OpenDJ Attribute Uniqueness (and the Effects on OpenAM)

In real life we tend to value those traits that make us unique from others; but in an identity management deployment uniqueness is essential to the authentication process and should not be taken for granted. Case in point, attributes in OpenDJ may share values that you may or may not want (or need) to be unique. For Read more

Understanding OpenAM and OpenDJ Account Lockout Behaviors

The OpenAM Authentication Service can be configured to lock a user’s account after a defined number of log in attempts has failed.  Account Lockout is disabled by default, but when configured properly, this feature can be useful in fending off brute force attacks against OpenAM login screens. If your OpenAM environment includes an LDAP server Read more

It’s OK to Get Stressed Out with OpenAM

In fact, it’s HIGHLY recommended…. Performance testing and stress testing are closely related and are essential tasks in any OpenAM deployment. When conducting performance testing, you are trying to determine how well your system performs when subjected to a particular load. A primary goal of performance testing is to determine whether the system that you Read more

Understanding the iPlanetDirectoryPro Cookie

So you have run into problems with OpenAM and you are now looking at the interaction between the Browser and the OpenAM server.  To assist you in your efforts you are using a plug-in like LiveHttpHeaders, SAML Tracer, or Fiddler and while you are intently studying “the dance” (as I like to call it), you Read more

How to Configure OpenAM Signing Keys

The exchange of SAML assertions between an Identity Provider (IdP) and a Service Provider (SP) uses Public-key Cryptography to validate the identity of the IdP and the integrity of the assertion.   Securing SAML Assertions SAML assertions passed over the public Internet will include a digital signature signed by an Identity Provider’s private key.  Additionally, Read more

OpenDJ Indexes Explained

Suppose that you have an OpenDJ directory server with 300,000 entries.  And further suppose that the space consumed on your disk for said directory is 1.2 GB and made up of 114 database (*.jdb) files.  Suppose that you didn’t plan correctly and you are now running out of space on your hard drive.  What should Read more

The Case of the Mysteriously Creeping Database

While teaching a recent ForgeRock OpenDJ class, a student of mine observed an interesting behavior that at first seemed quite odd.  While rebuilding his attribute indexes, the student found that the overall database size seemed to grow each time he performed a reindex operation.  What seems obvious to me now sure made me scratch my head Read more

What do OpenDJ and McDonald’s Have in Common?

The OpenDJ directory server is highly scalable and can process all sorts of requests from different types of clients over various protocols.  The following diagram provides an overview of how OpenDJ processes these requests.  (See The OpenDJ Architecture for a more detailed description of each component.) Note:  The following information has been taken from ForgeRock’s OpenDJ Administration, Read more