This topic has 175 replies, 10 voices, and was last updated 3 weeks ago by 
-
Posts
-
Hello,
I’m Bao from Falls Church, Virginia. I’ve been a user of OpenAM starting from version 10.0.0. Currently trying to find a way to move to a newer version of OpenAM.Hi Jamie,
I’m working in consulting firm and started working with ForgeRock. I have prior experience with other Access Management products. The current project involves building DevOps capability for our client. I need certain information on these OOTB IDM attributes below, what are these and what each is meant for ?
Attribute Property Label Type
roles Provisioning Roles Relationship
manager Manager Relationship
authzRoles Authorization Roles Relationship
reports Direct Reports Relationship
effectiveRoles Effective Roles Array
effectiveAssignments Effective Assignments Array
lastSync Last Sync timestamp Object
kbaInfo Array
preferences Preferences Object
consentedMappings Consented Mappings ArrayHi at all,
I have a problem that I need help with. My Use Case is: When a new user is added to DJ by an administrator, the user is required to reset his password at initial login. This also applies when an administrator resets a user’s password. The problem is that IDM does not set the pwdReset attribute in DJ to false for a user initiated password reset, so the user can log in normally. On the contrary, with an implicitSync, the pwdReset is set to true.
I have installed IDM 6.5.03 and DJ 6.5 on my virtual machine. Both systems can communicate with each other. Up to now, IDM has configured the user self-service functionality, bidirectional synchronization to the DJ and a connector. The following password policy has been configured in DJ:
Property : Value(s)
——————————————:————————————
account-status-notification-handler : –
allow-expired-password-changes : true
allow-multiple-password-values : false
allow-pre-encoded-passwords : false
allow-user-password-changes : true
default-password-storage-scheme : Salted SHA-512
deprecated-password-storage-scheme : –
expire-passwords-without-warning : false
force-change-on-add : true
force-change-on-reset : true
grace-login-count : 0
idle-lockout-interval : 0 s
java-class : org.opends.server.core.PasswordPoli
: cyFactory
last-login-time-attribute : –
last-login-time-format : –
lockout-duration : 0 s
lockout-failure-count : 0
lockout-failure-expiration-interval : 0 s
max-password-age : 0 s
max-password-reset-age : 0 s
min-password-age : 0 s
password-attribute : userPassword
password-change-requires-current-password : false
password-expiration-warning-interval : 5 d
password-generator : Random Password Generator
password-history-count : 7
password-history-duration : 0 s
password-validator : Attribute Value
previous-last-login-time-format : –
require-change-by-time : –
require-secure-authentication : false
require-secure-password-changes : false
skip-validation-for-administrators : false
state-update-failure-policy : reactive
I hope anybody can help me, best regards
HichamHello,
This is my first time with OpenAM and I am trying to set up OpenAM 14.5.1 following https://backstage.forgerock.com/docs/openam/13.5/getting-started wiki. I completed the steps to protect the page http://www.example.com:8000 with OpenAM. However, when I log in using the demo account, the page goes to a redirection loop. I do see the cookie iPlanetDirectoryPro being set in the browser.
I am a PhD student and I am trying to use OpenAM to do a little demo on the IRM concepts as part of my dissertation. Professionally I have been working in IAM and Cybersecurity domains for some years.
Regards,
MNHello all,
I just started working in a team implementing the ForgeRock products, I’m currently taking the AM-400 trainings.
Hi,
I’m Marco Fanti and I work at a behavioral analytics company, Behaviosec. I am responsible for integrations of BehavioSec’s product and ForgeRock’s IAM products.
Hi,
I am Tamas Pakolicz and I work as a contractor for Hungarian Telekom.
I have experience with OpenDJ since 2.4. I started using directory servers with Netscape Directory 3.6 more than 20 years ago.
Now I run some OpenDJ 2.6 servers on network boot FreeBSD servers as read only LDAPs synchronized from Old Sun ONE DS-es with a little perl script I wrote a couple of years ago. I am in the process of upgrading the system to Forgerock DS 6.5 to clean up the old clutter.
You must be logged in to reply to this topic.
