Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2013-12-03

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
23:10 MegaMatt joined #openam
01:31 blischalk joined #openam
01:31 blischalk tterb1983
01:33 tsmalmbe1 joined #openam
01:33 blischalk left #openam
01:36 blischalk joined #openam
01:38 blischalk left #openam
01:39 blischalk joined #openam
01:41 blischalk Has anyone ever encountered the error ERROR: IDPSSOFederate.doSSOFederate: Unable to do sso or federation.
01:41 blischalk com.sun.identity.saml2.common.SAML2Exception: Cannot resolve element with ID
01:41 blischalk I have done some googling and haven't found much information
02:03 blischalk joined #openam
04:54 m0sf3t joined #openam
07:15 hos001 joined #openam
07:54 SteveFerris joined #openam
08:06 SteveFerris joined #openam
08:28 SteveFerris joined #openam
08:28 SteveFerris joined #openam
08:36 tsmalmbe1 hey guys...
08:36 tsmalmbe1 AgentException: Invalid transport string
08:36 tsmalmbe1 what is up
08:37 tsmalmbe1 previously working system. did we forget a password somewhere or what?
08:38 tsmalmbe1 ERROR: SiteMonitor run failed
08:46 SteveFerris joined #openam
08:48 ludovicp joined #openam
09:12 aldaris joined #openam
09:17 jjpp good morning. :)
09:18 jjpp aldaris: ludovicp: is there a good way to synchronize some actions over two-node openam cluster with two-node opendj cluster as idrepo behind it? my custom auth module creates new profiles and obviously there is a race condition..
09:19 aldaris are you saying that your auth module may connect to a different DJ instance than what the data store would use?
09:22 jjpp not really. and that does not matter. events that cause profile-creation may happen asynchronously so that one instance connects to one openam that has one opendj in its connection pool and the other instance goes to other openam that happens to be connected to the other opendj.
09:24 jjpp I think I could build some kind of locking on LDAP (atomic delete-and-set?) but this will probably cause a race-condition on its own (because of replication makeing no guarantees). so, I wonder if there is something that works between openam instances and could be used to synchronize things?
09:25 jjpp s/makeing/making
09:25 aldaris not sure I follow why would you get bounced between AM instances for starters?
09:28 jjpp there are two systems that (more or less) independently try to interact with openam that ultimately will cause profile creation. openam nodes are behind LB which assigns nodes to clients randomly.
09:30 jjpp probability of that "each request has it's own path do the data" is quite small. but that is the problem with race conditions -- they come and bite you nevertheless. :)
09:30 jjpp s/do the/to the/
09:36 asyd /s 6
09:36 asyd oups
09:39 balo joined #openam
10:14 aldaris joined #openam
11:08 aldaris joined #openam
11:12 aldaris tsmalmbe1, the transportstring is the internal representation of a complex structure in the agent that contains the session ID amongst other things
11:13 aldaris jjpp: isn't sticky LB an option?
11:13 aldaris source IP based routing would be also an option
11:15 jjpp the LB is sticky, by source IP, by default. and the events come from two completely different systems.
11:17 aldaris why?
11:18 jjpp why what?
11:18 aldaris why would you have two different systems trying to do the same thing?
11:19 jjpp that is a valid question. with no good answer but "this is because of a client having multiple legacy systems". (that they want to replace partially with openam).
11:20 aldaris there is one thing in OpenDJ that could help: assured replication
11:20 aldaris but my understanding so far was that assured replication is much more error prone than the non-assured one…
11:21 aldaris ludovicp can back me up on that I think ;)
11:22 jjpp there is an email service and web portal with several million users. most of them are already in our id repo. at the moment new users are created in the legacy systems. and various parts of it try to interact with our system whenever they think the user is new or missing or has wrong password in our database.
11:23 jjpp that is the specific case that causes real races. then again -- this is not the only possible cause, the correct way to handle it would be to somehow synchronize creating new users in database.
11:24 jjpp yes, assured replication would allow us to use ldap-based locks, I guess. but I have no idea what it might mean for performance.. ?
11:29 aldaris if you really want to use assured replication you will want to go for DJ 2.6.0
11:29 aldaris I think beforehand there was a very easily reproducible deadlock across DJ nodes
11:35 jjpp hm. okay, that is a good hint.
11:37 ludovicp Assured replication is not transactional.
11:37 ludovicp There is no support for cross server locking in LDAP nor in OpenDJ.
11:52 jjpp hm, okay. so.. the best shot would be to implement some kind of election system between openam nodes and then use elected master as synchronization point. (which sounds like and probably is somewhat overkill)
12:04 MegaMatt joined #openam
15:08 aldaris joined #openam
15:22 aldaris joined #openam
15:29 aldaris joined #openam
15:57 aldaris joined #openam
16:50 SteveFerris joined #openam
16:51 aldaris joined #openam
16:58 SteveFerris joined #openam
17:10 Zendron joined #openam
17:14 Zendron Hello! I'm customizing the interface of login page, I need to translate the page to Portuguese, where is the translate property file?
17:20 Zendron Sorry Guys I found it!! They are XML files!!!
17:27 MegaMatt you can make your own language files
17:28 Zendron I make a copy of auth/default_en to auth/default_pt and i'm translating the xml files, is this the correct way for it?
17:28 MegaMatt yep
17:30 MegaMatt I was looking for the path, but you already had it ;)
17:30 MegaMatt openam/config/auth/default_pt
17:30 Zendron Thanks!!!
18:16 Zendron joined #openam
18:17 aldaris joined #openam
19:52 Zendron More one question, inside the jsp pages we have the <auth:resBundle bundleName="amAuthUI" where this tag is used to search the translated strings! Where is located these files?
19:52 aldaris see the tld files and then the referenced impls
19:53 aldaris not sure now if you were looking for the tag's source or for the localization files..
19:53 Zendron I'm looking for the localization files
19:54 aldaris then you should find those in openam-core*.jar
19:56 Zendron ok! I will see it now!
20:07 sfisque joined #openam
20:08 Zendron Thanks aldaris, this will work! The only problem is the work to unpack the war then unpacking the jar then insrting the properties files then packaging all! My environment is build on top of 'chef' from opescode!
20:08 Zendron :-)
20:10 aldaris well
20:10 aldaris you only need to unpack the WAR and then the JAR
20:10 aldaris afterwards you can just put the updated properties file into WEB-INF/classes
20:10 aldaris that should have precedence..
20:23 SteveF_ joined #openam
20:40 ludovicp joined #openam
21:23 aldaris1 joined #openam
22:02 aldaris joined #openam
22:52 aldaris joined #openam
22:57 sfisque left #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary