This is the third episode from a four part video made on using SAML v2 Assertion attributes in an application protected by ForgeRock OpenAM. In the interest of continuity and also to get the context accurately, it may make sense to read/view the blog posts in the following order:
The diagram is a slightly modified version of the one that you would have seen in my earlier blog entry. It has one additional user in the Identity Provider (which of course seems like a world famous detective and that’s no coincidence), but no corresponding entry in the Service Provider. In the Identity Federation Configuration earlier, we saw how a user with an id ‘demo’ in the Identity Provider linked her account with her id in the Service Provider. But there can be situations, when we may want to use Federation with identities only at the IDP, still gaining access to the applications protected by the SP. That’s where Transient Federation comes into play. It maps the identities from IDP to an anonymous user in the SP (many to one mapping).
You will find an entry on my blogs that talked about the installation of Linux Container and further demonstrated ForgeRock OpenDJ installation and configuration in it. In the last several days, though I posted some contents on OpenDJ, I never introduced my kind readers to the Administration GUI that the OpenDJ product comes with. That was mainly because I was struggling to get the GUI from a Linux Container. This morning I was determined more than ever before to get over this roadblock, and, boy, did manage to figure out, perhaps, one among the many ways of doing it. In the following screen-cast, you’ll see me installing VNC Server on my Linux Container (Ubuntu 14.04.2 LTS) that has OpenDJ in it and then use a VNC client from the Host OS (Ubuntu 14.10) to access the OpenDJ Control Panel, a very convenient tool to browse the OpenDJ Directory data. Very soon, you’ll see me using OpenDJ control panel for a serious reason. Thank you for your patience.
– Setting up SSL in MySQL database
– Configuring OpenIDM to use SSLto the MySQL database (its internal repository)
Like several other videos that I’ve already published on this blog space around ForgeRock products, this one also makes use of Ubuntu 14.10 host 0S. A Linux Container running Ubuntu 14.04.2 LTS is where we’ve our ForgeRock OpenIDM and MySQL database running. The illustration below might help you get a quick picture about the infrastructure used for the screen-cast:
This post is a demo version of the ForgeRock Documentation on Setting Up OpenAM with HTTPS on Tomcat. I had earlier published a screen-cast on the ForgeRock OpenAM deployment and Configuration on a Apache Tomcat Container running in a LXC. If you haven’t watched it yet, and would like to have a look at it, it’s right here. Below you’ll find the steps that I run in my Ubuntu Linux Container to secure our OpenAM deployment:
– Create a Certificate & store it in keystore in a Linux Container
– Modify the Tomcat Server Configuration file (server.xml) to enable SSL (on port 8443)
– Deploy ForgeRock OpenAM
– Access OpenAM from the host OS and complete the configuration
If it’s hard for your visualize how the infrastructure looks like, here’s an illustration to make life easy.
In continuation to my earlier blog on Installing ForgeRock’s OpenDJ in a Linux Container, and to keep up with the promise of doing my bit to introduce ForgeRock’s software stack, I present here another set of video logs that takes you through the deployment of ForgeRock’s Access Management Solution:
– Installation of Apache Web Server in a Linux Container [Video 00]
– Installation of Apache Tomcat Application a Linux Container [Video 01]
– Deploying ForgeRock OpenAM in a Tomcat Application Server [Video 02]
– Protecting Apache Web Server using ForgeRock OpenAM [Video 03]