Blog

Introduction In this article I will demonstrate how to configure software Load Balancer (LB) for two OpenAMs. OpenAM is a open source access management software provided by ForgeRock. Load balancing aims to optimize resource use, maximize throughput, minimize response time, and avoid overload of any single resource. If a one server is down, LB redirect all requests to others servers which are up. To simplify, I will configure LB, OpenAM 1 and OpenAM 2 on one virtual machine and OpenAMs will be configured with embedded data and config store. To read more…

Recently, I have been exploring administration delegation feature of OpenAM 11 and given that i didn't find any detailed information about this topic, I decided to write down this blog.  This article is based on existing OpenAM documentation( http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/admin-guide/index.html#delegate-realm-administration ) and my investigations of this area. (more…)

I gave a short overview of OpenAM Session Upgrades in a previous article. This is a follow-up that intends to describe the process of configuring it and discussing some of its implications. This blog was sitting back half done as a Draft for several months. It was originally written based on ForgeRock OpenAM 10.x . OpenAM 11 has been released since then. I'm finally finding the time for finishing and publishing the article. It should apply for OpenAM 10.x as well as OpenAM 11.  (more…)

profiq just announeced strategic partnership with ForgeRock for system integration of open-source and standard-based Access and Identity Management (IAM) products. This is a fundamental milestone in fulfilling profiq's system integration and system testing strategy. We have spent the last 8+ years with deploying and testing ForgeRock products and their predecessors and looking forward to offering an extended service to customers in the Czech Republic, Slovakia and Hungary with ForgeRock. (more…)

SSO authentication introduces some technical challenges besides providing obvious benefits. Imagine for example that you need to assign different types or levels of authentication to different resources or different actions within a domain. E.g. you allow users to view information, if they successfully authenticate using user name and password, while you may require them to insert a special security code besides user name and password, if they want to start editing. Or you allow users to access general content using user name and password, while accessing specific content (e.g. admin…

A Realm is an OpenAM concept and a feature which is used to group and organise the information and configuration parameters. OpenAM has a top level realm which contains all other, user-defined, realms. We will try here to demonstrate the realm functionality on a simple but practical scenario where realms will be used to separate administration entities. Let's imagine a hypothetical service provider company (Example.com) which has a centralised directory for all of it’s clients, and a separate branch per client: suffix: dc=example,dc=com Client1: o=client1,dc=example,dc=com Client2: o=client2,dc=example,dc=com Example.com would like to…

Although my use case for certificate based authentication is pretty basic, the existing documentation for Access Manager/OpenSSO/OpenAM is somewhat scarce and requires gathering information from various, often unrelated sources. For that reason, I have summarised the process in this article. (more…)

This blog is about automation of OpenAM architecture installation and configuration. As I recently automated architecture from my previous article [1] (simplified without using SSL), I would like to say something about issues I met. (more…)

I prepared one more article about OpenAM, now it is about OpenAM Web Policy Agent. This article is an example how to use OpenAM to protect resources on a Web Server. (more…)

In my previous articles [1] and [2] I explained how to install simple OpenAM architecture. Now I wrote one more article related to this architecture. This article provides detailed steps how to do an upgrade of this architecture from OpenAM 9.0 to OpenAM 9.5.4. (more…)