Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2016-06-15

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:48 ilbot3 joined #openam
01:48 Topic for #openam is now Chat about the OpenAM project - https://backstage.forgerock.com/#/downloads - OpenAM 13.0.0 is out! OpenAM 12.0.2 is out! Channel logs at: http://irclog.perlgeek.de/openam/today
06:45 KermitTheFragger joined #openam
07:08 _soma_ joined #openam
07:20 aldaris joined #openam
08:55 aldaris joined #openam
10:52 MegaMatt joined #openam
11:39 aldaris joined #openam
12:11 aldaris joined #openam
13:45 MegaMatt joined #openam
17:03 aldaris joined #openam
18:55 fig joined #openam
19:18 _soma_ joined #openam
19:20 _soma_ .
19:20 _soma_ joined #openam
19:23 _soma_ is there someone or everybody is watching football? :)
19:24 aldaris1 joined #openam
19:25 MegaMatt soccer?
19:26 _soma_ France against Albania :)
19:27 _soma_ I would like to ask help. J2EE agent, Glassfish 3, role based authorization
19:28 aldaris1 and that's why we can never have any nice things
19:28 aldaris what do you need?
19:30 _soma_ everything works fine but when I try to open a page protected by role I a http 403
19:31 _soma_ it is not clear then how to map the OpenAM group to webxml group.
19:31 aldaris indeed
19:31 aldaris that is mostly container specific afaik
19:32 aldaris the best thing to do is to have a look at the agent message level debug logs to see the exact names of the roles that will be set for your principal
19:32 _soma_ web.xml? application.xml, sun-application.xml or openam console?
19:33 _soma_ could you tell me which log? there are lots of different logfile if the debug mod is turnde on
19:34 aldaris don't forget glassfish-web.xml/sun-web.xml either
19:34 aldaris there is only one debug.out file under j2ee_agents/appserver_v9/Agent_00x/debug
19:34 aldaris you should set the debug level on the agent profile in the OpenAM admin console
19:35 _soma_ o it is under the agent directory
19:35 _soma_ so
19:35 _soma_ i was looking for this info somewhere else
19:39 _soma_ i am checking this log right now
19:45 _soma_ the size of my debug log now is 300k
19:46 _soma_ what i need to search for?
19:46 aldaris AUTHENTICATED_USERS is a good bet
19:47 _soma_ this is the output of my info servlet:
19:47 _soma_ PROTECTED Info Servlet
19:47 _soma_ server time: Wed Jun 15 21:45:22 CEST 2016
19:47 _soma_ auth type: PROGRAMMATIC
19:47 _soma_ remote user: demo
19:47 _soma_ principal
19:47 _soma_ principal class: com.sun.enterprise.security.​web.integration.WebPrincipal
19:47 _soma_ principal name: demo
19:47 _soma_ web principal subject 1: demo
19:47 _soma_ web principal subject 2: ANYONE
19:47 _soma_ web principal subject 3: sales
19:47 _soma_ web principal subject 4: id=sales,ou=group,dc=openam,dc=forgerock,dc=org
19:47 _soma_ web principal subject 5: AUTHENTICATED_USERS
19:47 _soma_ user in 'AUTHENTICATED_USERS' role: false
19:47 _soma_ user in 'SALES' role: false
19:47 _soma_ user in 'sales' role: false
19:47 _soma_ user in 'id=sales,ou=group,dc=openam,dc=forgerock,dc=org' role: false
19:48 _soma_ so i thisk openam stuff works fine
19:49 _soma_ what d u think about that:
19:49 _soma_ AmRealm.authenticate: user: demo, authenticated: true, attributes: [sales, id=sales,ou=group,dc=openam,dc=forgerock,dc=org, AUTHENTICATED_USERS]
19:50 aldaris yepp, that AmRealm statement is helpful
19:50 aldaris that tells what exactly OpenAM sets
19:51 aldaris the rest is up to security role mapping and *.xml configurations
19:52 _soma_ thx!
19:52 _soma_ i checked the agentsample.war and agentsample.ear example files.
19:53 _soma_ there is readme.txt file next to these war and ear files.
19:55 _soma_ as i understand it, in case of tomcat i need to map "id=sales,ou=group,dc=openam,dc=forgerock,dc=org" to a different role name via OpenAM console
19:56 _soma_ and I only need to add extra lines into web.xml file.
19:56 _soma_ But in case of Glassfish...
19:56 _soma_ it is not clear for me
19:57 _soma_ the readme.txt file next to the sampleapp.ear does not mention anything related to this mapping.
19:59 _soma_ so i suppose that in case of glassfish i need to play with web.xml, application.xml, sun-application.xml and sun-web.xml
19:59 _soma_ but i do not understand why do i need to modify 4 files... :(
19:59 aldaris https://github.com/kir-dev/korok/blob/sch-pek-2​.5/sch-pek-web/src/main/webapp/WEB-INF/web.xml
20:00 aldaris and https://github.com/kir-dev/korok/blob​/sch-pek-2.5/sch-pek-ear/src/main/app​lication/META-INF/sun-application.xml
20:00 aldaris that's all that we did
20:04 _soma_ i can see
20:04 _soma_ are u Peter? :)
20:06 aldaris well guessed :)
20:06 _soma_ :)
20:09 _soma_ hey man, this git source code will help me a lot
20:10 aldaris you will need to stick with older versions of the project though, the latest version barely relies on the agent
20:10 _soma_ i am arnold, the hungarian guy from the forgerock.org forum :)
20:11 aldaris there is also a Bertalan Voros lurking around there
20:11 _soma_ ok, thx!
20:11 _soma_ it is nice ;)
20:12 _soma_ hungarians who live abroad :)
20:17 _soma_ thanks for the help Péter!
20:17 _soma_ if i solve this issue then i will post the solution on the forum
20:18 _soma_ Köszönöm a segitséget. Jó éjszakát!
20:23 asyd evening
20:33 aldaris joined #openam
22:35 MegaMatt joined #openam
23:07 asyd_ joined #openam
23:07 silje_ joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary