ForgeRock welcomes David Goldsmith

ForgeRock Logo Welcome to David Goldsmith who joins the ForgeRock documentation team today. Delighted that you have come to work with us at ForgeRock, David!

If you got identity and access management software training before ForgeRock, David’s name might already be familiar to you. David goes way back with identity management, having designed, developed and delivered training for identity management product lines at Sun Microsystems and at Oracle. He comes to ForgeRock from Cloudera, where he also got to know Hadoop very well. As a hands-on, technical curriculum developer, David has strong experience getting his ideas across in the classroom, in training labs, and in writing.

A while ago I wrote, “We aspire … to share understanding with developers and partners like you.” David can definitely deliver on that aspiration. His work promises to be a big win for the community.


Entering via the Administrator’s door

OpenAM's Authentication capabilities are pretty powerful (e.g. previous post), but as Spiderman almost said, "with great power comes great risk", and there is always the danger of locking yourself out. Having done this several times already this week, it's time to write down how to recover...

I was playing with a new OpenAM Authentication Module (more on this in a later blog) and I foolishly included the new module straight into the default authentication chain, so that when I encountered a bug I then couldn't login to correct the problem (or so I thought).

To limit the lockout risk, I guess I should have tested the module (ahead of putting it in the default chain) using one of these approaches:
  1. If the module can be executed standalone (rather than in a chain), explicitly specify the module in the URL:
    http://openam.example.com:18080/openam/UI/Login?module=testModule
  2. If you need chain then explicitly specify the test chain:
    http://openam.example.com:18080/openam/UI/Login?service=testScript
  3. Use a test realm when testing new authentication modules, and use a test chain in this realm:
    http://openam.example.com:18080/openam/UI/Login?realm=test
If you didn't have that hindsight and you are reading this blog because you are currently locked out, you could do the inverse of the above, i.e. explicitly specify the known good modules/chains, or you could use the rather cool OpenAM notion of the Administrator's entry point.
This is accessed by visiting http://openam.example.com:18080/openam/console.
Doing this causes OpenAM to use the Administrator Authentication Configuration which is usually configured here:

This separate entry point is more usually used to demand stronger authentication for administration access, but it may just save your locked-out bacon too ;-)

Cheers,
- FB


Entering via the Administrator’s door

OpenAM's Authentication capabilities are pretty powerful (e.g. previous post), but as Spiderman almost said, "with great power comes great risk", and there is always the danger of locking yourself out. Having done this several times already this week, it's time to write down how to recover...

I was playing with a new OpenAM Authentication Module (more on this in a later blog) and I foolishly included the new module straight into the default authentication chain, so that when I encountered a bug I then couldn't login to correct the problem (or so I thought).

To limit the lockout risk, I guess I should have tested the module (ahead of putting it in the default chain) using one of these approaches:
  1. If the module can be executed standalone (rather than in a chain), explicitly specify the module in the URL:
    http://openam.example.com:18080/openam/UI/Login?module=testModule
  2. If you need chain then explicitly specify the test chain:
    http://openam.example.com:18080/openam/UI/Login?service=testScript
  3. Use a test realm when testing new authentication modules, and use a test chain in this realm:
    http://openam.example.com:18080/openam/UI/Login?realm=test
If you didn't have that hindsight and you are reading this blog because you are currently locked out, you could do the inverse of the above, i.e. explicitly specify the known good modules/chains, or you could use the rather cool OpenAM notion of the Administrator's entry point.
This is accessed by visiting http://openam.example.com:18080/openam/console.
Doing this causes OpenAM to use the Administrator Authentication Configuration which is usually configured here:

This separate entry point is more usually used to demand stronger authentication for administration access, but it may just save your locked-out bacon too ;-)

Cheers,
- FB


ForgeRock doc tools 2.1.3 released

ForgeRock doc tools 2.1.3 is now available.

This is a minor maintenance release, mainly of the default branding.

As mentioned in the release notes, this release brings one improvement and two bug fixes:

  • DOCS-72: Improve widow and orphan control in PDF
    You can now use the processing instruction <?hard-pagebreak?> between block elements to force an unconditional page break in PDF (and RTF) output. The processing instruction has no effect on HTML output.
  • DOCS-162: <replaceable> tags within <screen> tags have no effect in the HTML
    The <replaceable> text now shows up in bold+italic font.
  • DOCS-173: Link text too dark in top-right banner showing latest release

No configuration changes are required, except to update the version number in your POM. See the README for more about how to use the doc tools.


Did you miss the 2014 IRM Summit ?

IRM Summit 2014Two weeks ago, the first IRM Summit took place in Phoenix AZ, at the amazing Arizona Biltmore. It was a great pleasure to meet with many friends and acquaintances, analysts and experts in the Identity space. Lots of conversations, ideas et food for thoughts !

If you haven’t been able to attend, or missed a session or two, you can watch the videos from the event :  https://www.youtube.com/user/ForgeRock/videos

And as usual, I’ve made all the photos that I’ve taken during the event available online, including the ForgeRock Partner event that happened the day earlier.

I hope to see you this fall at the European IRM Summit, in Luton Hoo, UK (more information should be available soon on the IRM Summit site or ForgeRock.com)

ForgeRock marketing team


Filed under: Identity Tagged: conference, ForgeRock, identity, IRM, IRMSummit, IRMSummit2014, summit

ForgeRock doc tools 2.1.2 released

Thanks to Gene Hirayama and Laszlo Hordos for their contributions, and to Lana Frost for testing. ForgeRock doc tools 2.1.2 is now available.

This is a maintenance release of the Maven doc build plugin, the default branding, and the common content. No configuration changes are required, except to update the version number in your POM. In order to benefit from improvements to the PDF cover pages, however, you will want to add logos and update the authors list to include a corporate author.

For details about fixes, enhancements, and known issues in the doc tools, see the release notes.