Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2015-02-20

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
02:48 ilbot3 joined #openam
02:48 Topic for #openam is now Chat about the OpenAM project - https://backstage.forgerock.com/#/downloads - OpenAM 12.0.0 is out! OpenAM 11.0.2 is out! Channel logs at: http://irclog.perlgeek.de/openam/today
03:16 vsubrama joined #openam
03:26 vsubrama1 joined #openam
05:45 vsubrama joined #openam
05:47 vsubrama joined #openam
07:27 vsubrama joined #openam
07:30 KermitTheFragger joined #openam
08:40 vsubrama joined #openam
08:44 vsubrama joined #openam
09:12 aldaris joined #openam
10:02 vsubrama joined #openam
10:11 vsubrama1 joined #openam
10:16 Desmond Morning everyone
10:16 Desmond seeing some unexpected behaviour on an OpenAM 11.0 instance, steps are:
10:16 Desmond Authenticate to realm /abc (https://idm.example.com/am/UI/Login?realm=/abc)
10:17 Desmond IDP and SP are configured in a COT that belongs to realm /xyz, invoke IDP initiated SSO:
10:17 Desmond https://idm.example.com/am/saml2/jsp/idpSSOInit.jsp?metaAlias=/xyz/idp&spEntityID=https://sp.test.com&binding=HTTP-POST
10:17 Desmond OpenAM allows access without prompting about being authenticated to a different realm.
10:18 Desmond seems the call to idpSSOinit only cares if your are authenticated….and allows inter-realm crossover
10:20 Desmond whereas if you just authenticate to the abc realm, and then invoke the xyz realm, you are prompted to login again because of the different organisation, or keep your current session…..which is the expected behaviour
10:34 aldaris joined #openam
12:18 MegaMatt joined #openam
12:56 aldaris joined #openam
13:03 aldaris1 joined #openam
14:29 metadaddy joined #openam
14:31 jpkroehling joined #openam
14:32 jpkroehling hello! I'm working on GateIn SSO and we are testing the integration with OpenAM... the instructions we have in our community is this one: https://docs.jboss.org/author/display/GTNPORTAL38/OpenAM
14:32 jpkroehling thing is, 12.0 seems to have a new UI (XUI?), and we are having some trouble in coming up with a valid Logout URL that would redirect the user to a page in our side
14:33 jpkroehling what we had previously was this: ${gatein.sso.server.url}/UI/Login?realm=${gatein.sso.openam.realm}&goto=${gatein.sso.portal.url}
14:33 jpkroehling now, it seems that this redirects to a new URL : http://localhost:8888/openam/XUI/#logout/&realm=gatein&goto=http%3A%2F%2Flocalhost%3A8080%2Fportal%2Fclassic%2F
14:35 jpkroehling the last step, however, is "/XUI/#loggedOut/" , not the page we specified on the "goto" parameter
14:35 jpkroehling according to the documentation we found, the URL we are sending seems correct, though
14:35 jpkroehling http://openam.forgerock.org/doc/admin-guide/index.html#authn-from-browser
14:36 aldaris1 https://bugster.forgerock.org/jira/browse/OPENAM-5467 ?
14:36 jpkroehling aldaris, perfect, that answers it :)
14:37 jpkroehling except that we see a "#loggedOut" instead of "#login", but it's a good explanation
14:37 jpkroehling I'll add this to our docs
14:37 aldaris you can disable XUI if you want to
14:37 aldaris that should also resolve the problem
14:38 jpkroehling cool, I'll add this to our docs as well
14:44 aldaris jpkroehling that document looks a bit outdated and the terminology is a bit outdated as well :)
14:44 jpkroehling aldaris, exactly :)
14:45 jpkroehling updating OpenAM would be the first step in updating the docs
14:45 aldaris OpenAM must be purchased from http://forgerock.org/openam.html. -> this is incorrect for example
14:47 jpkroehling but surprisingly, most of it is actually working
14:48 jpkroehling (considering that it was written for JBoss AS7 in one side and OpenAM 9.x/10.0 on the other side)
14:54 aldaris joined #openam
15:08 aldaris1 joined #openam
16:08 metadaddy joined #openam
16:13 auke- joined #openam
20:09 aldaris joined #openam
20:47 aldaris joined #openam
23:51 MegaMatt joined #openam
23:56 MegaMatt joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary