14 November 2013

OpenAM v11 Training Courses Now Available

Online and in-classes are now available for the new v11 of OpenAM.

DURATION -  5 days

COURSE CONTENTS -

Module 1: Introduction
Module 2: OpenAM Story
Module 3: Web Application Integration
Module 4: Monitoring and Troubleshooting OpenAM
Module 5: OpenAM Configuration
Module 6: Identities
Module 7: Authentication Lifecycle
Module 8: Authentication Administration
Module 9: Sessions
Module 10: CDSSO and Restricted Tokens
Module 11: Authorization Architecture
Module 12: Authorization Configuration
Module 13: Authorization Policy Evaluation
Module 14: Federation Architecture
Module 15: Federation Configuration
Module 16: Customizing OpenAM
Module 17: Installation and Upgrade

Where: MicroTek - New York City
When: January 27 - 31, 2014
Register for Course

Where: Europe - Online
When: February 10 - 14, 2014
Register for Course

Where: Americas - Online
When: March 3 - 7, 2014
Register for Course

Where: Europe - Online
When: April 14 - 18, 2014
Register for Course

Where: Americas - Online
When: May 12 - 16, 2014
Register for Course

Where: Europe - Online
When: June 9 - 13, 2014
Register for Course

5 November 2013

ForgeRock Technical Enablement Free 1/2 Day Webinars

ForgeRock University offers a range of product focused courses for online and classroom based learning.  They cover all of OpenAM, OpenIDM and OpenDJ from an initial overview, right through to 'in-the-weeds' hands on deployment scenarios.

For the full ForgeRock University schedule see - http://forgerock.com/services/university/

In addition ForgeRock offer free 1/2 day online webinars, that act as primers to the full courses.  They give a great overview of each product, including concepts, architecture and deployment approaches.

The following are available for November:

OpenAM Product Overview (FR-120) - FREE
Where: Europe - Online Live (LV)
When: November 8th, 2013 (time 10 AM - 1 PM CET)

OpenAM Product Overview (FR-120) - FREE
Where: US - Online Live (LV)
When: November 15th, 2013 (time 10 AM - 1 PM EST)


OpenIDM Product Overview (FR-111) - FREE
Where: US - Online Live (LV)
When: November 22nd, 2013 (time 10 AM - 1 PM EST)


OpenIDM Product Overview (FR-111) - FREE
Where: Europe - Online Live (LV)
When: November 29th, 2013 (time 10 AM - 1 PM CET)



4 November 2013

OpenIDM Shell REST Client

I have recently updated the OpenIDM shell REST client to include pulling back access, activity and recon logs over REST.  The client helps with command line management of an OpenIDM environment by performing admin tasks over the REST interface simply via a menu system.  The set of scripts is just built on curl.

Download the .zip via Github or simply clone the repo.  To run, use ./interactive.sh (which just acts as menu driven front end) or you can still call the scripts individually.  Make sure you configure your OpenIDM server settings and port.

User management is based on simple create-read-update-delete tasks, as well as doing specific attribute/value searches.

The recon menu allows you to run specific recon tasks, just by adding in the mapping name from the conf/sync.json file.  You can then drill down into the specific recon log entries to check for orphans or missing objects.




I will add more scripts as the endpoints develop.  For further information on the OpenIDM REST API take a look at the OpenIDM Integrators Guide.



OpenAM Shell REST Client

Last week I updated my OpenAM Shell REST client to not only use the newer REST endpoints of v11, but also added an interactive menu, similar to what I had added to the OpenIDM client and OpenDJ one too.

The client was to really test the new API and see what endpoints had been added.  The biggest difference in v11 is the ability to use callbacks within the authentication module response, allowing other attribute values to be passed back to OpenAM, instead of the traditional username and password values.

The client is just a collection of individual shell scripts that call curl and jq for additional JSON parsing.

JQ isn't really needed as OpenAM now offers a
_prettyPrint=true parameter that can do some basic JSON parsing before the response is delivered.  JQ is just useful if you want to iterate over object that comes back and pull out specific attributes.

I then added a simple menu system, just using case, with each menu having it's own file, just to keep the management easy.  A bit of OO in bash :)

To use, simply either download via Github as a zip or clone the repo.  Run ./interactive.sh to get started (albeit you can still run each script individually).  Add in your OpenAM server settings via option 'C'.  Away you go.  You need to authenticate to do anything.  Authenticating via any method, will create a .token file in the shell client directory which is then reused during subsequent calls to OpenAM as a header value.

You can authenticate to any realm, module or service and then check that your current token is valid.

You then retrieve the attributes associated with that token, before going onto managing objects within then OpenAM repo such as realms, agents, users and so policies.

There are basic create-read-update-delete menus for users, realms and agents, that are simply based on the HTTP verbs GET and PUT.  Creating objects I've simplified by allowing the new object to be added to a JSON file and simply pulled up via a PUT using the _action=create parameter.

For further details on the OpenAM REST client endpoints, take a look at chapter 3 of the Developers guide available at ForgeRock documentation site.