This topic has 180 replies, 15 voices, and was last updated 1 month, 3 weeks ago by larryebaum.
-
AuthorPosts
-
June 4, 2016 at 2:29 pm #10962
vikashsingh005
ParticipantHi Jamie,
I was quite new in OpenAM , i am currently working on saml with xacml integration using OpenAM,
when i am deploying Fedlet to Tomcat and Trying to send xacl soap request and Response
here is
QueryClient:processXACMLQuerysoapMessage :<soap-env:Envelope xmlns:soap-env=”http://schemas.xmlsoap.org/soap/envelope/”><soap-env:Body>
<samlp:RequestAbstract xmlns:samlp=”urn:oasis:names:tc:SAML:2.0:protocol” xsi:type=”xacml-samlp:XACMLAuthzDecisionQuery” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xacml-samlp=”urn:oasis:xacml:2.0:saml:protocol:schema:os” xacml-samlp:InputContextOnly=”true” xacml-samlp:ReturnContext=”true” ID=”s216f0c3c2555cf71e3aee292a0e4c38c28d965499″ Version=”2.0″ IssueInstant=”2016-05-31T11:02:16Z” Destination=”destination-uri” Consent=”consent-uri”>
<saml:Issuer xmlns:saml=”urn:oasis:names:tc:SAML:2.0:assertion”>myfedlet</saml:Issuer>
<xacml-context:Request xmlns:xacml-context=”urn:oasis:names:tc:xacml:2.0:context:schema:os” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xsi:schemaLocation=”urn:oasis:names:tc:xacml:2.0:context:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd”>
<Subject SubjectCategory=”urn:oasis:names:tc:xacml:1.0:subject-category:access-subject”>
<Attribute AttributeId=”urn:oasis:names:tc:xacml:1.0:subject:subject-id” DataType=”urn:sun:names:xacml:2.0:data-type:saml2-nameid” >
<AttributeValue>0GMQ2QsvmXigySyFJFPoluUkbtWC</AttributeValue>
</Attribute>
</Subject>
<xacml-context:Resource>
<Attribute AttributeId=”ResourceId” DataType=”http://www.w3.org/2001/XMLSchema#string” >
<AttributeValue>http://localhost:8080/fedlet/fedletXACMLQuery.jsp</AttributeValue>
</Attribute>
<Attribute AttributeId=”urn:sun:names:xacml:2.0:resource:target-service” DataType=”http://www.w3.org/2001/XMLSchema#string” >
<AttributeValue>iPlanetAMWebAgentService</AttributeValue>
</Attribute>
</xacml-context:Resource>
<xacml-context:Action>
<Attribute AttributeId=”urn:oasis:names:tc:xacml:1.0:action:action-id” DataType=”http://www.w3.org/2001/XMLSchema#string” >
<AttributeValue>GET</AttributeValue>
</Attribute>
</xacml-context:Action>
<xacml-context:Environment></xacml-context:Environment>
</xacml-context:Request></samlp:RequestAbstract>
</soap-env:Body></soap-env:Envelope>And in response i am getting
com.sun.identity.saml2.common.SAML2Exception: <SOAP-ENV:Fault xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/”><faultcode>SOAP-ENV:Server</faultcode><faultstring>Invalid Query.</faultstring><detail><Problem details=”Issuer in Request is invalid.”/></detail></SOAP-ENV:Fault>
at com.sun.identity.saml2.soapbinding.QueryClient.getSAMLResponse(QueryClient.java:347)
at com.sun.identity.saml2.soapbinding.QueryClient.processXACMLQuery(QueryClient.java:209)
at com.sun.identity.xacml.client.XACMLRequestProcessor.processRequest(XACMLRequestProcessor.java:120)
at com.sun.identity.saml2.profile.XACMLQueryUtil.getPolicyDecisionForFedlet(XACMLQueryUtil.java:181)
at org.apache.jsp.fedletXACMLResp_jsp._jspService(fedletXACMLResp_jsp.java:174)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)Can you help me How i can solve this issues , struck from 7 days on this
June 6, 2016 at 12:41 pm #11020Jamie Bowen
ModeratorHi vikashsingh005,
This is outside my area of expertise I’m afraid. A quick google search threw up this link;
https://lists.forgerock.org/pipermail/openam/2013-July/033332.htmlYou might find more help if you create a post in the OpenAM forum. Good luck with solving it!
Jamie
June 9, 2016 at 11:34 am #11176pier
ParticipantHi,
New and quite happy Forgerock customers here :) We (myc company and fellow co-workers) are using OpenDJ as LDAP directory, which is connected to an AD, we are also using OpenIDM as a customers password management portal. No openAM for now, we’ll see if it is needed later.
Quite new to LDAP in general, still I really love what I am seeing right now.
got some question which I am going to ask right now in the forums.
Pier.
June 9, 2016 at 6:13 pm #11179Jamie Bowen
ModeratorWelcome Pier. LDAP’s bit of a learning curve, but I’m sure the forums will give you all the help you need!
June 22, 2016 at 6:32 am #11492abhijit.sarmah
ParticipantHi,
I am new to ForgeRock and working my way through Open DJ and now OpenAM. Like the product so far.
June 23, 2016 at 10:52 am #11520Jamie Bowen
Moderator@abhijit-sarmah glad you’re enjoying it! Welcome to the forums!
June 24, 2016 at 8:34 am #11549Bhargava.bada
ParticipantHi All,
I am working for operative media works . we are looking for openAM for our SSO and federation . we already integrated our web application to support SSO and federation in development environment .
it is very good to use and simple to configure . After integration with OpenAM my applications Authentication is very clean.
but we are currently facing issues while securing our web services against openAM Authentication. what is the best approach while to secure web services using openAM .
Thanks
Bhargava-
This reply was modified 4 years, 7 months ago by
Bhargava.bada.
June 27, 2016 at 3:38 pm #11601Jamie Bowen
ModeratorHi Bhargava,
If you can describe your use case a little more fully that would be great. I’m not sure that I understand what you’re trying to do yet. Also, if you post in the OpenAM forum you will have more chance of people seeing your post and contributing.
Welcome to the forums however, I’m sure you’ll find the advice you’re looking for!
Jamie
-
This reply was modified 4 years, 7 months ago by
Jamie Bowen.
June 30, 2016 at 9:40 pm #11754tlmacal
ParticipantI’m Tim MacAlpine. I am project lead for the identity management portion of a larger network infrastructure program. We’ve been migrating from the Oracle (originally Sun) suite to OpenAM, OpenDJ and OpenIDM. OpenAM is in production, OpenDJ is close to deployment and OpenIDM is under construction. Our use cases are very group-management-centric and many involve workflows in addition to basic group management tasks. Our technical learning curve has been focused on custom endpoints, workflows and custom AngularJS UI development. We find OpenIDM to be powerful and challenging to master – but we’re eagerly facing the challenges.
My spare time activities include singing barbershop-style music with a quartet and a chorus, working with local amateur theatre groups as a performer and administrative board member, and spending time with my growing family – we just welcomed a new, 3rd granddaughter to our fold. Life it good!
July 1, 2016 at 3:27 pm #11783Jamie Bowen
ModeratorHi Tim,
Sounds like you’ve got a full and busy life! Sure OpenIDM is powerful and flexible, but those attributes don’t come with out a little complexity! We love some music here at ForgeRock. We have pianos, guitars and electric drums in the office and can often be found jamming at lunchtimes!
Good luck with your project. I hope you find the forums useful.
Jamie
July 2, 2016 at 1:45 am #11792werxio
ParticipantHi, I’m Hank Ratzesberger and I work for Techflow. We’re a government consulting company that does a lot of work for the GSA. I’m here because we need to replace OpenSSO, preferably last month, as it were. I’m also here because I just can’t get the basic install or one with our few modifications to work in JBoss 6.4.5 – a lot of links get 404 errors or are simple inactive. Hopefully, I can figure this out. Cheers.
July 6, 2016 at 3:07 pm #11858aislandiego
ParticipantHi.
My name is Aislan and I’m new to the OpenIDM world. Just found this community and I’m very excited to make part of it.
July 6, 2016 at 5:02 pm #11864Jamie Bowen
ModeratorHi Aislan,
Thanks for finding us I hope you find it useful!
Jamie
August 3, 2016 at 9:38 pm #12424Anonymous
InactiveHi All,
I’m a software developer recently introduced to OpenAM. I’ve been a software developer for a couple of years now and even though I love my job, I find it’s quite challenging every now and then.
I was introduced to OpenAM in this project we have started working on, which involves updating and refactoring a previous version of our custom authentication module (developed using OpenAM 9) up to version 13.
My goal is to learn as much as possible, implement what I have learned and then in turn teach others. I’m really looking forward to working with the platform.
I had a question about logging and debugging when regestering authentication modules. What I mean with this is, I was able to create the custom sample authentication module following the example in the dev guide without a problem. However when adapting the customer module developed in version 9 to version 13, I’m able to register the auth module and create the server just fine but the module doesn’t appear for the “/” realm for me to test it. I was wondering if there was any advice you guys could give me to help me troubleshoot the problem or logs locations to check, I was able to turn debugging on from the configuration options.
Thank you very much for your time.
MartinAugust 4, 2016 at 6:00 pm #12449Jamie Bowen
ModeratorHi Martin,
Welcome to the forums and I hope you have fun and learn lots working with OpenAM 13. There have been a ton of changes between v9 & v13 for sure!
You can learn all about debug logging from this chapter of the OpenAM admin guide:
https://backstage.forgerock.com/#!/docs/openam/13.5/admin-guide#debug-loggingHope that gets you up and running!
Jamie
-
This reply was modified 4 years, 7 months ago by
-
AuthorPosts
You must be logged in to reply to this topic.