This topic contains 64 replies, has 33 voices, and was last updated by Profile photo of mldhamid mldhamid 6 days, 22 hours ago.

  • Author
    Posts
  • #10962
    Profile photo of vikashsingh005 vikashsingh005 
    Participant

    Hi Jamie,

    I was quite new in OpenAM , i am currently working on saml with xacml integration using OpenAM,

    when i am deploying Fedlet to Tomcat and Trying to send xacl soap request and Response

    here is

    QueryClient:processXACMLQuerysoapMessage :<soap-env:Envelope xmlns:soap-env=”http://schemas.xmlsoap.org/soap/envelope/”><soap-env:Body>
    <samlp:RequestAbstract xmlns:samlp=”urn:oasis:names:tc:SAML:2.0:protocol” xsi:type=”xacml-samlp:XACMLAuthzDecisionQuery” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xacml-samlp=”urn:oasis:xacml:2.0:saml:protocol:schema:os” xacml-samlp:InputContextOnly=”true” xacml-samlp:ReturnContext=”true” ID=”s216f0c3c2555cf71e3aee292a0e4c38c28d965499″ Version=”2.0″ IssueInstant=”2016-05-31T11:02:16Z” Destination=”destination-uri” Consent=”consent-uri”>
    <saml:Issuer xmlns:saml=”urn:oasis:names:tc:SAML:2.0:assertion”>myfedlet</saml:Issuer>
    <xacml-context:Request xmlns:xacml-context=”urn:oasis:names:tc:xacml:2.0:context:schema:os” xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xsi:schemaLocation=”urn:oasis:names:tc:xacml:2.0:context:schema:os http://docs.oasis-open.org/xacml/access_control-xacml-2.0-context-schema-os.xsd“>
    <Subject SubjectCategory=”urn:oasis:names:tc:xacml:1.0:subject-category:access-subject”>
    <Attribute AttributeId=”urn:oasis:names:tc:xacml:1.0:subject:subject-id” DataType=”urn:sun:names:xacml:2.0:data-type:saml2-nameid” >
    <AttributeValue>0GMQ2QsvmXigySyFJFPoluUkbtWC</AttributeValue>
    </Attribute>
    </Subject>
    <xacml-context:Resource>
    <Attribute AttributeId=”ResourceId” DataType=”http://www.w3.org/2001/XMLSchema#string” >
    <AttributeValue>http://localhost:8080/fedlet/fedletXACMLQuery.jsp</AttributeValue&gt;
    </Attribute>
    <Attribute AttributeId=”urn:sun:names:xacml:2.0:resource:target-service” DataType=”http://www.w3.org/2001/XMLSchema#string” >
    <AttributeValue>iPlanetAMWebAgentService</AttributeValue>
    </Attribute>
    </xacml-context:Resource>
    <xacml-context:Action>
    <Attribute AttributeId=”urn:oasis:names:tc:xacml:1.0:action:action-id” DataType=”http://www.w3.org/2001/XMLSchema#string” >
    <AttributeValue>GET</AttributeValue>
    </Attribute>
    </xacml-context:Action>
    <xacml-context:Environment></xacml-context:Environment>
    </xacml-context:Request>

    </samlp:RequestAbstract>
    </soap-env:Body></soap-env:Envelope>

    And in response i am getting

    com.sun.identity.saml2.common.SAML2Exception: <SOAP-ENV:Fault xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/soap/envelope/”><faultcode>SOAP-ENV:Server</faultcode><faultstring>Invalid Query.</faultstring><detail><Problem details=”Issuer in Request is invalid.”/></detail></SOAP-ENV:Fault>
    at com.sun.identity.saml2.soapbinding.QueryClient.getSAMLResponse(QueryClient.java:347)
    at com.sun.identity.saml2.soapbinding.QueryClient.processXACMLQuery(QueryClient.java:209)
    at com.sun.identity.xacml.client.XACMLRequestProcessor.processRequest(XACMLRequestProcessor.java:120)
    at com.sun.identity.saml2.profile.XACMLQueryUtil.getPolicyDecisionForFedlet(XACMLQueryUtil.java:181)
    at org.apache.jsp.fedletXACMLResp_jsp._jspService(fedletXACMLResp_jsp.java:174)
    at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:439)
    at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:395)
    at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:339)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

    Can you help me How i can solve this issues , struck from 7 days on this

    #11020
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Hi vikashsingh005,

    This is outside my area of expertise I’m afraid. A quick google search threw up this link;
    https://lists.forgerock.org/pipermail/openam/2013-July/033332.html

    You might find more help if you create a post in the OpenAM forum. Good luck with solving it!

    Jamie

    #11176
    Profile photo of pier pier 
    Participant

    Hi,

    New and quite happy Forgerock customers here :) We (myc company and fellow co-workers) are using OpenDJ as LDAP directory, which is connected to an AD, we are also using OpenIDM as a customers password management portal. No openAM for now, we’ll see if it is needed later.

    Quite new to LDAP in general, still I really love what I am seeing right now.

    got some question which I am going to ask right now in the forums.

    Pier.

    #11179
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Welcome Pier. LDAP’s bit of a learning curve, but I’m sure the forums will give you all the help you need!

    #11492
    Profile photo of abhijit.sarmah abhijit.sarmah 
    Participant

    Hi,

    I am new to ForgeRock and working my way through Open DJ and now OpenAM. Like the product so far.

    #11520
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    @abhijit-sarmah glad you’re enjoying it! Welcome to the forums!

    #11549
    Profile photo of Bhargava.bada Bhargava.bada 
    Participant

    Hi All,

    I am working for operative media works . we are looking for openAM for our SSO and federation . we already integrated our web application to support SSO and federation in development environment .

    it is very good to use and simple to configure . After integration with OpenAM my applications Authentication is very clean.

    but we are currently facing issues while securing our web services against openAM Authentication. what is the best approach while to secure web services using openAM .

    Thanks
    Bhargava

    #11601
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Hi Bhargava,

    If you can describe your use case a little more fully that would be great. I’m not sure that I understand what you’re trying to do yet. Also, if you post in the OpenAM forum you will have more chance of people seeing your post and contributing.

    Welcome to the forums however, I’m sure you’ll find the advice you’re looking for!

    Jamie

    • This reply was modified 6 months, 3 weeks ago by Profile photo of Jamie Bowen Jamie Bowen.
    #11754
    Profile photo of tlmacal tlmacal 
    Participant

    I’m Tim MacAlpine. I am project lead for the identity management portion of a larger network infrastructure program. We’ve been migrating from the Oracle (originally Sun) suite to OpenAM, OpenDJ and OpenIDM. OpenAM is in production, OpenDJ is close to deployment and OpenIDM is under construction. Our use cases are very group-management-centric and many involve workflows in addition to basic group management tasks. Our technical learning curve has been focused on custom endpoints, workflows and custom AngularJS UI development. We find OpenIDM to be powerful and challenging to master – but we’re eagerly facing the challenges.

    My spare time activities include singing barbershop-style music with a quartet and a chorus, working with local amateur theatre groups as a performer and administrative board member, and spending time with my growing family – we just welcomed a new, 3rd granddaughter to our fold. Life it good!

    #11783
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Hi Tim,

    Sounds like you’ve got a full and busy life! Sure OpenIDM is powerful and flexible, but those attributes don’t come with out a little complexity! We love some music here at ForgeRock. We have pianos, guitars and electric drums in the office and can often be found jamming at lunchtimes!

    Good luck with your project. I hope you find the forums useful.

    Jamie

    #11792
    Profile photo of werxio werxio 
    Participant

    Hi, I’m Hank Ratzesberger and I work for Techflow. We’re a government consulting company that does a lot of work for the GSA. I’m here because we need to replace OpenSSO, preferably last month, as it were. I’m also here because I just can’t get the basic install or one with our few modifications to work in JBoss 6.4.5 – a lot of links get 404 errors or are simple inactive. Hopefully, I can figure this out. Cheers.

    #11858
    Profile photo of aislandiego aislandiego 
    Participant

    Hi.

    My name is Aislan and I’m new to the OpenIDM world. Just found this community and I’m very excited to make part of it.

    #11864
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Hi Aislan,

    Thanks for finding us I hope you find it useful!

    Jamie

    #12424
    Profile photo of Hiesso Hiesso 
    Participant

    Hi All,

    I’m a software developer recently introduced to OpenAM. I’ve been a software developer for a couple of years now and even though I love my job, I find it’s quite challenging every now and then.

    I was introduced to OpenAM in this project we have started working on, which involves updating and refactoring a previous version of our custom authentication module (developed using OpenAM 9) up to version 13.

    My goal is to learn as much as possible, implement what I have learned and then in turn teach others. I’m really looking forward to working with the platform.

    I had a question about logging and debugging when regestering authentication modules. What I mean with this is, I was able to create the custom sample authentication module following the example in the dev guide without a problem. However when adapting the customer module developed in version 9 to version 13, I’m able to register the auth module and create the server just fine but the module doesn’t appear for the “/” realm for me to test it. I was wondering if there was any advice you guys could give me to help me troubleshoot the problem or logs locations to check, I was able to turn debugging on from the configuration options.

    Thank you very much for your time.
    Martin

    #12449
    Profile photo of Jamie Bowen Jamie Bowen 
    Moderator

    Hi Martin,

    Welcome to the forums and I hope you have fun and learn lots working with OpenAM 13. There have been a ton of changes between v9 & v13 for sure!

    You can learn all about debug logging from this chapter of the OpenAM admin guide:
    https://backstage.forgerock.com/#!/docs/openam/13.5/admin-guide#debug-logging

    Hope that gets you up and running!

    Jamie

Viewing 15 posts - 16 through 30 (of 65 total)

You must be logged in to reply to this topic.

©2017 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?