I'm trying to install OpenAM 12.0.2 using Quick Start Guide. Everything works fine, except redirecting unauthenticated user to OpenAM login page. In Agent config login URL is set as
com.sun.identity.agents.config.login.url[0] = http://www.example.com:8080/openam/UI/Login
but user is redirected to
http://openam.example.com:8080/openam/UI/Login
Seems that any changes to com.sun.identity.agents.config.login.url[0] are not applied.
Any ideas?
OpenAM 12.0.2
Web Agent 4.0.0 for Apache 2.2
OS CentOS 6.7
Problem was solved. Incorrect login URL was set in Agent profile. Be carefull during configuration.
Related
I restored the Test DNN Website and Database on local machine but still it is redirecting to Test Url.
Please help me run the DNN Website on Local Machine.
I change the PortalAlias, PortalSettings, webconfig pointing to Local Database. But still not resolved.
following message appears, when I enter my email for Login:
https://login.microsoftonline.com/XXXXXX-XXXX-44e7-XXXX-7de5c833XXXX/oauth2/authorize?scope=email&client_id=3b8a260d-PPPP-420a-PPPP-efd8cad8XXXX&redirect_uri=https%3a%2f%2fuattest.tio.com%2fLogin&state=Azure&response_type=code&login_hint=arsalan.amin#tio.com
https%3a%2f%2fdnn.localhost.com
https%3a%2f%2fuattest.tio.com
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'XXXXXXXX-XXXX-420a-XXXX-efd8cadPPPPP'.
Configuration in .net framework generally we only need to modify the redirecturl.
Make sure the redirecturl in project same as azure portal, your issue should be solved.
Solution:
After you restored website, please check the RedirectUrl.
Click App registrations, and check Authentication->Platform configurations->Redirect URIs.
I currently have an Keycloak Gatekeeper as a proxy, over an IIS web application, using ISAPi redirector to connect to a Tomcat server via AJP. The application running on Tomcat requires the REMOTE_USER variable to be set to authenticate a user in the system.
Ideally it would work like this:
User --(logs in)--> Keycloak Gatekeeper --(Headers)--> IIS --(Headers)--> Tomcat --(REMOTE_USER set + Headers)--> Web Application
I have tried using the Keycloak Tomcat adapter (which works for logging in existing users) but the application also requires particular headers to be set to sign users up if they do not exist in the system.
I have also tried using IIS URL Rewrite module, but it does not set the REMOTE_USER variable for some reason (I saw this post which suggests that the Rewrite rules run before authentication, URL rewrite - REMOTE_USER always empty).
I managed to get this working by using Keycloak Gatekeeper (to authenticate the user) and having the Keycloak Tomcat adapter (setting the REMOTE_USER variable on the Tomcat server). I also managed to get this to work using Keycloak Gatekeeper and a custom ISAPI redirector to set the REMOTE_USER variable.
Unfortunately this did not help us as the application we are authenticating for has another issue, but answering this question incase someone else has an issue similar.
I am working on OpenAM for the first time, i am following below link
https://backstage.forgerock.com/#!/docs/openam/12.0.0/getting-started.
i followed all the steps but when i click the agent URL i am not redirected to OPenAM URL. i am getting message :"it works".
agent URl:http://localhost:8088/
openAM URL:http://localhost:8080/OpenAM/
Using "localhost" is a recipe for trouble. OpenAM uses cookies, and needs a real FQDN to function properly. Note that guide that you reference uses "openam.example.com" when setting up OpenAM.
Please redo your installation using a proper FQDN. This may not be your problem, but you should fix that issue first before going further.
I have to mention that I am new to IIS. I have a local IIS 8.5 on a windows server 2012 machine. When I enable the windows authentication (basic authentication is disabled), I can access and see the home page of IIS (http://localhost) with the credentials of a LDAP user in the same domain. However, when I enable basic authentication (windows authentication is disabled), I cannot access the home page with the same credentials I used for windows (The authentication pop up never goes away).
Shouldn't the same credentials work for both basic and windows authentication or basic authentication works differently ? If not, then how are the credentials validated in case of basic authentication ?
Note: Eventually I plan to write restlet java code to post resources using basic authentication.
So finally I got this problem solved. For Basic Authentication (click on edit), we need to set the default domain (realm is optional). Once I set the default domain, I could login using the LDAP user credentials.
I am configuring Liferay with Open AM using Active Directory as the LDAP Server.
The problem I am facing is if i configure OpenAM to authenticate using AD I get the following error in Liferay -
07:52:17,962 DEBUG [http-bio-8080-exec-15][OpenSSOUtil:146] Attributes response code 500
07:52:17,962 DEBUG [http-bio-8080-exec-15][OpenSSOAutoLogin:132] Validating user information for null null with screen name null and email address null
07:52:17,962 ERROR [http-bio-8080-exec-15][AutoLoginFilter:261] Current URL /web/guest/home?p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=%2Flogin%2Flogin&p_p_id=58&p_p_lifecycle=0&_58_redirect=%2Fc generates exception: com.liferay.portal.security.auth.AutoLoginException: java.lang.Exception: Email address is null
On OpenAM side there is no error.
The steps I followed are -
Configure AD in Liferay and enable it
Configure SSO in Liferay through portal-ext file
Enabled pass through authentication in OpenAM.
I dont see any errors in OpenAM logs.
The only issue I see is in Liferay logs.
The following works -
Liferay + AD
Liferay + OpenAM using OpenDJ
Let me know if anyone knows what can be done to fix the issue.
The error you show seam to indicate that the mappping between your openAM server data and the liferay one isn't correct. Look at the properties "open.sso.screen.name.attr" and similar from your portal.
Also keep in mind that you need to activate the ldap sync on your liferay server so the User are created and Liferay can match it with openAM data.