Don’t get hanged up on the number of the users displayed, all of users are most likely accessible from the Subjects tab if you use the search field. The idea behind of only returning ~120 user entries from your directory is all about ensuring that the user data store is not queried excessively.
Pagination for identity data is not currently supported.
In the realm when you configure User Self Service service just make sure that E-mail Verification is selected, and that should be pretty much it. If that’s not sufficient, please describe exactly what you are trying to do.
Race conditions are a possibility, but I’d say that would be a very slim one: you would need certain users to post multiple assertions at the same time to OpenAM so that the account mapper can detect the account missing multiple times and create them each time.
You may have a bug in the account mapper or something else is very fishy.
Have a close…[Read more]
I would suggest to separate admin logins from federated logins to separate realms (this would be possible as long as the admin users are not meant to access the same services as the federated users).
Other solution would be to ensure that the users in LDAP does not have a valid/resettable password.
ForgeRock builds secure relationships across the modern Web including cloud, social, mobile, and enterprise environments. ForgeRock can extend identities to any “thing” connected to the Internet. We support mission-critical operations with a fully open source platform.
Our customers are recognized market leaders such as GEICO, salesforce.com, Thomson Reuters, McKesson, and Vantiv, as well as governments building out
online services for their citizens, such as the Government of Norway.