This topic contains 137 replies, has 81 voices, and was last updated by  NaturalBornCamper 4 days, 17 hours ago.

  • Author
    Posts
  • #19091
     schaefflerp 
    Participant

    Greetings and Hello backstage brethren.

    We (montclair.edu) are just starting the full stack implementation planning.

    Thanks in advance for your (future) help and support.

    best / cheers,
    –Paul S.

    #19092
     schaefflerp 
    Participant

    Questions + Recommendation needed – PostGRES or Oracle as the under- the – hood – db engine – for IDM, AM and DJ/LDAP.

    ENV: PRODUCTION

    Whats been your experience?

    Recommendations ?

    thanks
    –Paul S.

    #19093
     Bill Nelson 
    Participant

    Hi Paul,

    It really depends on your architecture and what you are trying to achieve as to whether you select PostGRES or Oracle for OpenIDM (by the way, there are other choices, but you only asked about these options). From what I understand about your environment, either would be fine. So it now comes down to a licensing cost and experience decision. If you want to bypass Oracle licensing, then PostGRES is fine. You then need to look at which DB for which you have experienced DBAs on staff. Ultimately you will need to monitor the DB and tune it from time to time so if you already have experience with one or the other, that needs to be considered in your decision.

    Your question really only pertains to OpenIDM as OpenAM uses OpenDJ as its Config Store & CTS Store. For OpenAM User Profiles you could use any LDAPv3 server, Active Directory, or a relational database, but again, from what I understand about your environment, you are probably going to lean towards LDAP or AD.

    OpenDJ includes its own embedded database and options include the PDB or JE – selected when you install the product. The PDB was introduced when Oracle was changing its licensing terms on the JE (the Berkley DB, Java Edition) and ForgeRock needed to have another choice (versus paying the licensing fees). But since Oracle changed their mind on the licensing, this is no longer a factor and ForgeRock recommends using the JE; that is what we use in all implementations.

    Hope this helps,

    bill

    BTW, please ask these questions in the appropriate forums – OpenIDM, OpenDJ, OpenAM, etc. As that is where the real gurus of each topic hang out. Me, I just stalk most of the forums from time to time.

    #19100
     Enrico.gulfi 
    Participant

    Hi everybody,

    we are currently testing ForgeRock products as part of citizen e-gov portal.
    I posted yesterday a question on OpenDJ REST API but can’t see it in the corresponding forum.
    Is publishing immediate or does it go through a “clearing desk”?

    Best regards, Enrico

    #19101
     schaefflerp 
    Participant

    Thanks Bill.

    I am familiar w/ BerkleyDB – a good choice for embedding into Apps, so a good choice for AM and DS/DJ-LDAP. Need to research further for IDM. As you know – there will be integration and reporting requirements on IDM that would lean decision towards enterprise. PostGRES is already in house but smallish operation profile, we are ok w/ training up DBA’s on more PostGRES support – etc.

    Cheers,
    –Paul S.

    #19114
     adipaola_iconectiv 
    Participant

    Hi, my name is Tony DiPaola
    I work for iconectiv, a Telecomm company in New Jersey, USA.
    Forgive my newb-ness, but I will ask my question right away:

    I set password-history-count (and max-password-age) from the command line:

    /vendor/opendj/bin/dsconfig set-password-policy-prop –port 5444 –hostname localhost –bindDN “cn=Directory Manager” –bindPassword <PWD> –policy-name “Default Password Policy” –set password-history-count:10 –trustAll –no-prompt

    I want to fetch password-history-count (and max-password-age) in java with OpenDj SDK. How do I do it?
    Also, can I SET these parameters with the SDK, and if so, how?

    Thanks in advance,
    Tony DiPaola

    #19155
     pkesar15 
    Participant

    Hello,

    I am an Identity and access management consultant and developer, working on Forgerock products for last three years. I primarily work on Access management.
    OpenAM, OpenDJ and OpenIG are my in current playground.
    Nowadays, I am trying to get a secure OIDC implementation working with OpenAM.
    Happy to be part of this forum.
    Cheers,
    Priya

    #19233
     chris-fry-curtin 
    Participant

    Hi, I’m Chris, Security Architect in Western Australia.

    Last year we deployed OpenAM and OpenDJ for Single Sign On, and recently an IDM pilot using a publisher/subscriber integration pattern.

    Right now we’re working on using OpenAM + IG to manage/enforce authentication and authorisation for Elasticsearch and Kibana.

    – Chris

    #19292
     PranavSharma 
    Participant

    Hi All,
    I have a Linux box having LDAP (ApacheDS) installed. I will install OpenAM for federation services. Corporate LDAP resides in the parent organization. What are the options to establish trust as parent organization is registered in different country. My organization having ApacheDS + OpenAM is installed on Linux box while parent organization has Windows AD.

    Please advise.

    #19761
     samquinto14 
    Participant

    Hi im sam

    #19827
     Jamie Bowen 
    Moderator

    Hi Enrico, Paul, Tony, Priya, Chris, Pranav & Sam.

    Welcome to the forums. @PranvaSharma – try posting in the OpenAM forum, you should get a better response there.

    Jamie

    #20452
     RevathyReddy 
    Participant

    Greeting from Bangalore Secretary Services !!!

    BSS business consultancy private limited

    Urgent Openings for Dev Ops Engineer with our leading client

    Position : Dev Ops Engineer

    Role : Cloudera Hadoop Admin on AWS

    Experience : 3 to 4 Years

    Emoluments : 6-7 L P.A

    Notice period : Immediate.

    Detail JD:

    Set up and maintain AWS environments.

    Utilize automation tools to optimize the environments for DevOps.
    Set up administrator and service accounts, maintaining system documentation, tuning system performance, troubleshooting, installing system wide software and addressing mass storage space requirements
    Make recommendations to integrate new custom and cloud software, coordinates installation and supports operations.
    Support application customers by installing, maintaining, administering, and managing servers and network systems
    Expert in Ansible, Chef, Teraform scripting

    Hands-on experience in setting up Cloudera Hadoop Distribution on AWS and on-premise
    Experience with Cloudera Manager and Cloudera Director on AWS
    Hands-on experience with various Hadoop components – HDFS, HBase, Kudu, Spark, Sqoop, Kafka etc.,
    Experience with Java/J2EE to debug Hadoop Exceptions on cluster
    Experience in managing multiple clusters of CDH

    Please refer to the Job description above
    Company Profile

    BSS BUSINESS CONSULTANCY PRIVATE LIMITED

    Interested candidate send updated cv to

    lopa@bangaloresecretary .com
    Poornima@bangaloresecretary .com
    suma@bangaloresecretary .com

    http://www.bangaloresecretary.com/

    Consultancy India
    consultancy bangalore

    #20870
     ashok9k 
    Participant

    Hello Everyone!

    I’m a solutions architect and my team is trying to achieve Omni-Channel authentication for business needs.

    I want to understand more about the Omni-channel authentication supported by Forgerock(OpenAM). Does OpenAM supports Push Authentication / Trusted Device Authentication? Is it supported by Forgerock directly or through any of the Partners? Because we want to do a POC to demonstrate OTP authentication and push authentication through a trusted device. Your advise on this will be much appreciated.

    Thanks
    Ashok

    #20874
     Bill Nelson 
    Participant

    Welcome @ashok9k,

    Q: Does OpenAM supports Push Authentication / Trusted Device Authentication?

    A: The answer is yes.

    Q: Is it supported by Forgerock directly or through any of the Partners?

    A: the technology comes out of the box with OpenAM. It can integrate with 3rd party authenticators or you can use the ForgeRock Authenticator.

    Hope this helps,

    Bill

    #20885
     ashok9k 
    Participant

    @Bill Nelson,

    Thanks for your reply. I’m working on the below use case where we are stuck.

    Use Case follows below
    Scenario : User authentication –> Select profile –> Include the selected profile in OIDC Token –> Present to Target System
    We have constructed the user authentication module in OpenAM, however we hanven’t connected to any backend system for profile reference.
    From the documentation I understand that for OIDC token, claims can be referenced to datastore defined in the OpenAM but in this case, we have to connect to legacy system to get the profile and include in OIDC token. Do you have any suggestions or solution for this?

    Thanks
    Ashok

Viewing 15 posts - 106 through 120 (of 139 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?