OpenAM | Mirror of https : //

 by   OpenRock Java Version: 13.0.0 License: No License

kandi X-RAY | OpenAM Summary

kandi X-RAY | OpenAM Summary

OpenAM is a Java library. OpenAM has build file available and it has low support. However OpenAM has 20714 bugs and it has 22 vulnerabilities. You can download it from GitHub.

DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. Copyright (c) 2011-2012 ForgeRock AS Inc. All Rights Reserved. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. To view a copy of this license, visit or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. You can also obtain a copy of the license at src/main/resources/legal-notices/CC-BY-NC-ND.txt. See the License for the specific language governing permissions and limitations under the License. If applicable, add the following below this CCPL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner].

            kandi-support Support

              OpenAM has a low active ecosystem.
              It has 138 star(s) with 176 fork(s). There are 29 watchers for this library.
              It had no major release in the last 12 months.
              OpenAM has no issues reported. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of OpenAM is 13.0.0

            kandi-Quality Quality

              OpenAM has 20714 bugs (163 blocker, 13 critical, 19337 major, 1201 minor) and 134692 code smells.

            kandi-Security Security

              OpenAM has 4 vulnerability issues reported (0 critical, 3 high, 1 medium, 0 low).
              OpenAM code analysis shows 18 unresolved vulnerabilities (9 blocker, 7 critical, 2 major, 0 minor).
              There are 501 security hotspots that need review.

            kandi-License License

              OpenAM does not have a standard license declared.
              Check the repository for any license declaration and review the terms closely.
              Without a license, all rights are reserved, and you cannot use the library in your applications.

            kandi-Reuse Reuse

              OpenAM releases are available to install and integrate.
              Build file is available. You can build the component from source.
              Installation instructions are not available. Examples and code snippets are available.
              OpenAM saves you 3591608 person hours of effort in developing the same functionality from scratch.
              It has 1342440 lines of code, 78521 functions and 11077 files.
              It has high code complexity. Code complexity directly impacts maintainability of the code.

            Top functions reviewed by kandi - BETA

            kandi has reviewed OpenAM and discovered the below as its top functions. This is intended to give you an instant insight into OpenAM implemented functionality, and help decide if they suit your requirements.
            • set attributes
            • returns a list of records
            • Extract process request .
            • Create the SAML response .
            • Process authentication xml request .
            • Create a FSASSert instance
            • Process response .
            • Process logout request .
            • Forward to the login request .
            • Walk the node .
            Get all kandi verified functions for this library.

            OpenAM Key Features

            No Key Features are available at this moment for OpenAM.

            OpenAM Examples and Code Snippets

            No Code Snippets are available at this moment for OpenAM.

            Community Discussions


            Regex using sed or Perl to comment XML Block
            Asked 2021-Dec-04 at 00:37

            I'm trying to comment a section at web.xml inside openAM using only sed or perl -pi (the only tools available to me).

            So, Ill copy here:



            Answered 2021-Nov-30 at 21:07

            You should use XML-aware tools to process XML. You mention Perl, there are several XML-handling modules available.

            But, if you insist, try the following at your own risk:



            PropertyException after wildfly update: property CharacterEscapeHandler must be an instance of type CharacterEscapeHandler
            Asked 2021-Nov-16 at 16:35

            Some time ago I implemented a CustomCharacterEscapeHandler and it worked fine up-to Wildfly-18.0.1. Now when updating to Wildfly 19 or higher I get the following exception:



            Answered 2021-Nov-16 at 16:35

            I found two working solutions:

            1. Adding a startup property to the wildfly startscript -Djavax.xml.bind.JAXBContextFactory=com.sun.xml.bind.v2.ContextFactory
            2. Aligning the JAXB libraries of my application with the wildfly JAXB libs

            Background and some details for the 2nd solution:

            The JAXB used in wildfly 19 has been updated (cp. 1,2). Since nothing worked I started debugging it. First the working version on wildfly 18 and then the non working version. The corresponding code is :



            OpenAM ITfoxtec Saml2 invalid signature response?
            Asked 2021-Oct-26 at 09:03

            I'm trying to integrate OpenAM Saml SSO to my .net 5 application. ITfoxtec.Saml2 is used to handle the authentication on the SP. When trying to login, a valid post samlResponse is send. But when validating the response, I get following exception.



            Answered 2021-Oct-26 at 09:03

            The ITfoxtec Identity Saml2 package do not read the IdP signing certificate in the EntityDescriptor/KeyDescriptor element, the element is not supported. The IdP certificate is read in the EntityDescriptor/IDPSSODescriptor/KeyDescriptor element.

            Valid IdP metadata sample for the TestIdPCore sample:



            OAuth2 authorization code flow: spring-security does not accept the issued access_token
            Asked 2021-Oct-01 at 08:00

            I am learning the OAuth2 authorization code flow.

            • I have my own Authorization Server (AS) which is OpenAM 7.1.
            • The Client is a simple Spring-Boot web application with a static HTML page, I use Spring-Security to protect the HTML page and control the Oauth2 flow.

            I think that my Authorization Server configuration is correct because AS produces the access_token at the end when I simulate the communication with CURL. But somehow Spring-Security does not want to accept the issued and validated access token. So I think that my Spring-Security configuration is not correct.

            I tried to configure Spring-Security in many different ways, but unfortunately, none of them was working. Maybe I need to implement the steps that I execute with CURL with Spring-Security, but maybe I just missed a configuration line.

            This is the last step of my CURL chain where AS gives me the access token (exchange the authorization code for an access token):



            Answered 2021-Oct-01 at 08:00

            I notice two issues in the code you have shared.

            The first is that you may be confusing an OAuth 2.0 resource server and an OAuth 2.0 client.
            The application running on is configured as an OAuth 2.0 client.
            However, you are making a request to, providing a bearer token and asking for a resource.
            The client will not validate the bearer token. In this scenario it seems like you are treating the application as if it were a resource server.

            If you are looking to create a resource server application, you can see the full documentation in the Spring Security reference.

            The second issue is the behaviour you described when accessing the client in the browser.
            The problem here is customising redirect-uri:

            When doing this you override the default redirect URI, which is /login/oauth2/callback/{registrationId}.

            This URI is special because it prompts the OAuth2LoginAuthenticationFilter to process the request, attempt to authenticate the user and create the OAuth2AuthenticationToken.

            When you customise redirect URI, the OAuth2LoginAuthenticationFilter is not invoked and the application does not know if the user is authenticated.



            bash variable as a command: echo the command before execution and save the result to a variable
            Asked 2021-Sep-24 at 22:18

            I am executing a chain of curl commands:

            1. I need to echo the command before the execution.
            2. Execute the command and save the result to a bash variable.
            3. Get values from the result of the execution and execute the next curl with that values.

            This is how it looks like:



            Answered 2021-Sep-24 at 19:42

            I guess OUT=$(eval $CMD) will do what you want.



            Using Nullish Coaleshing Operator
            Asked 2021-Aug-29 at 19:06

            The program goes through the days and prints the opening and closing hours for each day. On saturday the situation is different, there is no PM times. So by using ?? I thought the program could switch to the second sentence as on Saturday {openPM} and {closePM} are undefined,but it does not work.



            Answered 2021-Aug-29 at 08:55

            Your first template string cannot be null thus your nullish operator can never be in action. So in your case, you probably don't want to use ?? but the ternary operator ? : to decide which string template to output



            Insert multiple rows of data with out looping the table data
            Asked 2021-Aug-17 at 08:02

            I have a table where it holds some duplicate entries, I would like to copy over the distinct entries to another table with out looping the data. I need to check if the distinct data exists in other table and insert what ever is missing. Here is the query I am writing, I feel like it can be implement better



            Answered 2021-Aug-17 at 08:02

            This query should do what you want :)



            Issue Building OpenAM from source
            Asked 2021-Aug-06 at 10:32

            I am trying to build the OpenAM from source.

            My System Config : OS : elementary OS (5.1.7 Hera) Kernel : 5.4.0-74-generic Java: java-15 (JAVA_HOME=/usr/lib/jvm/java-15-oracle) Apache Maven 3.6.0

            I cloned the repository and run the command mvn install -f OpenAM. While building I first got the error



            Answered 2021-Aug-06 at 10:32

            Ok. Finally solved. Java 8 is required.



            How to make OpenAM to return jwt-token with simple username and password authentication
            Asked 2021-Feb-03 at 12:41

            My problem is that I want to configure Openam so that it returns a JWT-token when I use The simplest user name / password authentication. By default, it returns tokenId. But in my case, I need only JWT-token. I am using this endpoint for authentication:




            Answered 2021-Jan-31 at 16:51

            OpenAM only issues a JWT when you are using 'stateless' / client based SSO session. If you need a standardised JWT, then you need to configure OpenAM as OIDC provider.



            How to create a web policy agent in OpenAM given that the server URL has a not fully qualified hostname?
            Asked 2020-Dec-18 at 12:08

            Question: How to create a web policy agent in OpenAM given that the server URL, which OpenAM runs on, has a not fully qualified hostname?

            Initial situation: For a Prove of concept (POC), I emulate a server structure using docker. I have an apache webserver as a resource server (docker container), an OpenAM docker container for the access management, and a flask web app running in a third container as the client. I configured OpenAM via the GUI. Sofar my flask app can authenticate, request, and retrieve access tokens using simple requests as specified here. However now I also want to protect the apache resource server. For the start without flask and simply by installing an OpenAM Web Policy Agent on the apache webserver and configuring a web policy agent profile in OpenAM following this official ForgeRock guide.

            Problem: When configuring the agent profile in OpenAM using the GUI the OpenAM container's domain name http://openam:8080/openam is not accepted as a valid server URL.

            If I use instead e.g. http://openam.local:8080/openam the error does not show.

            What I tried so far:

            1. I added an Nginx container that functions as a reverse proxy and used it to change the container's hostnames to .local. Now I can reach the containers e.g. via http://openam.local:8080/openam and http://apache.local:8080. However, when I now access the OpenAM GUI using http://openam.local:8080/openam, enter the default passwords, and press Create Configuration the configuration fails with the following message:
            2. Unable to solve the problem from (1) I figured that I recall the Nginx setup and instead try to configure the agent profile using the command line - in the hope that the above error Hostname of server URL is not fully qualified is restricted to the GUI. For the setup via the command line there existed the easy command ./ssoadm create-agent ... as descript here. But ssoadm was deprecated in favor of Amster and I am unable to figure out how to configure the agent policy using Amster.


            Answered 2020-Dec-18 at 12:08

            That's a bug in OpenAM console / service validation, it's tracked as OPENAM-16073

            However these times there are some OpenAM forks. I would encourage those people to rename their product / project as it's quite confusing.


            Community Discussions, Code Snippets contain sources that include Stack Exchange Network


            OpenAM (Open Source Edition) 13.0 and later does not properly manage sessions, which allows remote authenticated attackers to change the security questions and reset the login password via unspecified vectors.
            Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
            OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches authentication methods based on AuthnContext requests sent from the service provider.

            Install OpenAM

            You can download it from GitHub.
            You can use OpenAM like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the OpenAM component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer For Gradle installation, please refer .


            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
          • HTTPS


          • CLI

            gh repo clone OpenRock/OpenAM

          • sshUrl


          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Consider Popular Java Libraries


            by CyC2018


            by Snailclimb


            by MisterBooo


            by spring-projects

            Try Top Libraries by OpenRock


            by OpenRockJava


            by OpenRockJava


            by OpenRockJava


            by OpenRockGroovy