Skip to content

OpenAM Configuration

Jump to bottom Edit New page
Zoopa edited this page Jun 19, 2015 · 10 revisions

Configuring OpenAM

Login to OpenAM (e.g. https://openam.example.com/openam) with the user 'amadmin' and the password chosen during the installation.

Most configuration will be done in the "Access Control" tab. A lot of additional configuration will be possible, but only the necessary steps are listed here. In the "Access Control" tab, choose the default realm to get started.

Services

First, we have to set up the required services. To add a new service, click on the "add" button and select the service name:

  • User Self Service: Users should be able to register, therefore we have to select "Self-Registration for Users". If users should be able to reset a forgotten password, check "Forgot Password for Users"

  • E-Mail Service: The registration sends automated E-Mail. For this, a mail server needs to be configured. Gmail, for instance, uses hostname=smtp.gmail.com and port=465. Authentication username and password are the credentials for the GMail account to be used.

  • OAuth2 Provider: Most default settings can be used. Only in the "Supported Claims" list you need to add 3 additional values: keystoneid, isMemberOf, memberOf

Save the changes at the top

Agents

Choose the sub-tab OAuth 2.0/OpenID Connect Client. Add a new agent. You can choose any desired name and password (Note: These credentials must match the configured values of OAUTH_CLIENT_NAME and OAUTH_CLIENT_PASS in the /WEB-INF/configuration.txt file). After saving, you will be redirected back to the Agent overview.

Click on the newly created Agent name to access the configuration page. In the "Scope(s)" list, add the following entries: openid, profile, keystoneid, memberOf, isMemberOf

Save your settings at the top

Subjects

Choose the sub-tab Group and create a new group called CyclopsAdmin.

Privileges

Choose the CyclopsAdmin group to change its privileges as follows:

Custom Profile Attribute

Additionally to the in-OpenAM configuration, a new profile attribute needs to be added. Following the official guide, an optional attribute called keystoneid needs to be added for the dashboard to store an OpenStack Keystone User ID. Note that later versions of the installation script will automate this step.

For the first step, this value can be used: <AttributeSchema name="keystoneid" type="single" syntax="string" any="optional|display" i18nKey="Keystone ID"> </AttributeSchema>

Note: Do not restart Tomcat until you have finished all three steps

Add a custom footer
Add a custom sidebar
Clone this wiki locally