openam

问题 We are looking to use OpenAM/OpenSSO to act as a SSO provider. We need, however, to have OpenAM use our mongo datastore under the hood to manage its authentication needs. With this in mind, I found this: http://www.badgers-in-foil.co.uk/notes/installing_a_custom_opensso_identity_repository/ which looks promising. Apparently, this should allow me to add an "Access Manager Repository plugin", but I have since read this: The Access Manager Repository plugin is also called amSDK or legacy SDK as

问题 We are looking to use OpenAM/OpenSSO to act as a SSO provider. We need, however, to have OpenAM use our mongo datastore under the hood to manage its authentication needs. With this in mind, I found this: http://www.badgers-in-foil.co.uk/notes/installing_a_custom_opensso_identity_repository/ which looks promising. Apparently, this should allow me to add an "Access Manager Repository plugin", but I have since read this: The Access Manager Repository plugin is also called amSDK or legacy SDK as

问题 Warning! I'm on a bit of a fishing trip here, and I'm not even sure if the questions that I'm asking entirely make sense. Please be kind with your responses! :) I recently took over a project that is currently based on a Java + Linux + Tomcat + MySQL. Right now, the system is basically just a website with a few cron jobs in the back-ground to move some data around, etc. In working with the product manager to develop a prioritized backlog, it’s clear from what he wants to do that I need to

问题 Warning! I'm on a bit of a fishing trip here, and I'm not even sure if the questions that I'm asking entirely make sense. Please be kind with your responses! :) I recently took over a project that is currently based on a Java + Linux + Tomcat + MySQL. Right now, the system is basically just a website with a few cron jobs in the back-ground to move some data around, etc. In working with the product manager to develop a prioritized backlog, it’s clear from what he wants to do that I need to

问题 Warning! I'm on a bit of a fishing trip here, and I'm not even sure if the questions that I'm asking entirely make sense. Please be kind with your responses! :) I recently took over a project that is currently based on a Java + Linux + Tomcat + MySQL. Right now, the system is basically just a website with a few cron jobs in the back-ground to move some data around, etc. In working with the product manager to develop a prioritized backlog, it’s clear from what he wants to do that I need to

问题 How do I configure OpenAM (with OpenDS behind it as the identity provider) to encrypt the SAML Response Assertion? The messages are working fine, but I want to encrypt the Assertions with a certificate I have placed into the OpenAM keystore.jks. I can't find anything in the documents. 回答1: SAML does not support ecryption of the whole Response and there shoudnt be any sensetive information in it besides in the assertion. The assertion or attributes is probably what you want to encrypt.

问题 Is it possible to get user details (attributes belonging to the resource owner) from ForgeRock's OpenAM using an OAuth 2 access token? I have a trusted SPA UI that is able to get an access token from OpenAM using the Resource Owner Password Credentials Grant type. However, that access token gives me no information about the resource owner. The token_info endpoint similarly gives me no information. OpenAM seems to have endpoints for listing user attributes, but expects a JWT as means of

问题 I am also trying to explore the fedlet + adfs federation. What I have is: an adfs server installed on machine A. I have also added the fedlet as the relying part but when I enter the replying party federation metadata url and click on test url its throwing me his exception : An error occurred while reading the federation metadata. Verify that the url or the host-name is valid federation metadata endpoint. But I have added the certificate of fedlet in the relying part and also set the

问题 What is the correct way for a java heavy client to authenticate with an OpenAM protected servlet? Java openAM sdk exists, which I have used and it does provide access to the SSO Token. Where things break down is when this same heavy Java client attempts to send serialized objects to a protected tomcat 7 (tomee+) servlet using this SSO Token id as a cookie . The OpenAM filter uses redirection with an embedded / hidden form containing credentials. This breaks the serialized object

问题 I have configured adfs as identity provider and openam as service provider but how to test whether login is working fine with adfs throght openam. Can anyone help me to do login to adfs server through openam using java application. Thanks, 回答1: Refer OpenAM and ADFS2 configuration. The article covers all your questions. Update: The way I normally do this is to use the OpenSSO / OpenAM Java Fedlet. Refer Using Fedlets in Java Web Applications (Chapter 8). The code (as per the fedlet) to