Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2014-10-27

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
05:20 pfreixes joined #openam
05:53 ramteid joined #openam
06:21 bthalmayr joined #openam
08:11 aldaris joined #openam
10:16 Redum_ Hi, do we still need user acccount "cn=dsameuser,ou=DSAME Users,dc=cfgStore,dc=example,dc=com", because I get error messages that says: "AUTHENTICATION-268 cn=dsameuser,ou=DSAME Users,dc=cfgStore,dc=example,dc=com "Not Available"amAuthentication.error". This is coming from custom auth module. OpenAM ver. 11.0.2
10:16 asyd morning
10:46 aldaris joined #openam
11:27 MegaMatt joined #openam
12:07 rghose joined #openam
12:35 aldaris joined #openam
12:37 KermitTheFragger joined #openam
13:23 fatbloke joined #openam
13:32 insanidadOpenAM hi all
13:33 aldaris hi everyone
13:33 MegaMatt mornin
13:34 insanidadOpenAM what kind of code shoud I use to capture the request sent from openAM's server? Inside my managed bean code (in weblogic), I'm trying something like : HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
13:34 insanidadOpenAM I'd like to capture the information contained in whatever open
13:34 insanidadOpenAM *sorry
13:34 insanidadOpenAM in whatever opebnam's server is creating and sending to my page
13:35 insanidadOpenAM looks like it creates a cookie and I'm able to see that cookie.
13:38 insanidadOpenAM any hints?
13:45 aldaris could you clarify what you are talking about?
13:55 insanidadOpenAM in other words: any document on how to configure users and access for weblogic? I have agent and server configured. Now I need to validate users and let them access locations in my app.
13:56 MegaMatt Isn’t that the point of the agent?
14:02 insanidadOpenAM sure
14:02 insanidadOpenAM the agent authenticates, right?
14:02 insanidadOpenAM but once I have an authenticated user, I need to grab information about it.
14:03 insanidadOpenAM I'd like to print information about that user - once authenticated by openAM.
14:03 aldaris the agent ensures the site is protected, it does not perform authentication, it enforces that the user gets authenticated at OpenAM
14:04 insanidadOpenAM weblogic controls access. it decides which user should access what - considering that the user is authenticated.
14:04 aldaris then you should look at the Application tab of the agent profile and look for the different mapping settings
14:04 aldaris so you are using declarative security?
14:06 insanidadOpenAM aldaris: right. what do you mean by 'application tab' ? is that something in weblogic? mapping settings go in weblogic and that's what I'd like to do once I have a validated agent from openAM
14:06 aldaris agent configuration in OpenAM..
14:12 insanidadOpenAM I see.
14:13 insanidadOpenAM hmm. a lot to configure there. it might help.
14:13 insanidadOpenAM Still, I 'd like to have some java code that I could use to print data about the user authenticated at openAM.
14:15 aldaris once you configure your agent so that the data is actually available, you can print out stuff..
14:20 insanidadOpenAM so, once I configure my agent in openam's portal, I'll be able to grab data in the application side. right ?
14:20 insanidadOpenAM silly question, but I believe there's nothing else to configure for that agent - at least that's what the guy responsible for our openam server has told me. he might be wrong :_)
14:27 aldaris profile attribute mapping?!
14:34 dean joined #openam
14:46 fatbloke joined #openam
16:04 insanidadOpenAM looks like it works this way;
16:04 insanidadOpenAM 1)I have to configure users and groups in weblogic
16:04 insanidadOpenAM 2) I also need user and role configured in openAM
16:06 insanidadOpenAM 3) once authenticated by openAM, values are sent to weblogic, which knows I'm already authenticated by openAM and mapps openAM's user to weblogic's user (which is already related to weblogic's groups)
16:07 insanidadOpenAM then, the 'what is that user allowed to do' is something configured inside weblogic.xml and web.xml
16:07 insanidadOpenAM how close to reality is that, aldaris ?
16:08 aldaris half close
16:08 aldaris normally people don't use declarative security, but use OpenAM policies instead
16:08 aldaris but if you are running your agent in J2EE_POLICY mode, then this should work all fine nonetheless
16:11 insanidadOpenAM aldaris: any tutorial on how to use openAM policies in my app ? how to capture that data ? that's the part I still can't figure.
16:12 aldaris policies are evaluated by the agent normally
16:12 aldaris by using ALL or URL_POLICY mode they will be evaluated automagically
16:12 insanidadOpenAM so, should I be able to deal with the agent inside my app code ?
16:13 aldaris normally, applications don't have to know anything about the agent
16:13 aldaris only where to expect user information (headers/cookies/request attributes)
16:27 insanidadOpenAM I do need user information :_)
16:28 insanidadOpenAM all I need from the authenticator is its username and group.
16:28 aldaris you can also combine these two worlds
16:28 aldaris which is the ALL mode
16:28 insanidadOpenAM I mean: the username and group it sends back to the agent after authentication.
16:29 aldaris when both the URL policies are evaluated and the agent also logs in the user into the container's realm
16:30 insanidadOpenAM is that ALL thing configured in openAM's portal?
16:30 aldaris admin console you mean
16:30 aldaris and yes
16:30 insanidadOpenAM right.
16:30 insanidadOpenAM in the Genaral session for the agent configuration, right ?
16:32 insanidadOpenAM openAM's admin has set that value to SSO_ONLY.
16:32 aldaris that feels incorrect
16:32 aldaris because then how the hell does your weblogic authentication working along with your security-constraints defined in web.xml
16:38 insanidadOpenAM no idea :_)
16:39 insanidadOpenAM what I need is a way to retrieve the username and its group after authenticated by openAM and use it inside my app code.
17:17 aldaris1 joined #openam
17:25 fatbloke left #openam
18:01 aldaris joined #openam
18:11 insanidopenAM joined #openam
19:12 balo joined #openam
19:53 insanidopenAM so
19:54 insanidopenAM J2EE Agent Filter Mode - SSO_ONLY: This is the least restrictive mode of operation for the agent filter. In this mode, the agent simply ensures that all users who try to access protected web resources are authenticated using OpenSSO Enterprise Authentication Service.  When operating in this mode, any declarative J2EE security policy or programmatic J2EE security API calls evaluated for the application will result in negative ev
19:56 insanidopenAM does it mean that if I add any rule in my weblogic will not be considered ?
20:24 metadaddy joined #openam
20:38 insanidopenAM anyone alive ?
20:49 insanidopenAM would anyone provide the openAM sdk package?
20:49 insanidopenAM *please
20:49 insanidopenAM :_)
20:51 MegaMatt It comes with OpenAM
20:51 MegaMatt http://docs.forgerock.org/en/openam/11.0.0/dev-guide/index/chap-jdk.html
20:54 insanidopenAM I couldn't download it :(
20:54 insanidopenAM OpenAM was downloaded in another machine by another guy.
20:54 insanidopenAM I can't download it again now.
20:55 aldaris check artifactory..
20:55 insanidopenAM and all that I need are the libraries so that I could deal with SSO.
20:56 aldaris in sso_only mode the declarative security checks should result in failure, since the user will not be authenticated into the weblogic JAAS realm..
20:57 insanidopenAM I just figured out that the idea is that we don't use jaas.
20:57 insanidopenAM hmmm
20:57 insanidopenAM wait
20:57 insanidopenAM I'll try something
20:58 insanidopenAM if I change ONLY_SSO to ALL, for instance, would that allow me to have my user authorized through weblogic's realm ?
22:07 aldaris either j2ee_policy or ALL will help you with that
22:08 aldaris and when you do that, request#getremoteuser and getuserprincipal will work
22:08 aldaris along with isUserInRole (if privileged attribute processing is set up correctly)

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary