How do I configure openAM admin language - openam

is it possible to configure the language of openAM 11.0 administration pages (beside setting the default language of my browser/operating system)?
Being new to openAM and trying to learn from tutorials and manuals is confusing when the admin UI is translated into German ;-)
Thanks,
Rainer.

The admin console is always being displayed in the same language as the authentication originally was performed with, so you should be able to see everything in english on the admin console if you authenticate at /openam/console?locale=en

You can change the default language by specifying the following JVM arguments before starting your app server :
-Duser.country=US -Duser.language=en
There is also one reference of the installation language that you might need to change, in the internal OpenDS used by OpenAM. I could not find any user interface to change the setting, so you must change it through LDAP.
Using any LDAP client, connect to the local LDAP on port 50389 using cn=Directory Manager and the password of the amAdmin account
open the following dn :
ou=server-default,ou=com-sun-identity-servers,ou=default,ou=GlobalConfig,ou=1.0,ou=iPlanetAMPlatformService,ou=services,dc=openam,dc=forgerock,dc=org
change the value of one of the sunKeyValue attributes :
serverconfig=com.iplanet.am.locale=en_US

In my case, this worked for me:
-Change in your web browser preferences the order of prefered languages, put the prefered language first (in firefox and Iexplorer there is a option with a list).
-Launch the server with the -Duser.language=en java option. ( JAVA_OPTS in setenvh.sh in my local Tomcat setup)
I had to change both options. Not only one.
See also:
https://backstage.forgerock.com/#!/docs/openam/12.0.0/install-guide/chap-custom-ui#lookup-for-ui-files

Related

installation OP5 Monitor / Nagios:

In the case of implementation of the monitoring database oracle control method requires a standard application username and password explicitly. How to bypass the need to enter in clear text password to log into the database oracle, which is visible in the screen OP5 Monitor and Nagios configuration file system.?
There are several possibilities.
Generic solution
Use the $USERnn$ macros, which are defined in resources.cfg. More information on how to use this feature: https://kb.op5.com/display/DOC/Macros#Macros-Custommacros
The USER macros are not visible in the graphical user interface, but can be read by anyone having access to the resources.cfg configuration file.
For Naemon documentation on user macros see http://www.naemon.org/documentation/usersguide/macrolist.html#user
Specific solution for the check_oracle plugin (if that is what you are using)
Specify the credentials in an auth file. From the help text for the plugin:
-f <auth-file> can be used instead of -u <username> -p <password>. If both
options are used the <auth-file> will override -u/-p. The <authfile> should
be a textfile (readable by the nrpe-user) containing two rows. File format:
username=<username>
password=<password>
Solution specific to OP5 Monitor
Use custom variables prefixed with OP5SECRET. Unfortunately, these are not very well documented, but take a look at the Standalone VMware ESXi virtualization host management pack which uses this feature.
Full disclosure: I work as Development Team Lead at OP5.

Where to store external credentials in JBoss?

When using WAS we use the j2c credentials store to hold external system's users & passwords.
WAS provides some proprietary apis to get this information.
The benefit of using this instead of a local file that:
- the WAS admin can add/modify credentials having no knowledge of the application structure.
- it is managed in a central way for the whole cluster
- WAS stores it among other own credentials in a folder that is supposed to be secure (at SO level)
- Devs do not need to know about production passwords
Now we are coding for JBOSS and we wonder if there is any similar API in JBoss to get users/passwords by code.
Thank you!!
We have found the solution. JBoss has a "vault" that is explained in the security guide.
Basically it lets you cypher everything you want in the server configuration file (i.e. standadlone.xml). Then it decyphers it when starting the server.
We simple added a JNDI String to the server xml config file with the cyphered credentials. When we get that JNDI value from our code, credentials are already in plain text.
Quite an elegant solution from JBoss dev team.

Default login credentials for Virtuoso Conductor

I've just finished installing Virtuoso's opensource package and I'm running the web gui called Conductor.
It requires a login, but I don't think there was anything about setting that up during install.
is there a default un / pass for this? if now, how do I set one?
According to their documentation, you can log in initially as:
username: dba
password: dba
Edit: i also found that there are two different default users setup:
There are two system users of immediate importance:
dba -- the relational data administrative account
dav --the WebDAV adminstrative account.
By default each of these accounts has
its password set the same as its username. It is strongly advised that
you change these as soon as possible for obvious security reasons.
http://ods.openlinksw.com/wiki/main/Main/VOSUbuntuNotes#Using%20Virtuoso
There are supposedly several default users set up, per Section 3.1.1 Default Passwords of their documentation (dba, dav, vad, demo, soap, fori), but dba and dav are the critical ones to change. Note: I don't actually see the other users under the Ubuntu Xenial virtuoso package (version 6.1.6+repack-0ubuntu5)
That page also has the isql syntax to change the password (only for the logged in user, ie, dba) on the command line:
This can be changed using the Interactive SQL utility. When started without parameters, the ISQL tries to log on as dba with the default password. The SQL statement to change a user's password is:
set password <old password> <new password>
The password is an identifier, so take care to use proper quotation.

JSF project form authentication using Tomcat DataSourceRealm

I have a JSF 2 project and am using Eclipse Inigo as IDE, and deploying to Tomcat 6 (which is running in a a virtual machine in VirtualBox to mimic the target environment). I am not using Eclipse to deploy. Right now I'm simply exporting a .war file and deploying it from the Tomcat manager screen. I am using HSQLDB to store users, passwords, and user roles. One project requirement that is causing me confusion is that my web app must be fully self-contained. That is to say, I deliver a .war file and they plug it in without additional configuration to Tomcat.
I've read a ton on configuring my project for form authentication, including: SO question 1, SO question 2, SO question 3, Tomcat Realm config, Java EE 6 security, and more. Those sources really helped understand how to configure my project. I thought I was almost there. However, when I deploy the web app and try to access a restricted page I always get the login error page. I attempt login with one of various users in the DB with the role required, and I think the DB is set up according to the Tomcat Documentation.
All the tutorials I've read differ from my situation in one way or another:
Uses Glassfish instead of Tomcat
Uses BASIC authentication instead of FORM
Stores users, passwords, and roles in tomcat-users.xml instead of relational DB tables
Declares roles in server.xml instead of somewhere within the .war file.
Point 4 especially is preventing me from getting a full understanding of what is and is not possible (out of the box).
I will edit this question later to post code (web.xml, etc.), but first I wanted to ask a question similar to the one in the 'SO question 2' (above), in which the OP asks whether it's possible to do form authentication without defining something in the application server. In one of the answers it sort of sounds like it is not possible, but it's not quite definitive.
So, is it possible to implement form authentication without modifying files in the server (specifically server.xml and tomcat-users.xml as so many tutorials show)? Can form authentication with a DataSourceRealm be done with the requirement of the .war being fully self contained? If so, how? Can I include additional .xml files in my .war that would do the trick? Can I include everthing I need in web.xml and context.xml?
I've tried including everything in web.xml and context.xml, but it is not working. I thought I had things configured properly except for not having anything in the server.xml file.
I'll leave it at that for now. If what I need is possible, I'll edit with code to try to figure out what I'm doing wrong, otherwise, I'll save the trouble. Also, if what I need is not possible using form authentication, can anyone recommend a good alternative to achieve the same in a self-contained .war? (I'm throwing around the term 'self-contained .war' for lack of a better way to describe it...if there's a better or more precise term, let me know.)
Unfortunately, you can not do it.
Realms are configured in the server.xml file so if you want to authenticate a user against database you have to configure it in the server.xml file.
If you want to authenticate a user against database and ensure all your configuration will be within your WAR file please consider to use the Spring Security framework: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html
It is the great and simple framework that solves a lot of authentication / authorization problems.

IIS shared configuration username

I am trying to use a shared configuration from a team mate for IIS, however, I don't know what username/password to enter for the credentials. I've tried entering the encryption password that was used when he exported the settings. But I always get an error. What username should I be using?
After watching this video: http://www.youtube.com/watch?v=e3Je0a2v_5U
I found out that as long as your configuration directory is on your local machine (and not on a network drive), you don't put in a username OR password in the shared configuration page. After you hit "apply" in the "actions" sidebar, a window will pop up asking you what the encryption password is. Type in the same thing as the person that exported the setting and you're golden.
Hope this helps!

Resources