class : org.opends.server.core.PasswordPoli
: cyFactory
last-login-time-attribute : –
last-login-time-format : –
lockout-duration : 0 s
lockout-failure-count : 0
lockout-failure-expiration-interval : 0 s
max-password-age : 0 s
max-password-reset-age : 0 s
min-password-age : 0 s
password-attribute : userPassword
password-change-requires-current-password : false
password-expiration-warning-interval : 5 d
password-generator : Random Password Generator
password-history-count : 7
password-history-duration : 0 s
password-validator : Attribute Value
previous-last-login-time-format : –
require-change-by-time : –
require-secure-authentication : false
require-secure-password-changes : false
skip-validation-for-administrators : false
state-update-failure-policy : reactive
I hope anybody can help me, best regards
HichamHello,
This is my first time with OpenAM and I am trying to set up OpenAM 14.5.1 following https://backstage.forgerock.com/docs/openam/13.5/getting-started wiki. I completed the steps to protect the page http://www.example.com:8000 with OpenAM. However, when I log in using the demo account, the page goes to a redirection loop. I do see the cookie iPlanetDirectoryPro being set in the browser.
I am a PhD student and I am trying to use OpenAM to do a little demo on the IRM concepts as part of my dissertation. Professionally I have been working in IAM and Cybersecurity domains for some years.
Regards,
MN
You must be logged in to reply to this topic.
