Archive/category: OpenAM

Hacking OpenAM – An Open Response to Radovan Semancik

I have been working with Sun, Oracle and ForgeRock products for some time now and am always looking for new and interesting topics that pertain to theirs and other open source identity products.  When Google alerted me to the following blog posting, I just couldn’t resist: Hacking OpenAM, Level: Nightmare Radovan Semancik | February 25, 2015 There Read more

OpenDJ Attribute Uniqueness (and the Effects on OpenAM)

In real life we tend to value those traits that make us unique from others; but in an identity management deployment uniqueness is essential to the authentication process and should not be taken for granted. Case in point, attributes in OpenDJ may share values that you may or may not want (or need) to be unique. For Read more

Understanding OpenAM and OpenDJ Account Lockout Behaviors

The OpenAM Authentication Service can be configured to lock a user’s account after a defined number of log in attempts has failed.  Account Lockout is disabled by default, but when configured properly, this feature can be useful in fending off brute force attacks against OpenAM login screens. If your OpenAM environment includes an LDAP server Read more

It’s OK to Get Stressed Out with OpenAM

In fact, it’s HIGHLY recommended…. Performance testing and stress testing are closely related and are essential tasks in any OpenAM deployment. When conducting performance testing, you are trying to determine how well your system performs when subjected to a particular load. A primary goal of performance testing is to determine whether the system that you Read more

Understanding the iPlanetDirectoryPro Cookie

So you have run into problems with OpenAM and you are now looking at the interaction between the Browser and the OpenAM server.  To assist you in your efforts you are using a plug-in like LiveHttpHeaders, SAML Tracer, or Fiddler and while you are intently studying “the dance” (as I like to call it), you Read more

How to Configure OpenAM Signing Keys

The exchange of SAML assertions between an Identity Provider (IdP) and a Service Provider (SP) uses Public-key Cryptography to validate the identity of the IdP and the integrity of the assertion.   Securing SAML Assertions SAML assertions passed over the public Internet will include a digital signature signed by an Identity Provider’s private key.  Additionally, Read more