Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2015-02-11

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:46 MegaMatt joined #openam
02:14 aldaris salchichon your problem is most likely XUI related
02:14 aldaris XUI makes a few requests to the /json endpoint, which unfortunately can fail if the groups aren't set up properly in the external user store
02:15 aldaris hmm, scratch that you've said you are using 11.0.2
02:15 aldaris so without XUI hmm
02:52 salchichon no sorry 11.0.2 is a production environment
02:52 salchichon 12 i'm doing some tests
02:52 salchichon and it's the problem related with social network login
02:56 salchichon so aldaris you say in openam12 groups must be set up like in embedded opendj? I mean comparing each one
02:56 aldaris no
02:56 aldaris I'm saying that you should look at the dev console for errors
02:56 aldaris then IdRepo debug log
02:56 aldaris and most likely your data store configuration is incorrect
02:59 salchichon is it necessary to run the procedure in http://docs.forgerock.org/en/openam/12.​0.0/install-guide/index/chap-prepare-in​stall.html#prepare-configuration-store ?
02:59 salchichon or is it some kind of generic procedure for any kind of datastore
03:11 salchichon thanks anyway aldaris you give some fresh ideas
03:38 aldaris joined #openam
05:47 ramteid joined #openam
08:10 jjpp hi.
08:10 * jjpp thinks . o O ( in what timezone aldaris is? )
08:16 KermitTheFragger joined #openam
08:48 balo jjpp: GMT i think
08:55 jjpp yeah. i thought so as well. he had a lot to do last night, then.. 05:38:51 -!- aldaris [~Adium@host86-180-51-171.range86-180.btcentralplus.com] has quit [Client Quit]
08:55 jjpp that should be by GMT+2
08:55 jjpp so.. 03:38 by GMT
09:51 aldaris joined #openam
10:07 aldaris jjpp, balo yes that was 3:30 :)
10:07 jjpp so.. you have busy days and very busy nights nowadays? :)
10:08 aldaris looks like
10:08 balo #nosleepteam
10:08 aldaris we are about to release 11.0.3
10:08 aldaris and there will be a new security advisory sent out as well
10:08 jjpp hm. okay.
10:09 aldaris which will be quite terrifying I'd say
10:09 jjpp I should go and check latest commits in svn, I guess?
10:10 * jjpp thinks . o O ( svn2github has stopped updating openam-trunk (as many other repos) because it was way too big.. they will do it if anyone asks them, though. )
10:27 balo still no plans to migrate to git? :/ or just to a proper version control?
10:27 aldaris we still have plans for migrating to git
10:27 balo i know there were plans a year ago :D
10:28 aldaris and before then :)
10:28 aldaris there will be some discussions about it next week again, but don't know about the overall progress..
10:28 asyd aldaris: btw, is that me or your tags/branches are no longer in /tags/ /branches/ ? for example i'm suprise there is no tag or branch for 11.0.2 :)
10:29 aldaris good morning asyd
10:29 aldaris our maintenance branches are not public for probably more than a year now
10:29 asyd yeah ok
10:31 jjpp aldaris: how much do you know about OpenID Connect auth module?
10:31 aldaris you don't need to use that most of the time
10:31 aldaris OAuth2 module is better for that
10:31 aldaris OIDC module was introduced for STS only afaik
10:32 jjpp hm. okay.
10:33 jjpp oauth2 seems like a bit of an overkill as I only want to authenticate users by id token that was issued to some other system (so there is just id token coming in and session key or error going out)
10:34 jjpp anyway, the problem seems to be that oidc module requires id in authorized party claim (azp) to be in audience claim (aud) as well. which is kind of okay by "verification procedure" sketched in spec.
10:35 jjpp then again, it does not work with tokens google issues to mobile apps and is kind of weird if one reads specification of azp and aud.
10:36 jjpp (mobile app can ask token for it's web backend. it gets token where audience is backend (web) client_id and azp is app's own client_id)
10:37 aldaris well, I know close to nothing about OIDC, so I'm not sure I can make a useful comment just yet :)
10:37 jjpp also, as there is a required configuration option that lists allowed azps, it (checking if azp is in aud) seems like unnecessary check.
10:38 jjpp hm. okay. then.. I probably should create an issue and brian (?) can comment on it.. :)
11:29 ilbot3 joined #openam
11:29 Topic for #openam is now Chat about the OpenAM project - https://backstage.forgerock.com/#/downloads - OpenAM 12.0.0 is out! OpenAM 11.0.2 is out! Channel logs at: http://irclog.perlgeek.de/openam/today
12:04 MegaMatt joined #openam
12:07 fairuz joined #openam
13:18 fairuz1 joined #openam
15:07 fairuz joined #openam
16:38 salchichon joined #openam
16:39 salchichon hi it's me again I found the error when trying to login with social networks
16:39 salchichon hits one
16:39 salchichon [11/Feb/2015:11:10:40 -0500] ADD RES conn=10 op=87 msgID=88 result=65 message="Entry uid=google-11566753001172689908​2,dc=openam,dc=forgerock,dc=org violates the Directory Server schema configuration because it contains an unknown objectclass inetadmin" etime=1
16:40 salchichon and I can't find anything about how to load inetadm objectclass in opendj
16:50 fairuz joined #openam
18:22 aldaris joined #openam
19:33 balo joined #openam
19:40 aldaris joined #openam
22:08 kenalex joined #openam
22:08 kenalex Hello
22:08 aldaris hi
22:10 kenalex I a have a situation where we have multiple web applications on different  environments  (python,asp.net) and what to implement single sign on for them. Is openam overkill for this ?
22:59 MegaMatt joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary