inWebo Connector for Forgerock OpenAM

Prerequisites

  • OpenAM version 13.0.0+
  • SSOAdminTools
  • Tomcat 7
  • Oracle Sun JDK 1.7
  • (JCE) Unlimited Strength Jurisdiction Policy Files

Installation

Follow the below steps to install the connector:

$ unzip package -d /tmp/openam-ui-inwebo
$ sudo cp /tmp/openam-ui-inwebo/edit-webapp/WEB-INF/lib/*.jar /path/to/tomcat/webapps/openam/WEB-INF/lib/
$ sudo cp /tmp/openam-ui-inwebo/edit-webapp/config/auth/default/* /path/to/tomcat/webapps/openam/config/auth/default/
$ sudo rm -rf /opt/tomcat/webapps/openam/XUI/*
$ sudo cp -R /tmp/openam-ui-inwebo/edit-webapp/XUI/* /path/to/webapps/openam/XUI/
$ sudo cp /tmp/openam-ui-inwebo/edit-webapp/js/* /path/to/webapps/openam/js/
$ sudo echo password > /tmp/pwd.txt
$ sudo chmod 400 /tmp/pwd.txt
$ sudo ssoadm create-svc -u amadmin --password-file /tmp/pwd.txt --xmlfile /tmp/openam-ui-inwebo/config/amAuthInWeboAuth.xml -v
$ sudo ssoadm register-auth-module -u amadmin -f /tmp/pwd.txt -a org.forgerock.openam.inwebo.InWeboAuth -v
$ sudo /etc/init.d/tomcat restart

Configuration of inWebo Secure Ssite

To allow inWebo authentication on your OpenAM server page, you must add a new Web Service type secure site. To do so:

  • go to inWebo administration console→Secure Sites
  • add a new secure site of type Web Services connector

The format of the called URL should be:

http(s)://{OPENAM_HOST}/openam/UI/Login //if you are using the openAM UI
http(s)://{OPENAM_HOST}/openam/XUI //if you are using the openAM XUI

The default authentication form values are:

  • Form name: Login
  • Login field name: idToken1
  • Password field name: idToken2

Configuration of inWebo connector in OpenAm

To configure inWebo authentication in OpenAM:

  • go to OpenAM Admin console and log in as 'amadmin'
  • navigate to {REALM}→Authentification→Modules
  • add new module with inWebo Authentication Type

To test the configuration, go to:

http(s)://{OPENAM_HOST}/openam/UI/Login?module=inWeboTest //if you are using the openAM UI
http(s)://{OPENAM_HOST}/openam/XUI/#login/&module=inWeboTest //if you are using the openAM XUI

How to disable XUI

To disable XUI:

  • go to OpenAM Admin console and log in as 'amadmin'
  • navigate to Configuration→Authentication→Core→Global Attributes
  • uncheck the 'XUI Interface' attribute

UI Customization

To develop and customize the UI in a faster manner, disable the cache as follow:

  • go to OpenAM Admin console and log in as 'amadmin'
  • go to Configuration→Servers and Sites→Server Name→Advanced
  • set 'org.forgerock.openam.core.resource.lookup.cache.enabled' to false

NOTE: For production servers, leave the parameter set to the default value, true

Debug

To display debug information, goto

http(s)://{OPENAM_HOST}/openam/Debug.jsp