Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2016-12-02

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
02:48 ilbot3 joined #openam
02:48 Topic for #openam is now Chat about the OpenAM project - https://backstage.forgerock.com/#/downloads - OpenAM 13.5.0 is out! OpenAM 12.0.3 is out! Channel logs at: http://irclog.perlgeek.de/openam/today
04:44 aldaris joined #openam
05:16 sam___ joined #openam
05:16 sam___ hi
05:16 sam___ hi aldaris
05:17 sam___ Good UGT !!
05:17 sam___ hi abyss
05:18 sam___ Good UGT, aldaris !
07:48 sam___ aldaris, r u there ?
08:17 aldaris joined #openam
08:23 asyd morning
08:26 aldaris Good morning
08:26 sam___ Good morning, aldaris !
08:28 sam___ aldaris, i was waiting for u long time..
08:29 sam___ any reply ??
08:30 * asyd send coffee to aldaris
08:31 sam___ asyd, is this to me ?
08:33 sam___ aldaris, will u help me today ?
08:34 sam___ do u have any grievance on me ?
08:35 sam___ @aldaris ??
08:35 sam___ why there is no reply from you ?
08:37 sam___ your support on yesterday is marvelous.. :)
08:37 sam___ i have no words to say for that..
08:38 sam___ but today u seem to be silent. any reason please ??
08:41 sam___ i was dying here with a issue..
08:41 sam___ :(
08:41 aldaris it's 8:40 AM man
08:42 aldaris plus you are asking questions about SAML in generic not even related to OpenAM in any way.
08:42 aldaris patience is a virtue :)
08:45 aldaris and then keep in mind that people have actual work to do, not just answering people in IRC channels
08:46 sam___ oh.. sorry for the time..
08:46 sam___ and sorry if i have disturbed you..
08:46 aldaris not at all, just don't complain if you don't get an immediate response :)
08:47 sam___ no .. just for info i specified those..
08:48 sam___ i'm so sorry, if those messages hurt u..
08:48 aldaris lol, chill men :)
08:49 aldaris *man
08:49 aldaris @abyss you about?
08:50 sam___ since i'm in hurry, i reacted like that.. :)
08:50 abyss hi guys
08:50 abyss aldaris: I'm fine everything works. Thank you:)
08:51 sam___ hi abyss
08:51 abyss have you read yesterday what I had to do to import ldif via ldapmodify?:)
08:52 aldaris @abyss the tip I got in the end was to run export-ldif with —excludeBranch on the wrong version, then run —includeBranch with the right version, then concatenate the two and then run import-ldif
08:53 abyss yes? I didn't see that tip yesterday :(
08:53 abyss sorry
08:53 aldaris just got it this morning, that's why :)
08:53 abyss aha :D
08:54 aldaris btw there is a DJ setting for allowing pre-encoded passwords in ldifs
08:55 abyss but I did export-ldif (3.0 opendj) and ldapmodify works fine, I had only remove lines with createTimestamp entryUUID ds-sync-hist creatorsName pwdChangedTime and last modyfi set-password-policy-prop to allow Pre-encoded passwords
08:56 abyss after that everything imported fine :)
08:56 aldaris import-ldif is a nicer way, because then you retain all historical data and password policy related attributes
08:57 abyss ok, I understand
08:58 sam___ @aldaris, is there any channel for SAML ??
08:58 abyss wrong and right version you mean version wrong=3.0 right = < 3.0 ?;)
08:58 sam___ @aldaris: specifically to SAML ..
08:58 aldaris wrong/right -> the DJ instances where you have the wrong and the right data for ou=people
08:59 aldaris sam___ not sure, haven't seen one, but then again I'm only using IIRC for 2 channels
08:59 aldaris s/IIRC/IRC
08:59 abyss aldaris: but on "wrong" version I don't have ou=people at all :)
08:59 aldaris right, but you would exclude ou=people there anyways
08:59 abyss I'd like just move ou=people from other instance to "wrong" instance
09:00 aldaris you are exporting the data there to get all the OTHER entries
09:00 aldaris and then merge everything but ou=people with only ou=people, and you have a full LDIF that you can import-ldif (since import-ldif overrides everything
09:01 abyss aldaris: ok, I'd like to be sure that I understand well - you know my english;)
09:02 sam___ whats the other channel, @aldaris ?
09:02 abyss I should export-ldif from wrong and right version (with exclude and include) then somehow merge them and then import?
09:02 aldaris something not relevant to work :)
09:03 sam___ @aldaris, is there any free public chat site for SAML ?
09:06 aldaris @abyss, export all the entries but ou=people (using —excludeBranch) from the "wrong" instance, then export only the ou=people (using —includeBranch) from the "right" instance, then you should be able to concatenate the two ldif files and import-ldif the end result
09:06 abyss sam___: please use google to look for that. I suppose you have to use some forum instead of chat/irc. I was suprised when I saw channel for openam;) So it's not a common to create irc channel for technology ;)
09:07 abyss aldaris: this is not what I wrote?;)
09:07 aldaris @abyss it mostly was, just wasn't too specific on the exclude and include part, just tried to make it more specific
09:07 abyss ok, thank you.
09:08 sam___ abyss, after doing that i came here..
09:09 sam___ forum.. will not be suitable for urgency..
09:10 abyss sam___: ok I just saying that probably you will get answer regarding saml on forum regarding saml :) And probably there's no irc channel regarding only saml.
09:10 sam___ k
09:10 abyss maybe try on irc channel regarding your language (php, ruby or so...)
09:11 sam___ its really sad to hear..
09:11 aldaris or reach out to the spring saml community
09:11 abyss or better framework
09:11 abyss that you are using or similar framework
09:12 sam___ unfortunately i'm not member of spring SAML and my try to achive that too failed..
09:13 sam___ because of aldaris i was saved.. at here..
09:15 abyss me too ;) He never leave me alone with issue - but I ask question mostly regarding openam/opendj ;p
09:16 sam___ u r lucky in that..
09:16 aldaris I can help with saml issues, I've fixed quite a few bugs in OpenAM's SAML implementation, but expecting me to resolve your problems in your timeframe, well that's unrealistic
09:17 sam___ @aldaris, i'm really sorry for that... :(
09:18 sam___ since i'm under pressure i have to expect so.. will avoid that in future..
09:19 sam___ and pardon me, if i do so in future..
09:20 sam___ unknowingly..
09:21 abyss ofcourse I didn't mean aldaris knows only openam/opendj, sorry for that;)
09:22 sam___ abyss, i already know that from his yesterday's answer.. :)
09:22 abyss ;)
09:22 abyss yeah! :)
09:24 sam___ really i'm saved on yesterday... b'cos of his answer..
09:24 abyss so you have another issue?
09:25 sam___ ya, but that is to our master, aldaris !
09:28 sam___ aldaris, shall i start to ask my query ?
09:29 aldaris yes..
09:29 sam___ just i need a confirmation..
09:30 sam___ how we can confirm that a auth response is signed thru SAML response ?
09:31 sam___ i.e., by seeing SAML response ?
09:32 sam___ if it has <ds:Signature> we can confirm that ?
09:32 sam___ in SAML auth response
09:33 aldaris yes, that's a good way to do it
09:34 aldaris just look for ds:Signature element
09:34 aldaris but I wouldn't suggest to write xml signature validation on your own
09:35 sam___ so if a auth response contains <ds:Signature> i can assure that the response from IDP is signed ??
09:35 aldaris depends on where it contains it
09:37 sam___ sorry, i'm not clear..
09:39 sam___ as far as i know if it contains in Response, then response is signed
09:39 abyss joined #openam
09:39 aldaris if it's a direct child element of Response, then yes
09:40 sam___ and if it contains in Assertion, then assertion only is signed..
09:40 sam___ am i right ?
09:40 sam___ ya got that..
09:41 sam___ also from SAML doc, i find that if response is signed then the sign will apply to assertion also..
09:43 sam___ so Assertion is said to be signed, am i right ?
09:44 sam___ or is there any difference..
09:47 sam___ also 'but I wouldn't suggest to write xml signature validation on your own', what u mean by this..
09:48 aldaris actually, I'm just wondering where the signature needs to be
09:49 aldaris IIRC it needs to be an enveloped signature
09:49 sam___ ya
09:53 sam___ why wouldn't you suggest to write xml signature validation on my own ?
09:53 sam___ before that i'm not doing that..
09:53 sam___ i'm using the spring SAML for that
09:53 aldaris because it can easily go wrong
09:55 sam___ ya sure, particularly for a amateur like me..
09:56 sam___ and thanks for ur replies @aldaris..
09:56 sam___ i have to move to lunch..
09:56 sam___ will be back after that..
10:13 abyss aldaris: your boss knows that you spend 40% time of your job helping people for free?:D
10:14 aldaris well I was a community member before I joined the company, so one would assume so :)
10:18 abyss :)
10:19 abyss aldaris: company send you offer or you applied to them?
10:19 aldaris kind of both :)
10:20 abyss :)
10:20 abyss nice :)
10:20 aldaris let's just say I didn't really have a job interview :)
10:42 * jjpp thinks . o O ( you continued to do the community work and at one point you saw some money coming from fr on your account and then you decided to go and spend days at their office and .. ? :) )
11:28 abyss aldaris: btw: merge files works fine I do not have to turn on any policies and remove anything from files. Thank you!
11:28 aldaris np
11:33 MegaMatt joined #openam
12:44 KermitTheFragger joined #openam
13:32 aldaris joined #openam
14:37 aldaris joined #openam
21:52 MegaMatt joined #openam
23:19 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary