Loading...

Follow IDMFUN - More than just Identity & Access Manag.. on Feedspot

Continue with Google
Continue with Facebook
or

Valid
Issue:

Trying to update the UserPrincipalName (UPN) of B2B user to some public domain email address like siva@gmail.com in Azure AD tenant and results below error message.

Error message - "Property userPrincipalName is invalid"



Solution:

Make sure create/update user UPN with verified domain names in Azure AD tenant.
Thanks
Siva Pokuri.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Identity federation standards identify two operational roles in an SSO transaction:
the identity provider (IdP) and the service provider (SP).

An IdP, for example, might be an enterprise that manages accounts for a large number of users who may need secure access to the Web-based applications or services of customers, suppliers, and business partners.

An SP might be a SaaS provider or a business-process outsourcing (BPO) vendor wanting to simplify client access to its services.

Identity federation allows both types of organizations to define a trust relationship whereby the SP provides access to users from the IdP.
The IdP continues to manage its users, and the SP trusts the IdP to authenticate them.
Thanks,
Aditya
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Offen this kind of setup needed especially when deploying ping access internally and token provider such as Ping federation/Aure AD in the cloud.

In this kind of set up, secure internet access needed from Ping Access needed in order to register the token provider.

First, register the internet proxy IP and port number (provide credentials if proxy need authentication) in the Ping Access Administration console settings >> networking >> proxies

Next, Add created proxy instance to Administration/replica Administration nodes and all the engine nodes(If in the multinode cluster setup) else if in a standalone setup adding in Primary Administration node is good enough.

Thanks
Siva Pokuri



Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Error:-The AccessGate is unable to contact any Access Servers."#011raw_code^301#011

Version:-OAM 11.1.2.3 and later

Work Around:-

1.Go into oamconsole and modify the webagte profile ( may be decrease the Cache Timeout by a           second )for the first agent and save it.
2.Download webagte artifacts
3.Copy the artifacts from the the oam server directory to appropriate directories for the
   correct webgate.
4.Restart the webserver instance on which webgate is running.






Thanks,
Aditya.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 







Thanks
Siva Pokuri.

Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Problem:

Once Ping Access is installed and configured as Windows service. The service then fails to start.

One possible most common issue is with JAVA_HOME environment variable. 

Solution:

Check if JAVA_HOME env and set at SYSTEM level not just USER level if not already set. It may be necessary to restart the Windows server to pick up the system variable change.

Then try starting the service again.

Thanks.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Below screenshot refers new and updated alert from OIM 12c:


Thanks,
Aditya.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Below steps tested with Tomcat 9.0.11 on Windows machine.

Open command prompt / terminal and execute below keytool command to create a new key store with self signed certificate by replacing the alias and keystore values.

keytool.exe -genkey -alias <<certaliasname>>-keyalg RSA -keystore <<location to save keystore>>\<<keystorename>>

provide the details of the certificate as it asks questions.

Open server.xml file from <<TOMCAT_HOME>>/conf/ location

and add below text by replacing keystoreFile and keystorePass values.

 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
               keystoreFile="<<path to keystore file>>"
       keystorePass="<<keystore password>>" />


then restart the tomcat server and access https://<<hostname>>:8443

Thanks!








Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
Issue:-At times you may notice that one or more Web sites are not started in IIS 7.0. If you try to manually start the Web site, it may fail with the following error message:

Internet Information Services (IIS) Manager - The process cannot access the file because it is being used by another process.
(Exception from HRESULT: 0x80070020)


Environment:-Windows 2012R2 server

Error Cause:-The error code 0x80070020 translates to ERROR_SHARING_VIOLATION (The process cannot access the file because it is being used by another process.)

This issue may occur if TCP port 80 and/or 443 is grabbed by a different service.

Solution:-First check to see what is listening on port 80.
                Open a command prompt and enter the following command:

                 netstat -ano | find ":80"

 netstat -aon | find ":443"
  
  In this case process ID 4228 was listening on port 80.
                  To check what this process is open task manager and locate that PID.
  (Note you may need to select View -> Select columns -> PID first).


  1.It turns out a developer installed Apache which was listening
                     on port 80 and causing a conflict.To resolve the conflict change one service to run
                     on a different port or uninstall the unnecessary web server.
          2.In Task bar we can select httpd.exe running on  port 80 and end process

Now you can start and stop IIS website.
Thanks,
Aditya.
Read Full Article
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 
OpenSSL command to extract SSL host certificate

openssl s_client -servername <<servername>> -connect <<servername>>:<<portnumber>>

Java Keytool Commands for Creating and Importing
  • Generate a Java keystore and key pair
    keytool -genkey -alias mydomain -keyalg RSA -keystore keystorename.jks -keysize 2048
  • Generate a certificate signing request for an existing Java keystore
    keytool -certreq -alias domainname -keystore keystore.jks -file domainname.csr
  • Import a root or intermediate CA certificate to an existing Java keystore
    keytool -import -trustcacerts -alias root -file serverchain1.crt -keystore keystore.jks
  • Import a signed primary certificate to an existing Java keystore
    keytool -import -trustcacerts -alias mydomainname -file mydomainname.crt -keystore keystore.jks
  • keytool -genkey -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass password -validity 360 -keysize 2048
Java Keytool Commands for Checking
  • Check a stand-alone certificate
    keytool -printcert -v -file mydomain.crt
  • Check which certificates are in a Java keystore
    keytool -list -v -keystore keystore.jks
  • Check a particular keystore entry using an alias
    keytool -list -v -keystore keystore.jks -alias mydomain
  • Delete a certificate from a Java Keytool keystore
    keytool -delete -alias mydomain -keystore keystore.jks
  • Change a Java keystore password
    keytool -storepasswd -new new_storepass -keystore keystore.jks
  • Export a certificate from a keystore
    keytool -export -alias mydomain -file mydomain.crt -keystore keystore.jks
  • List Trusted CA Certs
    keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts
  • Import New CA into Trusted Certs
    keytool -import -trustcacerts -file /path/to/ca/ca.pem -alias CA_ALIAS -keystore $JAVA_HOME/jre/lib/security/cacerts
Read Full Article

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview