There is a very important trick to play before installing Oracle JDeveloper on a Mac. Basically you need to fool the JDEV installer to believe the java on your...
There is a very important trick to play before installing Oracle JDeveloper on a Mac. Basically you need to fool the JDEV installer to believe the java on your Mac is like those on Unix/Linux box. cd /System/Library/Frameworks/JavaVM.framework/Versions/1.6.0/Home/ sudo mkdir -p jre/lib cd jre/lib sudo ln -s ../../../Classes/classes.jar rt.jar This step was actually on Installation Guide for Oracle JDeveloper
There is a very important trick to play before installing Oracle JDeveloper on a Mac. Basically you need to fool the JDEV installer to believe the java on your Mac is like those on Unix/Linux box....
Someone found that distauth of Opensso cannot recieve session notifications from opensso server. My investigation showed that a new property...
Someone found that distauth of Opensso cannot recieve session notifications from opensso server. My investigation showed that a new property "com.sun.identity.client.notification.url" was not set in AMConfig.properties of the distauth. This property is new to Opensso, somehow it was not there by default. If you want your opensso client to receive notifications from the session service, policy service and UM on the server, you need to add it.See more details on DocTeger's...
Someone found that distauth of Opensso cannot recieve session notifications from opensso server. My investigation showed that a new property "com.sun.identity.client.notification.url" was not set in...
OpenSSO uses xmlsec API to verify digital signature. In case the API returns a false, but you have no idea about the cause when just looking at the XML doc, you...
OpenSSO uses xmlsec API to verify digital signature. In case the API returns a false, but you have no idea about the cause when just looking at the XML doc, you may want see debug messages printed out from the xmlsec APIs.Since xmlsec uses standard java.util.logging packages to log debug messages. So you can pass a jvm option -Djava.util.logging.config.file=log.properties in web container config file with content in log.properties looks like followinghandlers =...
OpenSSO uses xmlsec API to verify digital signature. In case the API returns a false, but you have no idea about the cause when just looking at the XML doc, you may want see debug messages printed...
Recently a bug was identified in OpenSSO8.0 code related to Cookie Hijack Prevention (CHP). There are multiple policy agent instances with a Load Balancer (LB)...
Recently a bug was identified in OpenSSO8.0 code related to Cookie Hijack Prevention (CHP). There are multiple policy agent instances with a Load Balancer (LB) in front. In this case, agent profiles must have LB URL added in the agent root URL list (CDSSO + CHP). However, a strange behavior could be observed. Only one agent works, you could see your browser spinning when accessing other agents. This is OpenSSO issue 5707.
Recently a bug was identified in OpenSSO8.0 code related to Cookie Hijack Prevention (CHP). There are multiple policy agent instances with a Load Balancer (LB) in front. In this case, agent...
In my previous post (09/11) on this topic, I asked to have jss4.jar in the classpath and have corresponding library files in the environment. Actually it is not...
In my previous post (09/11) on this topic, I asked to have jss4.jar in the classpath and have corresponding library files in the environment. Actually it is not required. Otherwise, one will have a hard time to find and install them on a windows box. All you need to do is to set the value of property com.iplanet.security.encryptor to be "com.iplanet.services.util.JCEEncryption". The default is "com.iplanet.services.util.JSSEncryption" if you don't specify, which requires...
In my previous post (09/11) on this topic, I asked to have jss4.jar in the classpath and have corresponding library files in the environment. Actually it is not required. Otherwise, one will have a...
Last week, I provided the steps to change amadmin password on AM7.1. Someone had question on how to do it on file based AM7.1. The java code...
Last week, I provided the steps to change amadmin password on AM7.1. Someone had question on how to do it on file based AM7.1. The java code PasswordHashEncryption.java is still required to encrypt and hash the new password. Actually you don't need the whole AMConfig.properties, only one property am.encryption.pwd. You can pass the value as jvm option. For instance$JAVA_HOME/bin/java -Dam.encryption.pwd=sZ6rTm4Dp1xp6MuXpwyQ3h0RsdcMK5eQ...
Last week, I provided the steps to change amadmin password on AM7.1. Someone had question on how to do it on file based AM7.1. The java code PasswordHashEncryption.java is still required to encrypt...
It is not straight forward to change amadmin password on an Access Manager 7.1 setup. If you simply change it on subject tab of AM console, you would fail to...
It is not straight forward to change amadmin password on an Access Manager 7.1 setup. If you simply change it on subject tab of AM console, you would fail to login once you logout.This is due to the factor that amadmin's password is saved in a separate entry of Directory Server. You need to save the new password into this entry after changing it on the console. But the password is not saved as is but needs both encrypted and hashed. Unfortunately, the current cli tool...
It is not straight forward to change amadmin password on an Access Manager 7.1 setup. If you simply change it on subject tab of AM console, you would fail to login once you logout.This is due to...
When using Access Manager, people expects to set different session idle timeout or max session time for different orgs/groups/roles. This can be easily...
When using Access Manager, people expects to set different session idle timeout or max session time for different orgs/groups/roles. This can be easily configured with older AM versions, 6.x or even older 5.x. But it is tricky to do so with the newer version 7.x. Lots of people noticed that the changes they made to the role level didn't take any effect even after restarting both AM and DS. The 7.x public doc mentioned a bug 6309262 (doc'd in 7.0...
When using Access Manager, people expects to set different session idle timeout or max session time for different orgs/groups/roles. This can be easily configured with older AM versions, 6.x or...
Haven't used the feature of persistent cookie on AM/OpenSSO for a long time. Today when verifying a code change, I need to check the httponly flag of persistent...
Haven't used the feature of persistent cookie on AM/OpenSSO for a long time. Today when verifying a code change, I need to check the httponly flag of persistent cookie. Somehow I couldn't find this cookie on the browser. I did enable it in authentication core service though.It turned out that one has to append the parameter "iPSPCookie=yes" to the Login URL. For instance, http://OpenSSO.or.AM.domain:port/amserver/UI/Login?iPSPCookie=yes. The persistent cookie name is set as...
Haven't used the feature of persistent cookie on AM/OpenSSO for a long time. Today when verifying a code change, I need to check the httponly flag of persistent cookie. Somehow I couldn't find...