This topic contains 71 replies, has 37 voices, and was last updated by Profile photo of ilasa01 ilasa01 1 day, 22 hours ago.

  • Author
    Posts
  • #8223
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Hello, my name is Jamie and I look after community contributions on behalf of ForgeRock. Why not take a moment to introduce yourself, and maybe a little about your involvement with the projects? This will often help forum members to provide you with better information, and help us all to get to know one another.

    A bit about me;

    I’ve been working at ForgeRock for a year and a half now, and have been lucky enough to work on some great demos of future tech for our summits. On the contribution front I was responsible for the engineering involved in the contribution of the OpenAM 13 RADIUS server functionality by the LDS Church (thanks folks).

    My background; I have 20 years experience as software developer, and later architect working on defence projects, enterprise security software and enterprise big data software.

    In my spare time I sing and play guitar and mandolin in a folk rock band. I also and love to ski, surf and cycle.

    Once again, welcome to the forums.

    • This topic was modified 12 months ago by Profile photo of Jamie Bowen Jamie Bowen.
    #8541
    Profile photo of anirban anirban 
    Participant

    I am new to Open AM and Sync the AD users to open AM, Every time i used to go to Data Store and do reset to sync the users from AD to Open AM. Is there is Scheduler or Script by which I can automate the sycing of the users from AD to Open AM ?

    A bit of me..

    Consultant in Identity and Access Management.
    Most of my carrier worked in Microsoft and exploring the Open AM platform

    #8650
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Hi Anirban, and welcome to the forums!

    Regarding your question; Syncing with data stores is what OpenIDM is for. It can keep a unified view of external data stores, run scheduled syncs etc. OpenAM is merely a consumer of identity information residing in a data store, in your case Active Directory.

    There’s no sync as OpenAM does not store identity information somewhere, but it does use the identity in the identity store to create sessions and tokens.

    OpenAM is not a ‘provisiong’ tool. OpenIDM does all that really well and can handle workflows, syncing data stores etc.

    #9451
    Profile photo of anji.yalla@capitalone.com anji.yalla@capitalone.com 
    Participant

    Hi Bowen, this is Anji and we just started adopting ForgeRock products(OpenAM, DJ and IG) for our Identity and access management. So I am working on evaluating FR capabilities for different use cases.

    #9562
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Hi Anji,

    I hope you enjoy working with our projects!

    Jamie

    #9597
    Profile photo of Bill Nelson Bill Nelson 
    Participant

    Hi Jamie,

    I always joke that I have been working with ForgeRock since it was just a pebble (some people will get that and others are like my wife that feel that I have no sense of humor). Essentially, I was working with DJ when it was OpenDS (and before that the DSEE product), AM when it was Sun Identity Server (yes, I did say “Identity Server”), and IDM when its connector origins date back to Sun Identity Manager. You could say that I have been around the block once or twice and maybe even helped put up some of the houses on the block.

    We are a ForgeRock partner specializing in training, services, and development for DJ, AM, and IDM. I have written much of ForgeRock’s training materials and many of the people on these forums are our customers. I jump in from time to time to try to explain some of the more difficult concepts to the newer folks (must be the instructor in me) or just because I love getting a good smack down from Peter Major (not saying that I don’t deserve it, mind you).

    I sometimes go by the handle “idmdude” (don’t laugh, it was available) and can be found blogging on ForgeRock and other topics at http://www.idmdude.com. You can find more about me at https://idmdude.com/about/ or see my company’s website at http://www.identityfusion.com.

    It would be nice if the forum’s profile actually gave us the ability to describe our backgrounds, etc. It would help if I knew a person’s expertise level before I responded to them in the forums.

    Hope to see you again soon,

    bill (aka “idmdude”)

    #9605
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Great intro Bill! I agree about the profiles. I’ll see what we can do about that.

    Jamie

    #9648
    Profile photo of s.purcell s.purcell 
    Participant

    Hello everyone

    I work in a consulting firm as a software engineer and my clients are interested improving the security of their systems.

    We’re currently working on a study for them and OpenAM is the focus.

    Due to the age of the system, we are using the C SDK to integrate the system. I’ve managed to get it integrated into our system. It is able to authenticate the users on a module type basis, but I’m not sure how to force it to use the authentication chain I’ve set up.

    I had assumed that User authentication would follow the authentication chain in the realm. Am I missing something?

    Cheers!

    #9650
    Profile photo of Bill Nelson Bill Nelson 
    Participant

    There is a default chain (aka “service”) associated with a realm, it is called ldapService and consists of the DataStore as the one lone authentication module. OpenAM permits module based authentication but you have to specify that as a parameter and it is highly discouraged to leave that running in a production environment. So, when you log into a realm and don’t specify the module specifically, you are essentially logging in to the chain.

    If you want to use a different chain (by default) for a realm, you can create a new one, populate it with modules to your heart’s desire and then specify the criteria in which each module is processed. Then comes the testing part – you can specify a non-default chain to use for authenticating against a realm with the “service” parameter. Once you are comfortable with your chain, then you can set it as the default for the realm and all authentication then starts using that new chain. I HIGHLY recommend that you test your chain before trying to associate it with the realm. Not doing so is an easy way to lock yourself out of your realm. Then, you WOULD hope that you didn’t disable the module based authentication as you would need that to log back in, or you could log in against the top (/) realm, instead.

    Notice how none of what I just mentioned discussed the SDK. That is because all of this is the default behavior when configuring OpenAM’s authentication chains for a particular realm.

    bill

    #10189
    Profile photo of praveenalla praveenalla 
    Participant

    Hi,

    I am Praveen. We started evaluating OpenIDM for our user management in february. I did POC for our requirement of synchronization and reconciliation of users created in OpenIDM. Our Management liked the solution and we decided to use this product going forward. I am right now in development phase and will be having many questions whenever I face a roadblock. Hope to get help from the users in these forums.

    Thanks,
    Praveen

    #10230
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Nice to hear we made the cut! Thanks for posting Praveen!

    #10544
    Profile photo of sixart sixart 
    Participant

    Hi Bowen, I’m Dario and work in Sielte S.p.A (Catania – Italy). I am considering the possibility of using OpenDJ in the company.

    Thanks
    Dario

    #10578
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Hi Dario,

    Good to meet you. Welcome to the forums. I hope you can find what you need here!

    Jamie

    #10614

    Hi All,

    As a System administrator I was quite familiar with SunOpenDS.
    Seeing this fork and the development of features, I’m stunned!

    Here’s a summary what I been able to achieve, thanks to the opendj software.
    * – LDAP authentication based on OpenDJ PTA (using MS ADS)
    * – Works out-of-the-box for Solaris clients.
    * – Also, Linux clients, with a little help from sssd

    Especially, the netgroup implementaion using rfc2307bis works great +++

    /thanks

    #10669
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Great to hear you’re having a good experience! Would love to hear more about what you’ve done with netgroup!

    Jamie

Viewing 15 posts - 1 through 15 (of 72 total)

You must be logged in to reply to this topic.

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?