Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2014-04-30

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:15 MegaMatt joined #openam
05:41 tsmalmbe joined #openam
06:15 sayakb joined #openam
06:35 rghose joined #openam
07:04 pfreixes joined #openam
09:04 fatbloke joined #openam
09:30 rghose joined #openam
09:32 fatbloke joined #openam
10:14 aldaris joined #openam
10:37 aldaris joined #openam
11:04 MegaMatt joined #openam
11:08 fatbloke joined #openam
11:11 fatbloke1 joined #openam
11:34 fatbloke joined #openam
11:39 aldaris joined #openam
11:46 aldaris joined #openam
11:51 fatbloke joined #openam
12:05 fatbloke joined #openam
12:09 aldaris joined #openam
12:40 rghose facing issues with OAuth2 logout endpoint.  {"error":"server_error","e​rror_description":"Unable to get SsoTokenManager"}
12:53 aldaris joined #openam
13:13 rghose Logout end point gives me this: ERROR: Unable to get SsoTokenManager, com.iplanet.sso.SSOException: Invalid session ID. I am doing a simple GET /openam/oauth2/connect/endSession?id_token=<token>
13:13 rghose any help on this anyone?
13:21 fatbloke joined #openam
13:34 pfreixes joined #openam
13:35 failshell joined #openam
14:22 fatbloke joined #openam
15:04 fatbloke joined #openam
15:29 fatbloke joined #openam
15:55 jfroot Probably a long shot.. but has anyone integrated tribehr.com SAML implementation with OpenAM?
15:56 jfroot Their SAML setup is completely lacking and they provide no documentation. They only officially support onelogin and okra..so support is useless
15:58 jfroot Their SAML setup only asks for two fields..  Identity Provider Login URL and Identity Provider Certificate
15:59 jfroot I decoded their SAML sent to us and it is: http://pastebin.com/HMMsqp3z
16:07 fatbloke joined #openam
16:17 asyd jfroot: have you tried to reply with an assertion containing "urn:oasis:names:tc:SAML:1.1​:nameid-format:emailAddress" ?
16:19 jfroot IM not sure.. lol.. I am pretty new to this
16:20 jfroot TBH, I am unsure of how to do that in OpenAM
16:20 aldaris yeah, from that SAML request you should be able to come up with a simple SAML metadata (see create-metadata-templ ssoadm command)
16:20 jfroot ok.. i will RTFM about that
16:23 jfroot They don't even say if they are SAML1 or 2
16:23 jfroot The data they send to us makes reference to both… (they are of no help at all)
16:24 jfroot He indicated they are using a library supplied by Onelogin
16:59 aldaris joined #openam
17:00 fatbloke joined #openam
18:28 aldaris joined #openam
18:47 fatbloke joined #openam
19:11 failshell where do i submit feature requests/enhancements?
19:11 MegaMatt I’d open a JIRA feature request...
19:12 MegaMatt Then I’d ask Aldaris if it’s worth it to open a SR as well - to link a case to the feature request… Not sure if it will help add any weight… if there’s enough in the JIRA probably no need
19:12 MegaMatt Usually we like to see business justifications, use case, things like that
19:13 MegaMatt (And it is open source, so you can write the code too, and submit that as well)
19:13 failshell well, it's kind of bugs actually
19:13 failshell i dont Java :(
19:13 failshell i only ruby and python
19:14 MegaMatt If it’s a bug, I’d submit a test reproducable test case .. or the steps for us to trigger it.. as much detail as you can
19:14 failshell for instance, the configurator doesn't validate the site name entered, it fails during the configuration phase
19:14 failshell sends you back to the configurator, which then fails because there's already a configuration
19:16 MegaMatt Aldaris would probably know if something like that has already been filed - I’d have to search through JIRA
19:16 failshell actually, i have a question for you
19:16 failshell can you run opendj in master/master mode?
19:16 MegaMatt My guess is that there’s something in JIRA for that..
19:17 MegaMatt Mutli-master, yes
19:17 failshell cool then the architecture i have in mind will work
19:18 MegaMatt http://ludopoitou.wordpress.com/2011/​05/10/opendj-quick-replication-setup/
19:18 MegaMatt Ludo is the OpenDJ project lead
19:19 failshell oh ya, that's quick
19:19 failshell i gotta say, compared to the last openldap setup i did, opendj is very simple and quick to get going
19:19 MegaMatt I love OpenDJ
19:20 failshell although i haven't used openldap since 2007, so things prolly changed a lot
19:20 MegaMatt I think OpenDJ is the bee’s knees, to be quite honest
19:21 MegaMatt I don’t think enough people know how awesome it is, really.. heh
19:21 failshell except it's Java ;p its nice hehe
19:22 MegaMatt The Java part doesn’t bother me.. Java’s come a long long way since I first started using it ;)
19:23 failshell yeah they added many security bugs to it in the last few years hehe
19:23 MegaMatt Haha, no.. those were always there.. they actually started closing them ;)
19:24 MegaMatt I worked for Sun Microsystems for 12 years … and then Oracle for 2… trust me, the security bugs were always actually there .. hehe
19:31 failshell where should i install ssoadmin?
19:32 failshell anywhere?
19:32 MegaMatt http://openam.forgerock.org/openam-doc​umentation/openam-doc-source/doc/insta​ll-guide/index/chap-install-tools.html
19:32 MegaMatt Read that, it will show you what happens
19:32 MegaMatt so you can figure out where you want it
19:34 failshell tx
19:58 aldaris joined #openam
20:00 aldaris site value isn't really validated indeed, probably no bug for that one yet
20:10 jfroot still battling with this SAML integration.. we are a bit confused at which URL we should be telling the SP to redirect to. We are using: https://login.ourcompany.com/​openam/SSOPOST/metaAlias/idp
20:10 jfroot but we are getting a 500 error Invalid Signature Request
20:15 jfroot http://pastebin.com/raw.php?i=J1QcryAB
20:15 jfroot is the request coming to us from the SP
20:18 jfroot via a redirect
20:35 aldaris joined #openam
20:44 aldaris jfroot how are you progressing? :)
20:45 jfroot not so good.. at a roadblock and taking stabs in the dark.. lol
20:45 aldaris so I can see your saml request
20:45 aldaris is that sent via GET or POST?
20:46 jfroot the one I pasted is amended to the URL we specify to  the SP at the website we are trying to integrate with
20:46 jfroot so GET
20:47 jfroot they append ?SAMLRequest=<data> to the URL of https://login.ourco.com/open​am/SSORedirect/metaAlias/idp
20:47 aldaris then https://login.ourco.com/open​am/SSORedirect/metaAlias/idp should be alright
20:47 jfroot I have tried both https://login.ourcompany.com/​openam/SSOPOST/metaAlias/idp and https://login.ourco.com/open​am/SSORedirect/metaAlias/idp
20:48 aldaris what error are you getting?
20:48 jfroot I am getting this form the server HTTP Status 500 - Invalid signature in Request.
20:50 aldaris is there a Signature parameter on the request?
20:50 jfroot i do not see one
20:50 jfroot http://pastebin.com/raw.php?i=J1QcryAB
20:51 jfroot thats the decoded SAML from SP to US(IDP)
20:52 aldaris it should be next to SAMLRequest parameter on the HTTP request
20:53 jfroot hmm i do not see one: http://pastebin.com/raw.php?i=6s4Jn3TN
20:54 jfroot only param is SAMLRequest
20:54 jfroot perhaps they have implemented improperly
20:55 aldaris did you configure OpenAM to want authnrequest signed?
20:56 jfroot hmm.. let me check
20:58 jfroot It is unchecked
20:58 jfroot all signing boxes are unchecked
20:59 aldaris well I would say it should work then
20:59 jfroot sigh.. me too.. lol
21:29 aldaris joined #openam
22:03 aldaris joined #openam
22:56 aldaris joined #openam
23:56 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary