Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2014-05-23

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:49 bthalmay_ joined #openam
04:10 ramteid joined #openam
05:11 rghose joined #openam
05:52 ramteid Hello, is there a way to get the group membership via REST API /json/users/xxx ?
05:57 ramteid Ok, got it... (add isMemberOf to ldap user attributes, nice)
06:16 pfreixes joined #openam
06:26 rghose1 joined #openam
06:59 ramteid joined #openam
07:28 rghose1 morning :)
07:34 rghose1 I am not getting the iPlanetDirectory pro cookie written to the other domain for which I configured the cookie. I get a AMAuthCookie, hence sso does not seem to work. any help ppl ?
07:46 jjpp you can only set cookie for the domain for which the request was sent. so, if your openam is on a.com, you cannot set cookie for b.com
07:55 rghose1 hmm makes sense. So in order to get that done, I would need an agent?
07:57 jjpp depends. look for cross domain sso in documentation.
07:58 rghose1 I did, but this pretty much covers only agents
08:01 aldaris joined #openam
08:02 jjpp well, you can implement that part of an agent yourself. what you need to do is to parse (and verify) SAML response
08:03 aldaris there are lots of ways to achieve cdsso, but the agent is the simplest
08:10 rghose1 I am doing OpenID Connect basically with REST Api
08:10 rghose1 @aldaris: what other ways?
08:10 aldaris hmm
08:11 aldaris SAML, programmatic auth via ClientSDK, implementing CDSSO manually, using OAuth2 tokens...
08:13 rghose1 Any docs for this?
08:14 aldaris http://openam.forgerock.org/docs.html
08:16 rghose1 real helpful @aldaris, real helpful
08:16 aldaris any time ;)
08:17 rghose1 can I set a cookie domain for somehting like say, ".com" ?
08:18 aldaris have you heard of top level domains?
08:18 rghose1 yeah, and I guess that would not work?
08:18 rghose1 since, the browser will reject this
08:24 rghose1 just wondering, does the web agent set any cookies?
08:24 aldaris and you are still not reading my blog :D
08:24 aldaris just posted about this yesterday
08:25 rghose1 aah hail thee and fail me
08:27 rghose1 great post again!
08:37 rghose1 @aldaris: how does the cdcservlet determine if the user has a valid session?
08:37 rghose1 is it the credentials of the PA?
08:38 fatbloke joined #openam
08:38 SteveFerris joined #openam
08:39 rghose1 my concern is, when I am logged in from domain1 and I open up a protected resource on domain2, which runs a separate web agent, what is there to distinguish or unify them?
08:39 aldaris cdcservlet is on OpenAM's side
08:40 aldaris so it sees the session cookie
08:44 rghose1 how?
08:45 aldaris magic :)
08:45 rghose1 it checks for the source IP of the requestor?
08:45 rghose1 hehe
08:45 aldaris as part of the authentication you store the AM session cookie on the OpenAM domain
08:46 rghose1 unrelated question, but for this to work, even the LB url has to be on the same domain as the OpenAM deplyment?
08:47 aldaris we have some pretty good AM training courses you know
09:26 aldaris joined #openam
11:16 rghose1 joined #openam
11:20 MegaMatt joined #openam
11:43 MegaMatt joined #openam
12:07 rghose1 joined #openam
12:28 rghose1 Why do I keep getting this: exception.name=com.sun.ide‚Äčntity.idsvcs.TokenExpired java.security.cert.CertificateException: No name matching ¬†<server-name> found ?
13:06 aldaris joined #openam
13:20 fatbloke left #openam
16:19 aldaris joined #openam
16:19 _br_ joined #openam
16:33 aldaris joined #openam
17:02 aldaris joined #openam
17:41 aldaris joined #openam
18:21 aldaris joined #openam
19:07 aldaris joined #openam
19:09 MegaMatt joined #openam
19:46 aldaris joined #openam
19:47 rghose1 joined #openam
19:52 MegaMatt joined #openam
20:42 aldaris joined #openam
20:46 aldaris joined #openam
20:55 aldaris1 joined #openam
21:38 aldaris joined #openam
22:45 aldaris joined #openam
23:14 aldaris joined #openam
23:35 aldaris1 joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary