This topic has 9 replies, 4 voices, and was last updated 2 months ago by anaigini.

  • Author
    Posts
  • #27836
     anaigini
    Participant

    Hi,

    I was wondering what is the latest version of the OpenAM Enterprise?
    And do we need to subscribe (pay monthly, yearly) to get Enterprise OpenAM installers?

    I noticed that in github, the latest version available is already 14.5.
    Is there a lot of significant differences from 13.5 and 14.5?

    I plan to test install OpenAM free version to see how we can adapt this to our business environment, as we use mostly opensource products only. Can I use the OpenAM 13.5 installation guide from ForgeRock to install and configure the 14.5 version? Or is 14.5 not compatible with 13.5 anymore?

    Please advise.

    Thanks,
    ana

    #27837
     anaigini
    Participant

    I read the documentation of the specs required before installation (centos, jdk, tomcat version), and seems like OpenAM 13.5 still uses tomcat 8.0 and only OracleJDK.

    In this case, seems like OpenAM 14.0.0 (AM 5) is more suited to our environment, as it uses newer version of tomcat, like tomcat 8.5.x, and also supports OpenJDK, which we normally use. Although this is a good solution, I am thinking long term, and tomcat 9.0.34 is now the latest stable version to use. Tomcat 8.5.X might become EOL within a couple of years maybe? Because of this AM 6.5 seems more suitable, however is this available as open source? If yes which one is it?

    And even in Forgerock “Enterprise” download page, when I search AM 6.5, I only get “Amster” in the first few pages.

    Please advise.

    Thanks in advance.

    #27838
     FatBloke
    Participant

    Hey Ana,
    The latest version of Access Management (AM) is 6.5.2.3 and you can download for free from https://backstage.forgerock.com/downloads/browse/am/latest

    (To explain the versioning, 14.x was reset to 5.x to fit with rest of platform)

    Cheers

    #27839
     Jatinder Singh
    Participant

    You can find the community edition of Access Management or OpenAM at the below link. The version was released back in 2017 and released as v11 under CDDL licensing. So, you may be able to use this as an open-source solution but please keep in mind this is an ancient version (5 or more years old) and it’s enterprise equivalent is already marked EOSL (2017).

    https://backstage.forgerock.com/knowledge/kb/article/a64063590
    https://forgerock.github.io/openam-community-edition/
    https://github.com/ForgeRock/openam-community-edition/releases

    As far as I know, beside this version ForgeRock has not released any additional community editions. The latest available version is v6.5.2.3 and is an enterprise focused product. That said, you can download the complete binary for evaluation using the following link:

    https://backstage.forgerock.com/downloads/browse/am/latest

    Hope this helps!

    #27851
     anaigini
    Participant

    Thank you all for your suggestions. Managed to download AM 6.5.23.
    I have setup the server, and can successfully see the “Apache-Tomcat-9.0.34” page.
    I have also successfully deployed the openam.war file in <mytomcatdir>/webapps, and can see the “openam” folder.
    However, now the main problem looms.

    When I open the page :

  • https:<MYIP>:8443/openam/
  • I get “404 The requested URL is not found”

    I thought it was a permission issue, and thus checked the permissions of the tomcat directory, the webapps folder and all other sub-folders within the tomcat directory. They were all 750. I changed all of them to 755, and I still get the same problem.

    I tried simply assigning an FQDN like testsso.example.com as the server name, and when I open the page now, it is even worse than before – “Server Not Found”.

    I am not sure if I can assign an FQDN to the server as mentioned in the guide; as my machine is a virtual machine (Built in VMWare Workstation Player for non-commercial use). Thus, the IP address that is assigned is only via DHCP.

    Please advise what to do next.

#27854
 Jatinder Singh
Participant

A 404 indicates the container unable to find /openam context. I would suggest check the catalina.out logs to ensure openam.war was correctly exploded. Perhaps it’s a permission issue or tomcat misconfiguration. It’s hard to tell without logs. Once that’s resolved you can look into FQDN set-up. AM requires that you provide a FQDN, so it’s a prerequisite. As long as you have root access you can set-up one in your sandbox by editing > /etc/hosts with the following entry in your case:

127.0.0.1 localhost testsso.example.com

Hope this helps!

#27862
 anaigini
Participant

I can successfully open the link with port 8080, and so I started configuration using this port for now.
For port 8443 I will try later, I believe the configuration for tomcat has to be edited in server.xml for this port.

I manage to successfully configure openam, and have reached the “Realm” page. I click on New Realm to create a new realm to access a database (postgres) for storing user login info.

Since I could not find any other user guide to help me with the DB config part, I found and article for DB config for OpenAM 14.0.0. All the steps are OK, until the step for “Data Store” configuration. I do not see that option in the New Realm I have configured, instead I only see “Identity Store”. And even in that, I do not see the option “Database Repository (Early Access)” for the Type of Identity Store to use. I can, however see the options Active Directory, Active Directory Application Mode (ADAM), Generic LDAPv3, OpenDJ, Sun DS with OpenAM schema, and Tivoli Directory Server.

I have setup the pre-requisites to configure the DB before the setup of OpenAM, which is putting the Postgres JDBC jar (postgresql-42.2.12.jar) in <mytomcathome>/lib; and adding the line below in <mytomcathome>/conf/context.xml :

<Resource name="jdbc/opensso" type="javax.sql.DataSource" driverClassName="org.postgresql.Driver" url="jdbc.postgresql://localhost:5432/paybills" username="postgres" password="postgres" maxActive="20" maxIdle="10" maxWait="-1"/>

I restarted tomcat after the changes above.

How do I resolve this problem?

#27863
 anaigini
Participant

This was the link I followed to implement the external RDBMS data store :

#27874
 Scott Heger
Participant

Relational Database Identity Repository (Early Access) was removed in AM version 5.1. See: https://backstage.forgerock.com/docs/am/5.1/release-notes/#removed. You would need some sort of SQL to LDAP gateway if you wanted to use your DB as an Identity Repository in your 6.5.2.3 version. Then you would choose Generic LDAPv3 as the type. Best best, however, would be to migrate or synchronize your DB users to an actual LDAP store like DS and point AM to that.

#27882
 anaigini
Participant

Thank you for the info @Scott.

I now am trying install and configure OpenAM-14.0.0.
Managed to download the zip file from github.
Unzipped it in my working directory, and ran the command “mvn clean package”. Get this error now :

[[email protected] OpenAM-14.0.0]# mvn clean package
[INFO] Scanning for projects...
Downloading: http://maven.forgerock.org/repo/releases/org/forgerock/forgerock-parent/2.0.8/forgerock-parent-2.0.8.pom
Downloading: http://maven.forgerock.org/repo/openam-dependencies/org/forgerock/forgerock-parent/2.0.8/forgerock-parent-2.0.8.pom
Downloading: http://maven.forgerock.org/repo/maven.restlet.org/org/forgerock/forgerock-parent/2.0.8/forgerock-parent-2.0.8.pom
Downloading: http://download.oracle.com/maven/org/forgerock/forgerock-parent/2.0.8/forgerock-parent-2.0.8.pom
Downloading: https://repo.maven.apache.org/maven2/org/forgerock/forgerock-parent/2.0.8/forgerock-parent-2.0.8.pom
[ERROR] The build could not read 1 project -> [Help 1]
[ERROR]
[ERROR]   The project org.forgerock.openam:openam:14.0.0-SNAPSHOT (/usr/local/src/OpenAM-14.0.0/pom.xml) has 1 error
[ERROR]     Non-resolvable parent POM: Could not transfer artifact org.forgerock:forgerock-parent:pom:2.0.8 from/to forgerock-staging-repository (http://maven.forgerock.org/repo/releases): Not authorized , ReasonPhrase:. and 'parent.relativePath' points at wrong local POM @ line 42, column 13 -> [Help 2]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/ProjectBuildingException
[ERROR] [Help 2] http://cwiki.apache.org/confluence/display/MAVEN/UnresolvableModelException

Please advise.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?