• Hi Keith, thanks for the reply. Is there any way to define the login page that the CDSSO servlet sends the user to? I’m confused about your statement, “That page is configurable as a standard login page” — are you saying that the CDSSO can only send you to the built-in login page, with the customization limitations that we already know of.

  • Hello. I have requirements that leave the built-in OpenAM login page insufficient for my needs. I understand this is not uncommon. I also have requirements for CDSSO (most specifically: protection against Cookie Hijacking).

    However, I find that when the WPA is configured for CDSSO, then it seems the WPA ignores the “OpenAM Login URL” on the…[Read more]

  • I thought I would follow-up on this, in case anyone stumbles onto this thread in the future. I found that my Shibboleth IdP was sending “uid” as as the “FriendlyName”, but “urn:oid:0.9.2342.19200300.100.1.1” was the actual value I needed to input in as the Auto Federation Attribute.

    I had tried this in the past, and it didn’t work, but I think it…[Read more]

  • I am trying to use Shibboleth as an IDP and OpenAM as a SP. I would like to use the uid attribute (which is not the NameID) for Auto Federation. I have Auto Federation enabled on my SP configuration, and I’ve entered “uid” as the attribute. One additional item perhaps worth mentioning is that I’m using “Required” for User Profile settings, and my…[Read more]

  • I am trying to use Shibboleth as an IDP and OpenAM as a SP. I would like to use the uid attribute (which is not the NameID) for Auto Federation. I have Auto Federation enabled on my SP configuration, and I’ve entered “uid” as the attribute. One additional item perhaps worth mentioning is that I’m using “Required” for User Profile settings, and my…[Read more]

  • Hello, I have a requirement to impersonate users. Please spare me the waggling fingers, there are legitimate needs for this. I know there is an impersonate module but it’s not supported for production use.

    So to implement, I configured an Authentication chain, which is protected at the network layer to only one authorized application. The goal of…[Read more]

  • Jim Mulvey replied to the topic Realm best practices in the forum OpenAM 2 months ago

    Hi Rogerio, thank you for your thoughts! Would it be appropriate to use the OpenAM user data store for the root realm, and then configure Active Directory (my production user data store) in the sub-realm? I anticipate very centralized administration of my OpenAM deployment, but there is a possibility that other Realms with other data stores may…[Read more]

  • Jim Mulvey started the topic Realm best practices in the forum OpenAM 2 months ago

    Hello, I am developing my organization’s OpenAM architecture. I am trying to decide what is the best initial Realm architecture. The initial installation, and my initial configuration has my datastores and authentication happening in the root realm. But as I consider the uncertain future, it occurs to me that this may not be the best long-term…[Read more]

  • Just to follow up in case others run into this, I was able to solve the problem. I used an LDAP Browser to open the configuration settings in the embedded OpenDJ and was able to navigate to the location where the CTS configuration errors were made. After correcting the values and restarting the OpenAM servers, all was well.

  • Hi, I set up an instance of OpenDJ on my OpenAM server and configured the CTS to use the external store. After restarting the server, OpenAM is not happy. I can’t log in. How can I revert the CTS change if I can’t log into the OpenAM console?

  • Jim Mulvey‘s profile was updated 2 months, 2 weeks ago

  • Jim Mulvey changed their profile picture 2 months, 2 weeks ago

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?