Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2015-10-14

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:18 MegaMatt joined #openam
03:47 ramteid joined #openam
06:13 aldaris joined #openam
06:31 Fid joined #openam
06:34 KermitTheFragger joined #openam
06:40 Fid Any of you guys on the OpenAM 12 API FR421 course today?
06:40 aldaris not me..
06:55 ramteid joined #openam
07:49 vmirzaian joined #openam
07:59 aldaris joined #openam
09:26 KermitTheFragger joined #openam
09:50 prasannaa joined #openam
09:51 prasannaa HI experts
09:51 prasannaa need some advise from you guys
09:51 prasannaa please can you tell me where
09:52 prasannaa Configuration > Servers and Sites >  ...> Password Encryption Key value is stored in openam
09:52 prasannaa is in the internal LDAp?
10:18 prasannaa anyone here?
10:53 aldaris it's stored in the configuration store
10:56 prasannaa where about in configuration store?
10:56 aldaris stored under the server's entry
11:06 prasannaa Thank you mate
11:06 prasannaa Password Encryption Key is sent and the server was restarted
11:06 prasannaa noe getting an exception
11:07 prasannaa is there any way to unset Password Encryption Key flag or value in int internal ldap ...
11:21 aldaris changing the encryption key does not do *anything* useful
11:21 aldaris it will not result in re-encryption of all passwords stored in the configuration already
11:28 prasannaa serverconfig=com.sun.identity.overrideAMC=true is this in the internal ldap the flag to Password Encryption Key in the console?
11:28 aldaris no?
11:28 aldaris am.encryption.pwd instead?
11:31 prasannaa i found  serverconfig=com.sun.identity.overrideAMC=true at ou=<server>,ou=com-sun-identity-servers,ou=​default,ou=GlobalConfig,ou=1.0,ou=iPlanetAM​PlatformService,ou=services,dc=<idp>,dc=com
11:31 prasannaa where can i find am.encryption.pwd?
11:31 aldaris you are at the right entry
11:32 prasannaa if i set the value ot false
11:32 prasannaa is it same like to have unchecked the check box in console?
11:32 aldaris then you break something, because that is meant to be true on server side
11:33 prasannaa let me ask this way
11:33 prasannaa when i check the check box in console ... Password Encryption Key
11:33 prasannaa is this a flag?
11:34 prasannaa or is there some other changes which happen
11:37 prasannaa sorry if my question is very basic
11:52 MegaMatt joined #openam
11:54 vmirzaian joined #openam
11:55 aldaris joined #openam
11:56 prasannaa aldaris: would be great if you can show me some hints
11:56 prasannaa thank you
11:56 aldaris is password encryption key a checkbox?
11:56 aldaris IIRC no..
11:56 prasannaa yes
11:58 prasannaa Server Property Inheritance Setting > Inheritance Setting >
11:58 prasannaa it is a checkbox
11:58 prasannaa Password Encryption Key @AM_ENC_PWD@
11:58 aldaris Inheritance setting
11:58 MegaMatt That’s to make it inherit or not, not to disable it
11:58 aldaris that's not the actual setting
11:58 aldaris that's about whether you want to inherit the setting from the default server settings
11:59 aldaris http://tinypic.com/r/1265utj/8
11:59 aldaris this is how it should look like
12:00 prasannaa i just had a doubt that since i set the check box ... and restarted the server
12:00 prasannaa started getting errors
12:01 MegaMatt Well, the check box can change what is set for the encryption password....
12:02 aldaris the default server setting for password encryption key is @AM_ENC_PWD@, which is not helpful at all
12:02 aldaris so by inheriting that value, you've successfully removed the actual encryption key from your configuration
12:02 prasannaa Configuration > Servers and Sites > <server url > > Security > Server Property Inheritance Setting > Inheritance Setting >
12:02 mckeanbs joined #openam
12:03 prasannaa how are we to set the encryption back?
12:03 aldaris you don't, it's gone
12:03 aldaris unless you have other servers in your deployment
12:03 aldaris where you haven't messed with inheritance
12:03 prasannaa yes i do have
12:04 aldaris then look at those
12:04 prasannaa i have another test server
12:04 aldaris copy the encryption password from those
12:04 aldaris ah
12:04 aldaris in the same deployment?
12:04 aldaris or completely separate?
12:04 prasannaa completely seperate
12:04 MegaMatt Not gunna work then
12:04 aldaris then your AM server is foobar'd
12:05 MegaMatt restore from backup
12:21 prasannaa guys
12:21 prasannaa i may have same settings copied to another box
12:21 prasannaa can i use that ... if so how ... is there any documentation for it ...?
12:22 prasannaa i can see if i can somehow avoid my test environment reinstall
12:23 MegaMatt <aldaris> copy the encryption password from those
12:23 prasannaa i dont have a backup ... but i remember to have copied the whole filesystem to another machine for my backup
12:24 prasannaa where can i find ths encryption password?
12:24 MegaMatt Same place...
12:24 MegaMatt Not the inheritance settings, the actual setting
12:24 prasannaa and how to insert that value into the ldap?
12:24 MegaMatt copy/paste
12:24 prasannaa internal ldap
12:25 aldaris ldapmodify?
12:25 aldaris you already use an LDAP client to browse it
12:25 prasannaa yes
12:25 prasannaa i do user ldapadmin
12:25 aldaris phpldapadmin?
12:26 prasannaa ldapadmin/JXplorer
12:29 prasannaa i do see only "serverconfig=com.iplanet.am.service.secret"
12:29 prasannaa is this the encryption password
12:30 prasannaa or "<@aldaris> copy the encryption password from those" .... how am i to copy the encryption password if i have a filesystem backup
12:33 aldaris well
12:33 aldaris potentially
12:33 prasannaa any documentation available?
12:33 prasannaa will be a great help
12:33 aldaris one would hope it's common sense
12:33 aldaris shut down the currently running embedded, start up the the embedded from the backup
12:34 aldaris extract the value from the directory using an LDAP client
12:34 aldaris shut down the backup DJ
12:34 aldaris start up the real DJ
12:34 aldaris set the encryption key to the right value
12:34 aldaris for which I've already told you that the property name is "am.encryption.pwd"
12:36 prasannaa thank you ... peter ... and Megamatt
12:37 aldaris let us know if you run into any problems
12:38 prasannaa you guys make me try new things
12:38 prasannaa :)
12:38 aldaris well it was all you changing the setting :)
12:38 prasannaa have to agree with you
12:38 MegaMatt BTW, I thouhgt you had already found the am.encryption.setting
12:39 prasannaa i did nto find it
12:40 prasannaa i had found only
12:40 prasannaa serverconfig=com.sun.identity.overrideAMC=true at ou=<server>,ou=com-sun-identity-servers,ou=​default,ou=GlobalConfig,ou=1.0,ou=iPlanetAM​PlatformService,ou=services,dc=<idp>,dc=com
12:40 prasannaa but was not able to find the "am.encryption.setting"
12:40 MegaMatt I see mine under services iplanetplatformservice 1.0 globalconfig default com-sun-identity-servers … my server name …
12:40 MegaMatt you’re close then
12:40 MegaMatt that’s default
12:41 MegaMatt you need your actual server
12:41 MegaMatt serverconfig=am.encryption.pwd=Md……snip
12:41 prasannaa wow
12:41 prasannaa this is what i needed
12:41 aldaris if you enable inheritance, then the value won't be present in the server configuration, instead it should be under ou=server-default
12:42 MegaMatt right, inhertiance makes the specific server simply take the value in the default server
12:42 aldaris but in this very specific case the default server's am.encryption.pwd is always useless
12:42 MegaMatt In your backup, you want to pull it from the server specific
12:42 prasannaa but open am i throwing an exception
12:42 aldaris for some reason, instead the am.encryption.pwd is defined for each server explicitly
12:43 MegaMatt It should be there before you made the change to inherit
12:47 prasannaa one of the exception
12:47 prasannaa com.sun.identity.common.configu​ration.ConfigurationException: Configuration store is not available.         at com.sun.identity.setup.AMSetupFilte​r.doFilter(AMSetupFilter.java:107)         at org.apache.catalina.core.ApplicationFilterChain.i​nternalDoFilter(ApplicationFilterChain.java:241)
12:49 prasannaa this the exception i am getting
12:49 MegaMatt ok
12:49 aldaris yepp, probably AM is unable to connect to DJ
12:49 prasannaa just a question
12:49 prasannaa why is this flag set?
12:49 prasannaa if it is going to break the openam config
12:50 prasannaa i mean ... why is this flag available to set?
12:50 MegaMatt Because there are times when you might want to inherit the setting
12:50 aldaris because there is a genuine use-case when people want to inherit the value, and they make sure that the default value is actually correct
12:51 aldaris plus doing user interfaces right is hard
12:52 prasannaa therefore in documentation ... it should be a RED pointer saying ... "Please be carfull when setting this value" :p
12:53 noisebleed_ joined #openam
12:53 prasannaa anyway thank you guys
12:53 prasannaa for your advise
12:53 prasannaa advice|*
12:53 MegaMatt I think there are plenty of places we could say that same warning
12:54 MegaMatt But then it wouldn’t mean much
13:19 noisebleed_ joined #openam
13:25 noisebleed__ joined #openam
13:59 fairuz joined #openam
14:01 fairuz left #openam
14:39 vmirzaian joined #openam
14:55 noisebleed_ joined #openam
15:17 mckeanbs joined #openam
15:43 mckeanbs joined #openam
15:44 mckeanbs joined #openam
16:32 aldaris joined #openam
16:59 aldaris joined #openam
16:59 lazzurs joined #openam
16:59 ikonia joined #openam
17:01 ikonia joined #openam
17:07 auke- joined #openam
17:10 GrosSeb joined #openam
17:10 lazzurs joined #openam
17:24 aldaris joined #openam
17:39 aldaris joined #openam
18:16 aldaris joined #openam
18:55 aldaris joined #openam
21:25 aldaris joined #openam
22:55 vmirzaian joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary