Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2014-11-18

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
05:47 ramteid joined #openam
07:46 aldaris joined #openam
08:05 hos001 joined #openam
08:27 metadaddy joined #openam
08:38 aldaris joined #openam
09:44 ilbot3 joined #openam
09:44 Topic for #openam is now Chat about the OpenAM project - https://backstage.forgerock.com/#/downloads - OpenAM 11.0.2 is out! Channel logs at: http://irclog.perlgeek.de/openam/today
09:45 SteveFerris joined #openam
11:32 _br_ joined #openam
16:54 insaniOpenAM joined #openam
16:55 insaniOpenAM hi all. What would be the best practice for getting logged out of all my systems that are authenticated by openAM? logging out sometimes returns a ERR_TOO_MANY_REDIRECTS error message that I can't fix.
16:56 aldaris I think there is a bug for that
16:56 insaniOpenAM any workaround ?
16:56 insaniOpenAM I mean: for the time being.
16:57 insaniOpenAM or any practice you could suggest?
16:59 insaniOpenAM the scenario is: I have a portal from which I have access to many other services. The portal and the services are all authenticated by openam. If - after authenticated - I click any of those systems and open another tab for it, that ERR_TOO_MANY_REDIRECTS error rises if I log out from the portal and try to get logged in again.
17:01 aldaris the suggestion is to get friendly with the agent source
17:01 aldaris JEE agents get much less love than web agents
17:31 koven joined #openam
17:31 koven hi good morning!
17:31 aldaris hi
17:31 koven I just have a question about user administrators, is it possible to have AD user administrator and my repository may be an ldap repository?
17:33 koven two different repositories, one for users (millions) LDAP, and AD for 4 or 5 users admins
17:40 MegaMatt I believe OpenAM will always use all of the configured datastores, which means it will search  for users in both places…. (can be bad)
17:40 aldaris correct
17:41 aldaris you should set up the admin users in the top level realm
17:41 aldaris regular users should live in subrealm
17:49 koven ok but it's 100]% possible to get this
17:50 MegaMatt Huh?
17:51 MegaMatt You can absolutely set up one datastore for the admins in the top level realm, and then another in a subrealm…
18:05 koven ok MegaMatt do you know anyway to disable amadmin, no matter if its not supported
18:06 MegaMatt Sure, you can disable amadmin
18:07 koven in openam 11.0.0 ?
18:08 MegaMatt Yes…
18:09 MegaMatt Or you can change it to another user
18:09 MegaMatt Set com.sun.identity.authentication.super.user properties from the GUI console in Configuration | Servers and Sites | URL of the server | Advanced.
18:10 koven ok I know why I never found it, it's called super.user
18:11 koven Thank you very much MegaMatt
18:16 MegaMatt It’s discussed in the docs btw: http://docs.forgerock.org/en/openam/10.1.0/admin​-guide/index/chap-securing.html#amadmin-changes
18:18 koven ok I see
18:18 koven lert me check it out
18:19 koven let me *
19:03 aldaris joined #openam
20:20 hos001 left #openam
20:50 MegaMatt joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary