Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2015-09-15

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
02:35 jonny_science joined #openam
02:53 ovix joined #openam
02:53 MegaMatt joined #openam
04:44 fairuz joined #openam
04:45 fairuz left #openam
04:54 ramteid joined #openam
05:36 MegaMatt joined #openam
05:49 aldaris joined #openam
06:52 KermitTheFragger joined #openam
07:14 aldaris joined #openam
07:48 jjpp good morning.
07:48 jjpp aldaris: do you know what are the plans with redirect callback?
07:48 aldaris hi
07:49 aldaris concerning what?
07:49 jjpp iirc the current implementation of it (in the new json api) tries to redirect already on backend. instead of communicating the callback to caller and waiting response submitted
07:50 jjpp which means that it is a bit hard to reimplement daui using this api
07:50 aldaris that should be fixed for 12 already
07:50 jjpp hm, okay, i should check it then
07:50 jjpp we do have 11 as base version here with plans to upgrade.
07:53 jjpp hm, i have not checked but te colleagues claim that daui is removed from 13?
07:53 jjpp s/te/the
08:33 pcypher joined #openam
09:39 pcypher joined #openam
09:46 pcypher_ joined #openam
10:32 fairuz1 joined #openam
11:16 kala_ joined #openam
11:17 kala_ hello. regarding the removal of DAS (DAUI) from OpenAM. In the http://bugster.forgerock.org/jira/browse/OPENAM-4710 and http://bugster.forgerock.org/jira/browse/OPENAM-5899 comments there's mentioning about the "reverse proxy architecture".
11:18 kala_ reverse proxy being simple HTTP level proxy, which would proxy the requests to the OpenAM UI itself?
11:22 kala_ aga the "reverse proxy" might be doing some application level firewall functions, so that internet may have access only to subset of all openam endpoints?
11:32 kala_ for example, the http://openam.forgerock.org/doc/bootstrap/deployment-planning/images/site-deployment-single-lb.png only shows the communication paths between "Web App" or "J2EE App" and OpenAM nodes. However, the enduser in the cloud needs to the access the OpenAM UI as well, in order to autheticate with the browser?
11:33 asyd oh they remove the concept of DAS ?
11:34 kala_ yep
11:35 kala_ I don't yet understand if the OpenIG somehow provides similar functions
11:40 kala_ hmm ... it would seem that you could easily configure OpenIG to filter the incoming requests and therefore only expose specific OpenAM URL-s and endpoints
11:46 kala_ (ah, the https://backstage.forgerock.com/#!/docs/openam/12.0.0/admin-guide/chap-securing#protect-network-access still has DAUI reference ...)
11:54 kala_ (I dodn't notice the 12.0 version. The new one has this removed)
12:04 kala_ hey, the OpenIG cannot do load balancing by itself?
12:07 mckeanbs joined #openam
12:15 MegaMatt joined #openam
12:41 kala_ and I dont find any performance information on the OpenIG
12:42 kala_ what is the best practice. for each OpenAM instance one OpenIG instance and then loadbalancer for them?
14:25 tudorg joined #openam
14:28 tudorg Hi all, could somebody advise if editing ds-pwp-password-expiration-time directly would be a sane thing to do. If that is not a sane thing to do, could somebody advise how I could randomise -limited to a specific week, at some point in the futurte- all of the ds-pwp-password-expiration-time's.
15:47 MegaMatt joined #openam
19:51 MegaMatt joined #openam
20:56 MegaMatt joined #openam
22:15 Reepicheep joined #openam
22:15 tudorg joined #openam
23:29 MegaMatt joined #openam
23:46 MegaMatt joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary