Archive

Posts Tagged ‘ForgeRock’

Connecting OpenIdM with Microsoft Active Directory – How to set it up!

14/11/2012 Leave a comment

This article is about setting up ForgeRock’s Open Identity Management with Microsoft Active Directory using standalone .NET Connector Server.

Read more…

Advertisements
Categories: Integration Tags: , , , , ,

OpenAM Session Upgrade: Overview

SSO authentication introduces some technical challenges besides providing obvious benefits. Imagine for example that you need to assign different types or levels of authentication to different resources or different actions within a domain. E.g. you allow users to view information, if they successfully authenticate using user name and password, while you may require them to insert a special security code besides user name and password, if they want to start editing. Or you allow users to access general content using user name and password, while accessing specific content (e.g. admin content) needs a security certificate.

Now, what if the user is logged-in  with one level or type of authentication, while she attempts to access a resource that requires a different level or type of authentication? Will she be asked to log-in again? What happens to the SSO session technically in such cases?

Read more…

A simple OpenAM realm scenario

26/06/2012 5 comments

A Realm is an OpenAM concept and a feature which is used to group and organise the information and configuration parameters. OpenAM has a top level realm which contains all other, user-defined, realms. We will try here to demonstrate the realm functionality on a simple but practical scenario where realms will be used to separate administration entities.

Let’s imagine a hypothetical service provider company (Example.com) which has a centralised directory for all of it’s clients, and a separate branch per client:

  • suffix: dc=example,dc=com
  • Client1: o=client1,dc=example,dc=com
  • Client2: o=client2,dc=example,dc=com

Example.com would like to employ OpenAM  for access management (authentication and authorisation) in a way that users from the client companies cannot access each other’s resources. This functionality can be easily achieved by the Realms feature such that each client company has it’s own sub-realm. Below we’ll explain the detailed setup procedure.

Read more…

Certificate based authentication with OpenAM 10 and Tomcat 7

24/05/2012 11 comments

Although my use case for certificate based authentication is pretty basic, the existing documentation for Access Manager/OpenSSO/OpenAM is somewhat scarce and requires gathering information from various, often unrelated sources. For that reason, I have summarised the process in this article.

Read more…

Automated installation and configuration of OpenAM

19/01/2012 7 comments

This blog is about automation of OpenAM architecture installation and configuration. As I recently automated architecture from my previous article [1] (simplified without using SSL), I would like to say something about issues I met.

Read more…

How to install and configure OpenAM Web Policy Agent

02/01/2012 4 comments

I prepared one more article about OpenAM, now it is about OpenAM Web Policy Agent. This article is an example how to use OpenAM to protect resources on a Web Server.

Read more…

Categories: Integration Tags: , , ,

How to upgrade OpenAM

13/12/2011 2 comments

In my previous articles [1] and [2] I explained how to install simple OpenAM architecture. Now I wrote one more article related to this architecture. This article provides detailed steps how to do an upgrade of this architecture from OpenAM 9.0 to OpenAM 9.5.4.

Read more…