October 17, 2019 at 2:39 pm #26886rhinosystemsParticipant
I’m new to OpenAM, and was initially very excited to check it out.
I’ve posted two postings to the forums, and have received *no* help on them at all.
The questions I had seemed pretty basic, and now I’m dealing with a configuration error that seems insolvable w/o some help (even slightly related suggestions might help).
Is this what to expect from this community? is there a difference in the Community Edition w/ the paid-for edition? (meaning will the paid-for work out of box – so far the Community does not).
The two Questions I’ posted:
1) How to create & manage users (I ended up figuring this out myself, but it would have been nice to have someone give some insight) – Apparently there is NO OpenAM webpages for this, but you have to use the the Control Panel to manage users (this requiring ssh and then open up x-window into your desktop, by running <tomcat>/OpenAM-14.4.1/opends/bin/control-p
This seems odd that there is no integrated user-management into the OpenAM UI, but oh well no one has told me there is or isn’t so I’m stuck with this remote-x-windows-control-panel solution…
2) I’m getting “AMUncaughtException when trying configure Samlv2->Hosted Service Provider” – this one I’m stuck on.
I’m about to abandon OpenAM if I can’t get #2 fixed.
I’d appreciate any help on this possible. Even if I have to get paid-for-help… please advise.
Also, I’d like to hear others experiences with getting good/bad support via forums… feedback?
JoelOctober 17, 2019 at 3:23 pm #26887Bill NelsonParticipant
Like most communities there are pockets of activity based on participants’ a) interest in the topic, and b) expertise (i.e. ability to respond to a topic), and c) time available to respond to a topic. Additionally, if questions are asked that are covered in the ForgeRock documentation (and it is obvious that the asker has not read the documentation) then you would typically receive a RTFM response in other communities, but here people just don’t respond. You could say that they are “nicer” in this way, but sometimes an RTFM is better than no response at all. I get it.
I don’t have a lot of time to respond in detail right now, but I did want to get back with you on a couple of things.
1. Don’t give up on AM, it is a kick ass product and you are only scratching the surface of what it can do.
2. If you are using the “Community Edition”, keep in mind that the software is roughly 3 to 4 years older than what is available in the current version.
2a. ForgeRock pushes code to the open source community once it is at its EOSL.
2b. If you want/need production ready/current code, then you should purchase a subscription.
2c. If you want to evaluate the latest code, you can log into Backstage and download the evaluation version, but you need a Backstage account (do you have one – backstage.forgerock.com?)
3. What you describe as the method of creating an AM user is not the correct way. Yes, AM comes with an embedded DS instance, but you should not be using that for anything other than POC or testing purposes. And even with that, I would not attempt to use the DS Control Panel to manage users as you completely bypass adding users with the appropriate schema.
3a. AM has a web interface for managing users and groups in a onsie/twosie sort of way. In the console, navigate to the appropriate realm (you have created add’l realms, right?), select the subjects tab and if your Data Store is configured correctly, then you should see the users in your data store. You can add them as well and that will apply the appropriate schema attributes to them in doing so.
3b. Later versions of AM have a REST interface where you can manager users directly.
3c. Both methods I describe above are included in the documentation. So, please refer to the documentation (you can find the documentation on Backstage or references to it from a good Google search).
3d. Neither method I describe above is the best for managing large populations of users/groups, for that you should use ForgeRock IDM.
4. In describing the SAML error, you say that you looked at the following logs: Both /opt/tomcat/logs and /var/logs. But did you look at the AM logs? That is where you would find information about the error. AM logs can be found in the configuration folder on your server. You specified this folder when you installed the software. There you will find two folders: debug and log. The debug folder contains messages a developer uses for debugging their code and the auth folder contains AM’s log files – both are helpful for troubleshooting. Again, both of these folders are described in the ForgeRock documentation found on Backstage.
4a. If the information contained in the logs doesn’t help, then turn up the log verbosity (just make sure you turn it back down again as you run the danger of running out of disk space at some point in time). And yep, instructions on how to do this can be found in the documentation.
Hope this helps!
billOctober 22, 2019 at 8:34 pm #26939rhinosystemsParticipant
Thank you Bill.
I’m a consultant, and I am learning OpenAM for suggesting to Fortune-500 type companies, that I work for.
I would like more info on the “backstage” process. I’ll look around to see what I can find.
I don’t mind paying a nominal fee for the “working” software as I learn this system.
What would I expect to pay for the software. Does the subscription model support a “cloud” like service? or does it only apply to the software that I’d need to install.
Part of the problem I’m experiencing is that the “installation” didn’t work out-of-box. The AM has a web interface, doesn’t work properly. When I click on “Subjects” it cycles back to a login page.
If the “production” ready software works out of box, then I suppose I need to upgrade existing software.. Or perhaps I remove existing and install new. Any ideas on that process?
Do you have any good admin books that can help explain installation/configuration and management?
Thanks! JoelOctober 22, 2019 at 11:46 pm #26947Bill NelsonParticipant
From one fellow consultant to another, here are my recommendations.
Just create a backstage account (backstage.forgerock.com), go to the downloads area, and download the evaluation version of AM and install. You don’t need to purchase it for trial or learning. Instead, spend the “nominal fee” on training. Start with the FREE FR-120 class (https://backstage.forgerock.com/university/selfpaced) and then move on to the ForgeRock Access Management Core Concepts class (https://backstage.forgerock.com/university/events). That is the biggest bang you will get for your buck.
AM can run in the cloud or on-prem, just fine and the the installation “should” work fine out of the box. Based on what you are saying, I suspect that you set your cookie domain incorrectly during the installation process.
The best books on this product are the ForgeRock docs themselves. These can all be found on Backstage as well (https://backstage.forgerock.com/docs/am/6.5).
You must be logged in to reply to this topic.