Sunday, October 18, 2015

OpenAM (strikes back): Install/Configure Jetty for OpenIG-J2EE Agent

I have used Jetty as OpenIG container (version jetty-distribution-8.1.17.v20150415).

Install Jetty as a service

Download the Jetty distribution and unpack it in the traget directory. Follow instructions in http://www.eclipse.org/jetty/documentation/current/startup-windows-service.html

Several remarks:

  • In the install.bat batch change the set PR_JVMOPTIONS= line to set PR_JVMOPTIONS=-Duser.dir="%JETTY_BASE%";-Djetty.port=8081;-Djava.io.tmpdir="C:\jetty\temp";-Djetty.home="%JETTY_HOME%";-Djetty.base="%JETTY_BASE%";-Dopenig.base="C:\jetty\OpenIG";-Xdebug;-Xnoagent;-Djava.compiler=NONE;-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005; so that the used port will be 8081, the debug support will be enabled and the OpenIG base directory will be set up
  • Removing the service can be done with the command prunsrv.exe //DS/JettyService4OpenIG (JettyService4OpenIG is the chosen name for the service);
  • In order to be able to stop the service I had to remove comment the following lines in the install.bat:
    • REM set PR_STOPPARAMS=--stop;STOP.KEY="%STOPKEY%";STOP.PORT=%STOPPORT%;STOP.WAIT=10
    • REM --StartParams="%PR_STARTPARAMS%" ^

Deploy OpenIG

Rename the war to root.war and deploy it to webapps; remove test.xml from contexts (so that the test application is not deployed (with error))

Deploy J2EE Agent

Follow the instructions in https://backstage.forgerock.com/#!/docs/openam-policy-agents/3.5.0/jee-users-guide#chap-jetty in parallel with https://backstage.forgerock.com/#!/docs/openig/3.1.0/gateway-guide#chap-password-capture-replay-tutorial to deploy the agent on the same Jetty instance

Configure the Agent

  • Go to the newly defined realm (let's say it's named MyRealm) and select the Agents tab
  • Select the J2EE tab
  • Add a new Agent; be sure to use the port configured in Jetty (8081 in my case) in defining URLs:

Notices:

  • Even if the agent is defined as part for MyRealm configuration and the property com.sun.identity.agents.config.organization.name = /MyRealm in agents bootstrap properties (OpenSSOAgentBootstrap.properties) is set up properly the generated login URL (at runtime) will not contain the targeted realm so user authentication will take place against Top Level Realm.
  • Password relay will not work with XUI interface due to a bug solved in subsequent 12.0.0 releases (available only to subscribers) so the solution is to switch to classic UI (https://bugster.forgerock.org/jira/browse/OPENAM-5921). See https://backstage.forgerock.com/#!/docs/openam/12.0.0/install-guide/chap-custom-ui on how to disable XUI.
  • Changing /repaly to /replay/* will allow us to integrate more than one legacy applications in the system by using different specific routes in OpenIG; the ideea is that any GET to <OpenIG-URL>/relay/MyApp will trigger the same replay process by redirecting the user to OpenAM login dialog; the redirect back to OpenIG will be at the same URL which now will be forwarded to OpenIG which in turn based on this URL different routes can come into action (see OpenIG specifics below).

Configure OpenIG

There is not obvious at the first glance but we must define the config.js in config subdirectory of the configuread OpenIG base directory (parameter -Dopenig.base, see above) and the specific routes in config\routes.

config.js

{
    "handler": {
        "type": "Router",
        "audit": "global",
        "capture": "all"
    },
    "heap": [
        {
            "name": "LogSink",
            "type": "ConsoleLogSink",
            "config": {
                "level": "DEBUG"
            }
        },
        {
            "name": "JwtSession",
            "type": "JwtSession"
        },
        {
            "name": "ClientHandler",
            "type": "ClientHandler"
        },
        {
            "name": "capture",
            "type": "CaptureDecorator",
            "config": {
                "captureEntity": true,
                "_captureExchange": true
            }
        }
    ]
}

Routes for OTRS

Login route

{
    "handler": {
        "type": "Chain",
        "config": {
            "filters": [
                {
                    "type": "CryptoHeaderFilter",
                    "config": {
                        "messageType": "REQUEST",
                        "operation": "DECRYPT",
                        "algorithm": "DES/ECB/NoPadding",
                        "key": "xxx",
                        "keyType": "DES",
                        "charSet": "utf-8",
                        "headers": [
                            "password"
                        ]
                    }
                },
                {
                    "type": "AssignmentFilter",
                    "config": {
                        "onRequest": [
                            {
                                "target": "${exchange.authInfoUsername}",
                                "value": "${exchange.request.headers['username'][0]}"
                            },
                            {
                                "target": "${exchange.authInfoPassword}",
                                "value": "${exchange.request.headers['password'][0]}"
                            }
                        ]
                    }
                },
                {
                    "type": "HeaderFilter",
                    "config": {
                        "messageType": "REQUEST",
                        "remove": [
                            "password",
                            "username"
                        ]
                    }
                },
                {
                    "type": "StaticRequestFilter",
                    "config": {
                        "method": "POST",
                        "uri": "https://otrs-fqdn/otrs/customer.pl",
                        "form": {
                            "User": [
                                "${exchange.authInfoUsername}"
                            ],
                            "Password": [
                                "${exchange.authInfoPassword}"
                            ],
                            "Action":["Login"],
                            "RequestedURL":[""],
                            "Lang":["en"],
                            "TimeOffset":["-180"]
                        }
                    }
                }
            ],
            "handler": "ClientHandler"
        }
    },
    "condition": "${matches(exchange.request.uri.path, '^/replay/otrs')}"
}

Default route

{
    "handler": "ClientHandler",
    "condition": "${matches(exchange.request.uri.path, '^/otrs')}",
    "baseURI": "https://otrs-fqdn"

}

Routes for othe application (two steps login)

This application is JSF based so the POST at login view must have the session cookie set. The solution is to have a first step requesting GET before so that the session is created.

Login route

{
    "heap": [
        {
            "name": "DispatchHandler",
            "type": "DispatchHandler",
            "config": {
                "bindings": [
                    {
                        "handler": {
                            "type": "Chain",
                            "config": {
                                "filters": [
                                    {
                                        "type": "CryptoHeaderFilter",
                                        "config": {
                                            "messageType": "REQUEST",
                                            "operation": "DECRYPT",
                                            "algorithm": "DES/ECB/NoPadding",
                                            "key": "xxx",
                                            "keyType": "DES",
                                            "charSet": "utf-8",
                                            "headers": [
                                                "password"
                                            ]
                                        }
                                    },
                                    {
                                        "type": "AssignmentFilter",
                                        "config": {
                                            "onRequest": [
                                                {
                                                    "target": "${exchange.authInfoUsername}",
                                                    "value": "${exchange.request.headers['username'][0]}"
                                                },
                                                {
                                                    "target": "${exchange.authInfoPassword}",
                                                    "value": "${exchange.request.headers['password'][0]}"
                                                }
                                            ]
                                        }
                                    },
                                    {
                                        "type": "HeaderFilter",
                                        "config": {
                                            "messageType": "REQUEST",
                                            "remove": [
                                                "password",
                                                "username"
                                            ]
                                        }
                                    },
                                    
                                    {
                                        "type": "StaticRequestFilter",
                                        "config": {
                                            "method": "GET",
                                            "uri": "http://legacy-app-fqdn:8081/MyApp/faces/login.xhtml"
                                        }
                                    },
                                    {
                                        "type": "SwitchFilter",
                                        "config": {
                                            "onResponse": [
                                                {
                                                    "handler": "LoginRequestHandler"
                                                }
                                            ]
                                        }
                                    },
                                    {
                                        "type": "EntityExtractFilter",
                                        "config": {
                                            "messageType": "response",
                                            "target": "${exchange.viewState}",
                                            "bindings": [
                                                {
                                                    "key": "value",
                                                    "pattern":
                                                        "javax\\.faces\\.ViewState\"\\s.*value=\"(.*)\"\\s*autocomplete=",
                                                    "template": "$1"
                                                }
                                            ]
                                        }
                                    },
                                    {
                                        "type": "AssignmentFilter",
                                        "config": {
                                            "onResponse": [
                                                {
                                                    "target": "${exchange.sessionCookie}",
                                                    "value": "${split(exchange.response.headers['Set-Cookie'][0],';')[0]}"
                                                }
                                            ]
                                        }
                                    }

                                ],
                                "handler": "ClientHandler"
                            }
                        }
    
                    }
            
                ]
            }
        },
        {
            "name": "LoginRequestHandler",
            "type": "Chain",
            "config": {
                "filters": [
                
                {
                    "type": "StaticRequestFilter",
                    "config": {
                        "method": "POST",
                        "uri": "http://legacy-app-fqdn:8081/MyApp/faces/login.xhtml",
                        "form": {
                            "loginForm:j_username": [
                                "${exchange.authInfoUsername}"
                            ],
                            "loginForm:j_password": [
                                "${exchange.authInfoPassword}"
                            ],
                            "loginForm":["loginForm"],
                            "loginForm:j_idt17":[""],
                            "javax.faces.ViewState":["${exchange.viewState.value}"]
                        },
                        "headers": {
                            "Cookie": ["${exchange.sessionCookie}"]
                        }
                    }
                },
                {
                     "type": "HeaderFilter",
                     "config": {
                         "messageType": "RESPONSE",
                         "add": {
                             "Set-Cookie": [ "${exchange.sessionCookie}; path=/MyApp" ]
                         }
                     }
                }
                ],
                "handler": "ClientHandler"
            }
        }
    ],
    "handler": "DispatchHandler",
    "condition": "${matches(exchange.request.uri.path, '^/replay/MyApp')}"
}

Default route

{
    "handler": "ClientHandler",
    "condition": "${matches(exchange.request.uri.path, '^/MyApp')}",
    "baseURI": "http://legacy-app-fqdn:8081"

}

Several remarks

As I decided to abandon this solution there were things unconfigured or missconfigured. Just to mention two:

  • Logout process (you might end up with the simulation of SSO screwed up if the users logout of one the application trying to re-log-in as a different user)
  • Sniffing the network during tests I noticed announcement (POSTs if I remember corectly) from OpenAM to J2EE agent, messages not intercepted by the agent and forwarded (or dropped, depending on default router configuration) by OpenIG
SSBoYXZlIHVzZWQgSmV0dHkgYXMgT3BlbklHIGNvbnRhaW5lciAodmVyc2lvbiBqZXR0eS1kaXN0cmlidXRpb24tOC4xLjE3LnYyMDE1MDQxNSkuDQoNCiMgSW5zdGFsbCBKZXR0eSBhcyBhIHNlcnZpY2UNCg0KRG93bmxvYWQgdGhlIEpldHR5IGRpc3RyaWJ1dGlvbiBhbmQgdW5wYWNrIGl0IGluIHRoZSB0cmFnZXQgZGlyZWN0b3J5Lg0KRm9sbG93IGluc3RydWN0aW9ucyBpbiBbaHR0cDovL3d3dy5lY2xpcHNlLm9yZy9qZXR0eS9kb2N1bWVudGF0aW9uL2N1cnJlbnQvc3RhcnR1cC13aW5kb3dzLXNlcnZpY2UuaHRtbF0oaHR0cDovL3d3dy5lY2xpcHNlLm9yZy9qZXR0eS9kb2N1bWVudGF0aW9uL2N1cnJlbnQvc3RhcnR1cC13aW5kb3dzLXNlcnZpY2UuaHRtbCkNCg0KU2V2ZXJhbCByZW1hcmtzOg0KKiBJbiB0aGUgaW5zdGFsbC5iYXQgYmF0Y2ggY2hhbmdlIHRoZSBgc2V0IFBSX0pWTU9QVElPTlM9YCBsaW5lIHRvIGBzZXQgUFJfSlZNT1BUSU9OUz0tRHVzZXIuZGlyPSIlSkVUVFlfQkFTRSUiOy1EamV0dHkucG9ydD04MDgxOy1EamF2YS5pby50bXBkaXI9IkM6XGpldHR5XHRlbXAiOy1EamV0dHkuaG9tZT0iJUpFVFRZX0hPTUUlIjstRGpldHR5LmJhc2U9IiVKRVRUWV9CQVNFJSI7LURvcGVuaWcuYmFzZT0iQzpcamV0dHlcT3BlbklHIjstWGRlYnVnOy1Ybm9hZ2VudDstRGphdmEuY29tcGlsZXI9Tk9ORTstWHJ1bmpkd3A6dHJhbnNwb3J0PWR0X3NvY2tldCxzZXJ2ZXI9eSxzdXNwZW5kPW4sYWRkcmVzcz01MDA1O2Agc28gdGhhdCB0aGUgdXNlZCBwb3J0IHdpbGwgYmUgODA4MSwgdGhlIGRlYnVnIHN1cHBvcnQgd2lsbCBiZSBlbmFibGVkIGFuZCB0aGUgT3BlbklHIGJhc2UgZGlyZWN0b3J5IHdpbGwgYmUgc2V0IHVwDQoqIFJlbW92aW5nIHRoZSBzZXJ2aWNlIGNhbiBiZSBkb25lIHdpdGggdGhlIGNvbW1hbmQgYHBydW5zcnYuZXhlIC8vRFMvSmV0dHlTZXJ2aWNlNE9wZW5JR2AgKEpldHR5U2VydmljZTRPcGVuSUcgaXMgdGhlIGNob3NlbiBuYW1lIGZvciB0aGUgc2VydmljZSk7DQoqIEluIG9yZGVyIHRvIGJlIGFibGUgdG8gc3RvcCB0aGUgc2VydmljZSBJIGhhZCB0byByZW1vdmUgY29tbWVudCB0aGUgZm9sbG93aW5nIGxpbmVzIGluIHRoZSBpbnN0YWxsLmJhdDoNCgkqIGBSRU0gc2V0IFBSX1NUT1BQQVJBTVM9LS1zdG9wO1NUT1AuS0VZPSIlU1RPUEtFWSUiO1NUT1AuUE9SVD0lU1RPUFBPUlQlO1NUT1AuV0FJVD0xMGANCgkqIGBSRU0gIC0tU3RhcnRQYXJhbXM9IiVQUl9TVEFSVFBBUkFNUyUiIF5gDQoNCiMgRGVwbG95IE9wZW5JRw0KDQpSZW5hbWUgdGhlIHdhciB0byBgcm9vdC53YXJgIGFuZCBkZXBsb3kgaXQgdG8gd2ViYXBwczsgcmVtb3ZlIHRlc3QueG1sIGZyb20gY29udGV4dHMgKHNvIHRoYXQgdGhlIHRlc3QgYXBwbGljYXRpb24gaXMgbm90IGRlcGxveWVkICh3aXRoIGVycm9yKSkNCg0KIyBEZXBsb3kgSjJFRSBBZ2VudA0KDQpGb2xsb3cgdGhlIGluc3RydWN0aW9ucyBpbiBbaHR0cHM6Ly9iYWNrc3RhZ2UuZm9yZ2Vyb2NrLmNvbS8jIS9kb2NzL29wZW5hbS1wb2xpY3ktYWdlbnRzLzMuNS4wL2plZS11c2Vycy1ndWlkZSNjaGFwLWpldHR5XShodHRwczovL2JhY2tzdGFnZS5mb3JnZXJvY2suY29tLyMhL2RvY3Mvb3BlbmFtLXBvbGljeS1hZ2VudHMvMy41LjAvamVlLXVzZXJzLWd1aWRlI2NoYXAtamV0dHkpIGluIHBhcmFsbGVsIHdpdGggW2h0dHBzOi8vYmFja3N0YWdlLmZvcmdlcm9jay5jb20vIyEvZG9jcy9vcGVuaWcvMy4xLjAvZ2F0ZXdheS1ndWlkZSNjaGFwLXBhc3N3b3JkLWNhcHR1cmUtcmVwbGF5LXR1dG9yaWFsXShodHRwczovL2JhY2tzdGFnZS5mb3JnZXJvY2suY29tLyMhL2RvY3Mvb3BlbmlnLzMuMS4wL2dhdGV3YXktZ3VpZGUjY2hhcC1wYXNzd29yZC1jYXB0dXJlLXJlcGxheS10dXRvcmlhbCkgdG8gZGVwbG95IHRoZSBhZ2VudCBvbiB0aGUgc2FtZSBKZXR0eSBpbnN0YW5jZQ0KDQojIENvbmZpZ3VyZSB0aGUgQWdlbnQNCg0KKiBHbyB0byB0aGUgbmV3bHkgZGVmaW5lZCByZWFsbSAobGV0J3Mgc2F5IGl0J3MgbmFtZWQgTXlSZWFsbSkgYW5kIHNlbGVjdCB0aGUgQWdlbnRzIHRhYg0KKiBTZWxlY3QgdGhlIEoyRUUgdGFiDQoqIEFkZCBhIG5ldyBBZ2VudDsgYmUgc3VyZSB0byB1c2UgdGhlIHBvcnQgY29uZmlndXJlZCBpbiBKZXR0eSAoODA4MSBpbiBteSBjYXNlKSBpbiBkZWZpbmluZyBVUkxzOg0KCSogU2V0IGBBZ2VudCBGaWx0ZXIgTW9kZWAgdG8gYFNTT19PTkxZYA0KCSogU2V0IHRoZSBgT3BlbkFNIExvZ2luIFVSTGAgdG8gY29udGFpbiB0aGUgYHJlYWxtPU15UmVhbG1gIHF1ZXJ5IHBhcmFtZXRlcioNCgkqIENoYW5nZSB0aGUgYHdlYmRlZmF1bHQueG1sYCBpbiBldGMgc3ViZGlyZWN0b3J5IG9mIEpldHR5IGluc3RhbGxhdGlvbiBhcyBtZW50aW9uZWQgaW4gSjJFRSBhZ2VudCBjb25maWd1cmF0aW9uIChbaHR0cHM6Ly9iYWNrc3RhZ2UuZm9yZ2Vyb2NrLmNvbS8jIS9kb2NzL29wZW5pZy8zLjEuMC9nYXRld2F5LWd1aWRlI2NhcHR1cmUtcmVsYXktc2V0dXAtcGFdKGh0dHBzOi8vYmFja3N0YWdlLmZvcmdlcm9jay5jb20vIyEvZG9jcy9vcGVuaWcvMy4xLjAvZ2F0ZXdheS1ndWlkZSNjYXB0dXJlLXJlbGF5LXNldHVwLXBhKSkgYnV0IHVzZSBgPHVybC1wYXR0ZXJuPi9yZXBsYXkvKjwvdXJsLXBhdHRlcm4+YCBpbnN0ZWFkIG9mIGA8dXJsLXBhdHRlcm4+L3JlcGxheS88L3VybC1wYXR0ZXJuPmAgKHNlZSBiZWxvdy4uLikuDQoNCioqTm90aWNlczoqKiANCiogRXZlbiBpZiB0aGUgYWdlbnQgaXMgZGVmaW5lZCBhcyBwYXJ0IGZvciBNeVJlYWxtIGNvbmZpZ3VyYXRpb24gYW5kICB0aGUgcHJvcGVydHkgYGNvbS5zdW4uaWRlbnRpdHkuYWdlbnRzLmNvbmZpZy5vcmdhbml6YXRpb24ubmFtZSA9IC9NeVJlYWxtYCBpbiBhZ2VudHMgYm9vdHN0cmFwIHByb3BlcnRpZXMgKE9wZW5TU09BZ2VudEJvb3RzdHJhcC5wcm9wZXJ0aWVzKSBpcyBzZXQgdXAgcHJvcGVybHkgdGhlIGdlbmVyYXRlZCBsb2dpbiBVUkwgKGF0IHJ1bnRpbWUpIHdpbGwgbm90IGNvbnRhaW4gdGhlIHRhcmdldGVkIHJlYWxtIHNvIHVzZXIgYXV0aGVudGljYXRpb24gd2lsbCB0YWtlIHBsYWNlIGFnYWluc3QgVG9wIExldmVsIFJlYWxtLg0KKiBQYXNzd29yZCByZWxheSB3aWxsIG5vdCB3b3JrIHdpdGggWFVJIGludGVyZmFjZSBkdWUgdG8gYSBidWcgc29sdmVkIGluIHN1YnNlcXVlbnQgMTIuMC4wIHJlbGVhc2VzIChhdmFpbGFibGUgb25seSB0byBzdWJzY3JpYmVycykgc28gdGhlIHNvbHV0aW9uIGlzIHRvIHN3aXRjaCB0byBjbGFzc2ljIFVJIChbaHR0cHM6Ly9idWdzdGVyLmZvcmdlcm9jay5vcmcvamlyYS9icm93c2UvT1BFTkFNLTU5MjFdKGh0dHBzOi8vYnVnc3Rlci5mb3JnZXJvY2sub3JnL2ppcmEvYnJvd3NlL09QRU5BTS01OTIxKSkuIFNlZSBbaHR0cHM6Ly9iYWNrc3RhZ2UuZm9yZ2Vyb2NrLmNvbS8jIS9kb2NzL29wZW5hbS8xMi4wLjAvaW5zdGFsbC1ndWlkZS9jaGFwLWN1c3RvbS11aV0oaHR0cHM6Ly9iYWNrc3RhZ2UuZm9yZ2Vyb2NrLmNvbS8jIS9kb2NzL29wZW5hbS8xMi4wLjAvaW5zdGFsbC1ndWlkZS9jaGFwLWN1c3RvbS11aSkgb24gaG93IHRvIGRpc2FibGUgWFVJLg0KKiBDaGFuZ2luZyAvcmVwYWx5IHRvIC9yZXBsYXkvKiB3aWxsIGFsbG93IHVzIHRvIGludGVncmF0ZSBtb3JlIHRoYW4gb25lIGxlZ2FjeSBhcHBsaWNhdGlvbnMgaW4gdGhlIHN5c3RlbSBieSB1c2luZyBkaWZmZXJlbnQgc3BlY2lmaWMgcm91dGVzIGluIE9wZW5JRzsgdGhlIGlkZWVhIGlzIHRoYXQgYW55IEdFVCB0byA8T3BlbklHLVVSTD4vcmVsYXkvTXlBcHAgd2lsbCB0cmlnZ2VyIHRoZSBzYW1lIHJlcGxheSBwcm9jZXNzIGJ5IHJlZGlyZWN0aW5nIHRoZSB1c2VyIHRvIE9wZW5BTSBsb2dpbiBkaWFsb2c7IHRoZSByZWRpcmVjdCBiYWNrIHRvIE9wZW5JRyB3aWxsIGJlIGF0IHRoZSBzYW1lIFVSTCB3aGljaCBub3cgd2lsbCBiZSBmb3J3YXJkZWQgdG8gT3BlbklHIHdoaWNoIGluIHR1cm4gYmFzZWQgb24gdGhpcyBVUkwgZGlmZmVyZW50IHJvdXRlcyBjYW4gY29tZSBpbnRvIGFjdGlvbiAoc2VlIE9wZW5JRyBzcGVjaWZpY3MgYmVsb3cpLg0KDQojIENvbmZpZ3VyZSBPcGVuSUcNCg0KVGhlcmUgaXMgbm90IG9idmlvdXMgYXQgdGhlIGZpcnN0IGdsYW5jZSBidXQgd2UgbXVzdCBkZWZpbmUgdGhlIGNvbmZpZy5qcyBpbiBjb25maWcgc3ViZGlyZWN0b3J5IG9mIHRoZSBjb25maWd1cmVhZCBPcGVuSUcgYmFzZSBkaXJlY3RvcnkgKHBhcmFtZXRlciAtRG9wZW5pZy5iYXNlLCBzZWUgYWJvdmUpIGFuZCB0aGUgc3BlY2lmaWMgcm91dGVzIGluIGNvbmZpZ1xyb3V0ZXMuDQoNCg0KIyMgY29uZmlnLmpzDQoNCmBgYEpTT04NCnsNCiAgICAiaGFuZGxlciI6IHsNCiAgICAgICAgInR5cGUiOiAiUm91dGVyIiwNCiAgICAgICAgImF1ZGl0IjogImdsb2JhbCIsDQogICAgICAgICJjYXB0dXJlIjogImFsbCINCiAgICB9LA0KICAgICJoZWFwIjogWw0KICAgICAgICB7DQogICAgICAgICAgICAibmFtZSI6ICJMb2dTaW5rIiwNCiAgICAgICAgICAgICJ0eXBlIjogIkNvbnNvbGVMb2dTaW5rIiwNCiAgICAgICAgICAgICJjb25maWciOiB7DQogICAgICAgICAgICAgICAgImxldmVsIjogIkRFQlVHIg0KICAgICAgICAgICAgfQ0KICAgICAgICB9LA0KICAgICAgICB7DQogICAgICAgICAgICAibmFtZSI6ICJKd3RTZXNzaW9uIiwNCiAgICAgICAgICAgICJ0eXBlIjogIkp3dFNlc3Npb24iDQogICAgICAgIH0sDQogICAgICAgIHsNCiAgICAgICAgICAgICJuYW1lIjogIkNsaWVudEhhbmRsZXIiLA0KICAgICAgICAgICAgInR5cGUiOiAiQ2xpZW50SGFuZGxlciINCiAgICAgICAgfSwNCiAgICAgICAgew0KICAgICAgICAgICAgIm5hbWUiOiAiY2FwdHVyZSIsDQogICAgICAgICAgICAidHlwZSI6ICJDYXB0dXJlRGVjb3JhdG9yIiwNCiAgICAgICAgICAgICJjb25maWciOiB7DQogICAgICAgICAgICAgICAgImNhcHR1cmVFbnRpdHkiOiB0cnVlLA0KICAgICAgICAgICAgICAgICJfY2FwdHVyZUV4Y2hhbmdlIjogdHJ1ZQ0KICAgICAgICAgICAgfQ0KICAgICAgICB9DQogICAgXQ0KfQ0KYGBgDQoNCiMjIFJvdXRlcyBmb3IgT1RSUw0KDQojIyMgTG9naW4gcm91dGUNCg0KYGBgSlNPTg0Kew0KCSJoYW5kbGVyIjogew0KCQkidHlwZSI6ICJDaGFpbiIsDQoJCSJjb25maWciOiB7DQoJCQkiZmlsdGVycyI6IFsNCgkJCQl7DQoJCQkJCSJ0eXBlIjogIkNyeXB0b0hlYWRlckZpbHRlciIsDQoJCQkJCSJjb25maWciOiB7DQoJCQkJCQkibWVzc2FnZVR5cGUiOiAiUkVRVUVTVCIsDQoJCQkJCQkib3BlcmF0aW9uIjogIkRFQ1JZUFQiLA0KCQkJCQkJImFsZ29yaXRobSI6ICJERVMvRUNCL05vUGFkZGluZyIsDQoJCQkJCQkia2V5IjogInh4eCIsDQoJCQkJCQkia2V5VHlwZSI6ICJERVMiLA0KCQkJCQkJImNoYXJTZXQiOiAidXRmLTgiLA0KCQkJCQkJImhlYWRlcnMiOiBbDQoJCQkJCQkJInBhc3N3b3JkIg0KCQkJCQkJXQ0KCQkJCQl9DQoJCQkJfSwNCgkJCQl7DQoJCQkJCSJ0eXBlIjogIkFzc2lnbm1lbnRGaWx0ZXIiLA0KCQkJCQkiY29uZmlnIjogew0KCQkJCQkJIm9uUmVxdWVzdCI6IFsNCgkJCQkJCQl7DQoJCQkJCQkJCSJ0YXJnZXQiOiAiJHtleGNoYW5nZS5hdXRoSW5mb1VzZXJuYW1lfSIsDQoJCQkJCQkJCSJ2YWx1ZSI6ICIke2V4Y2hhbmdlLnJlcXVlc3QuaGVhZGVyc1sndXNlcm5hbWUnXVswXX0iDQoJCQkJCQkJfSwNCgkJCQkJCQl7DQoJCQkJCQkJCSJ0YXJnZXQiOiAiJHtleGNoYW5nZS5hdXRoSW5mb1Bhc3N3b3JkfSIsDQoJCQkJCQkJCSJ2YWx1ZSI6ICIke2V4Y2hhbmdlLnJlcXVlc3QuaGVhZGVyc1sncGFzc3dvcmQnXVswXX0iDQoJCQkJCQkJfQ0KCQkJCQkJXQ0KCQkJCQl9DQoJCQkJfSwNCgkJCQl7DQoJCQkJCSJ0eXBlIjogIkhlYWRlckZpbHRlciIsDQoJCQkJCSJjb25maWciOiB7DQoJCQkJCQkibWVzc2FnZVR5cGUiOiAiUkVRVUVTVCIsDQoJCQkJCQkicmVtb3ZlIjogWw0KCQkJCQkJCSJwYXNzd29yZCIsDQoJCQkJCQkJInVzZXJuYW1lIg0KCQkJCQkJXQ0KCQkJCQl9DQoJCQkJfSwNCgkJCQl7DQoJCQkJCSJ0eXBlIjogIlN0YXRpY1JlcXVlc3RGaWx0ZXIiLA0KCQkJCQkiY29uZmlnIjogew0KCQkJCQkJIm1ldGhvZCI6ICJQT1NUIiwNCgkJCQkJCSJ1cmkiOiAiaHR0cHM6Ly9vdHJzLWZxZG4vb3Rycy9jdXN0b21lci5wbCIsDQoJCQkJCQkiZm9ybSI6IHsNCgkJCQkJCQkiVXNlciI6IFsNCgkJCQkJCQkJIiR7ZXhjaGFuZ2UuYXV0aEluZm9Vc2VybmFtZX0iDQoJCQkJCQkJXSwNCgkJCQkJCQkiUGFzc3dvcmQiOiBbDQoJCQkJCQkJCSIke2V4Y2hhbmdlLmF1dGhJbmZvUGFzc3dvcmR9Ig0KCQkJCQkJCV0sDQoJCQkJCQkJIkFjdGlvbiI6WyJMb2dpbiJdLA0KCQkJCQkJCSJSZXF1ZXN0ZWRVUkwiOlsiIl0sDQoJCQkJCQkJIkxhbmciOlsiZW4iXSwNCgkJCQkJCQkiVGltZU9mZnNldCI6WyItMTgwIl0NCgkJCQkJCX0NCgkJCQkJfQ0KCQkJCX0NCgkJCV0sDQoJCQkiaGFuZGxlciI6ICJDbGllbnRIYW5kbGVyIg0KCQl9DQoJfSwNCgkiY29uZGl0aW9uIjogIiR7bWF0Y2hlcyhleGNoYW5nZS5yZXF1ZXN0LnVyaS5wYXRoLCAnXi9yZXBsYXkvb3RycycpfSINCn0NCmBgYA0KDQojIyMgRGVmYXVsdCByb3V0ZQ0KDQpgYGBKU09ODQp7DQogICAgImhhbmRsZXIiOiAiQ2xpZW50SGFuZGxlciIsDQoJImNvbmRpdGlvbiI6ICIke21hdGNoZXMoZXhjaGFuZ2UucmVxdWVzdC51cmkucGF0aCwgJ14vb3RycycpfSIsDQoJImJhc2VVUkkiOiAiaHR0cHM6Ly9vdHJzLWZxZG4iDQoNCn0NCmBgYA0KDQojIyBSb3V0ZXMgZm9yIG90aGUgYXBwbGljYXRpb24gKHR3byBzdGVwcyBsb2dpbikNCg0KVGhpcyBhcHBsaWNhdGlvbiBpcyBKU0YgYmFzZWQgc28gdGhlIFBPU1QgYXQgbG9naW4gdmlldyBtdXN0IGhhdmUgdGhlIHNlc3Npb24gY29va2llIHNldC4gVGhlIHNvbHV0aW9uIGlzIHRvIGhhdmUgYSBmaXJzdCBzdGVwIHJlcXVlc3RpbmcgR0VUIGJlZm9yZSBzbyB0aGF0IHRoZSBzZXNzaW9uIGlzIGNyZWF0ZWQuDQoNCiMjIyBMb2dpbiByb3V0ZQ0KDQpgYGBKU09ODQp7DQoJImhlYXAiOiBbDQogICAgICAgIHsNCiAgICAgICAgICAgICJuYW1lIjogIkRpc3BhdGNoSGFuZGxlciIsDQogICAgICAgICAgICAidHlwZSI6ICJEaXNwYXRjaEhhbmRsZXIiLA0KICAgICAgICAgICAgImNvbmZpZyI6IHsNCiAgICAgICAgICAgICAgICAiYmluZGluZ3MiOiBbDQogICAgICAgICAgICAgICAgICAgIHsNCgkJCQkJCSJoYW5kbGVyIjogew0KCQkJCQkJCSJ0eXBlIjogIkNoYWluIiwNCgkJCQkJCQkiY29uZmlnIjogew0KCQkJCQkJCQkiZmlsdGVycyI6IFsNCgkJCQkJCQkJCXsNCgkJCQkJCQkJCQkidHlwZSI6ICJDcnlwdG9IZWFkZXJGaWx0ZXIiLA0KCQkJCQkJCQkJCSJjb25maWciOiB7DQoJCQkJCQkJCQkJCSJtZXNzYWdlVHlwZSI6ICJSRVFVRVNUIiwNCgkJCQkJCQkJCQkJIm9wZXJhdGlvbiI6ICJERUNSWVBUIiwNCgkJCQkJCQkJCQkJImFsZ29yaXRobSI6ICJERVMvRUNCL05vUGFkZGluZyIsDQoJCQkJCQkJCQkJCSJrZXkiOiAieHh4IiwNCgkJCQkJCQkJCQkJImtleVR5cGUiOiAiREVTIiwNCgkJCQkJCQkJCQkJImNoYXJTZXQiOiAidXRmLTgiLA0KCQkJCQkJCQkJCQkiaGVhZGVycyI6IFsNCgkJCQkJCQkJCQkJCSJwYXNzd29yZCINCgkJCQkJCQkJCQkJXQ0KCQkJCQkJCQkJCX0NCgkJCQkJCQkJCX0sDQoJCQkJCQkJCQl7DQoJCQkJCQkJCQkJInR5cGUiOiAiQXNzaWdubWVudEZpbHRlciIsDQoJCQkJCQkJCQkJImNvbmZpZyI6IHsNCgkJCQkJCQkJCQkJIm9uUmVxdWVzdCI6IFsNCgkJCQkJCQkJCQkJCXsNCgkJCQkJCQkJCQkJCQkidGFyZ2V0IjogIiR7ZXhjaGFuZ2UuYXV0aEluZm9Vc2VybmFtZX0iLA0KCQkJCQkJCQkJCQkJCSJ2YWx1ZSI6ICIke2V4Y2hhbmdlLnJlcXVlc3QuaGVhZGVyc1sndXNlcm5hbWUnXVswXX0iDQoJCQkJCQkJCQkJCQl9LA0KCQkJCQkJCQkJCQkJew0KCQkJCQkJCQkJCQkJCSJ0YXJnZXQiOiAiJHtleGNoYW5nZS5hdXRoSW5mb1Bhc3N3b3JkfSIsDQoJCQkJCQkJCQkJCQkJInZhbHVlIjogIiR7ZXhjaGFuZ2UucmVxdWVzdC5oZWFkZXJzWydwYXNzd29yZCddWzBdfSINCgkJCQkJCQkJCQkJCX0NCgkJCQkJCQkJCQkJXQ0KCQkJCQkJCQkJCX0NCgkJCQkJCQkJCX0sDQoJCQkJCQkJCQl7DQoJCQkJCQkJCQkJInR5cGUiOiAiSGVhZGVyRmlsdGVyIiwNCgkJCQkJCQkJCQkiY29uZmlnIjogew0KCQkJCQkJCQkJCQkibWVzc2FnZVR5cGUiOiAiUkVRVUVTVCIsDQoJCQkJCQkJCQkJCSJyZW1vdmUiOiBbDQoJCQkJCQkJCQkJCQkicGFzc3dvcmQiLA0KCQkJCQkJCQkJCQkJInVzZXJuYW1lIg0KCQkJCQkJCQkJCQldDQoJCQkJCQkJCQkJfQ0KCQkJCQkJCQkJfSwNCgkJCQkJCQkJCQ0KCQkJCQkJCQkJew0KCQkJCQkJCQkJCSJ0eXBlIjogIlN0YXRpY1JlcXVlc3RGaWx0ZXIiLA0KCQkJCQkJCQkJCSJjb25maWciOiB7DQoJCQkJCQkJCQkJCSJtZXRob2QiOiAiR0VUIiwNCgkJCQkJCQkJCQkJInVyaSI6ICJodHRwOi8vbGVnYWN5LWFwcC1mcWRuOjgwODEvTXlBcHAvZmFjZXMvbG9naW4ueGh0bWwiDQoJCQkJCQkJCQkJfQ0KCQkJCQkJCQkJfSwNCgkJCQkJCQkJCXsNCgkJCQkJCQkJCQkidHlwZSI6ICJTd2l0Y2hGaWx0ZXIiLA0KCQkJCQkJCQkJCSJjb25maWciOiB7DQoJCQkJCQkJCQkJCSJvblJlc3BvbnNlIjogWw0KCQkJCQkJCQkJCQkJew0KCQkJCQkJCQkJCQkJCSJoYW5kbGVyIjogIkxvZ2luUmVxdWVzdEhhbmRsZXIiDQoJCQkJCQkJCQkJCQl9DQoJCQkJCQkJCQkJCV0NCgkJCQkJCQkJCQl9DQoJCQkJCQkJCQl9LA0KCQkJCQkJCQkJew0KCQkJCQkJCQkJCSJ0eXBlIjogIkVudGl0eUV4dHJhY3RGaWx0ZXIiLA0KCQkJCQkJCQkJCSJjb25maWciOiB7DQoJCQkJCQkJCQkJCSJtZXNzYWdlVHlwZSI6ICJyZXNwb25zZSIsDQoJCQkJCQkJCQkJCSJ0YXJnZXQiOiAiJHtleGNoYW5nZS52aWV3U3RhdGV9IiwNCgkJCQkJCQkJCQkJImJpbmRpbmdzIjogWw0KCQkJCQkJCQkJCQkJew0KCQkJCQkJCQkJCQkJCSJrZXkiOiAidmFsdWUiLA0KCQkJCQkJCQkJCQkJCSJwYXR0ZXJuIjoNCgkJCQkJCQkJCQkJCQkJImphdmF4XFwuZmFjZXNcXC5WaWV3U3RhdGVcIlxccy4qdmFsdWU9XCIoLiopXCJcXHMqYXV0b2NvbXBsZXRlPSIsDQoJCQkJCQkJCQkJCQkJInRlbXBsYXRlIjogIiQxIg0KCQkJCQkJCQkJCQkJfQ0KCQkJCQkJCQkJCQldDQoJCQkJCQkJCQkJfQ0KCQkJCQkJCQkJfSwNCgkJCQkJCQkJCXsNCgkJCQkJCQkJCQkidHlwZSI6ICJBc3NpZ25tZW50RmlsdGVyIiwNCgkJCQkJCQkJCQkiY29uZmlnIjogew0KCQkJCQkJCQkJCQkib25SZXNwb25zZSI6IFsNCgkJCQkJCQkJCQkJCXsNCgkJCQkJCQkJCQkJCQkidGFyZ2V0IjogIiR7ZXhjaGFuZ2Uuc2Vzc2lvbkNvb2tpZX0iLA0KCQkJCQkJCQkJCQkJCSJ2YWx1ZSI6ICIke3NwbGl0KGV4Y2hhbmdlLnJlc3BvbnNlLmhlYWRlcnNbJ1NldC1Db29raWUnXVswXSwnOycpWzBdfSINCgkJCQkJCQkJCQkJCX0NCgkJCQkJCQkJCQkJXQ0KCQkJCQkJCQkJCX0NCgkJCQkJCQkJCX0NCg0KCQkJCQkJCQldLA0KCQkJCQkJCQkiaGFuZGxlciI6ICJDbGllbnRIYW5kbGVyIg0KCQkJCQkJCX0NCgkJCQkJCX0NCiAgICANCgkJCQkJfQ0KCQkJDQoJCQkJXQ0KCQkJfQ0KCQl9LA0KCQl7DQogICAgICAgICAgICAibmFtZSI6ICJMb2dpblJlcXVlc3RIYW5kbGVyIiwNCiAgICAgICAgICAgICJ0eXBlIjogIkNoYWluIiwNCiAgICAgICAgICAgICJjb25maWciOiB7DQogICAgICAgICAgICAgICAgImZpbHRlcnMiOiBbDQoJCQkJDQoJCQkJew0KCQkJCQkidHlwZSI6ICJTdGF0aWNSZXF1ZXN0RmlsdGVyIiwNCgkJCQkJImNvbmZpZyI6IHsNCgkJCQkJCSJtZXRob2QiOiAiUE9TVCIsDQoJCQkJCQkidXJpIjogImh0dHA6Ly9sZWdhY3ktYXBwLWZxZG46ODA4MS9NeUFwcC9mYWNlcy9sb2dpbi54aHRtbCIsDQoJCQkJCQkiZm9ybSI6IHsNCgkJCQkJCQkibG9naW5Gb3JtOmpfdXNlcm5hbWUiOiBbDQoJCQkJCQkJCSIke2V4Y2hhbmdlLmF1dGhJbmZvVXNlcm5hbWV9Ig0KCQkJCQkJCV0sDQoJCQkJCQkJImxvZ2luRm9ybTpqX3Bhc3N3b3JkIjogWw0KCQkJCQkJCQkiJHtleGNoYW5nZS5hdXRoSW5mb1Bhc3N3b3JkfSINCgkJCQkJCQldLA0KCQkJCQkJCSJsb2dpbkZvcm0iOlsibG9naW5Gb3JtIl0sDQoJCQkJCQkJImxvZ2luRm9ybTpqX2lkdDE3IjpbIiJdLA0KCQkJCQkJCSJqYXZheC5mYWNlcy5WaWV3U3RhdGUiOlsiJHtleGNoYW5nZS52aWV3U3RhdGUudmFsdWV9Il0NCgkJCQkJCX0sDQoJCQkJCQkiaGVhZGVycyI6IHsNCgkJCQkJCQkiQ29va2llIjogWyIke2V4Y2hhbmdlLnNlc3Npb25Db29raWV9Il0NCgkJCQkJCX0NCgkJCQkJfQ0KCQkJCX0sDQoJCQkJew0KCQkJCQkgInR5cGUiOiAiSGVhZGVyRmlsdGVyIiwNCgkJCQkJICJjb25maWciOiB7DQoJCQkJCQkgIm1lc3NhZ2VUeXBlIjogIlJFU1BPTlNFIiwNCgkJCQkJCSAiYWRkIjogew0KCQkJCQkJCSAiU2V0LUNvb2tpZSI6IFsgIiR7ZXhjaGFuZ2Uuc2Vzc2lvbkNvb2tpZX07IHBhdGg9L015QXBwIiBdDQoJCQkJCQkgfQ0KCQkJCQkgfQ0KCQkJCX0NCiAgICAgICAgICAgICAgICBdLA0KICAgICAgICAgICAgICAgICJoYW5kbGVyIjogIkNsaWVudEhhbmRsZXIiDQoJCQl9DQogICAgICAgIH0NCgldLA0KCSJoYW5kbGVyIjogIkRpc3BhdGNoSGFuZGxlciIsDQoJImNvbmRpdGlvbiI6ICIke21hdGNoZXMoZXhjaGFuZ2UucmVxdWVzdC51cmkucGF0aCwgJ14vcmVwbGF5L015QXBwJyl9Ig0KfQ0KYGBgIA0KDQojIyMgRGVmYXVsdCByb3V0ZQ0KDQpgYGBKU09ODQp7DQogICAgImhhbmRsZXIiOiAiQ2xpZW50SGFuZGxlciIsDQoJImNvbmRpdGlvbiI6ICIke21hdGNoZXMoZXhjaGFuZ2UucmVxdWVzdC51cmkucGF0aCwgJ14vTXlBcHAnKX0iLA0KCSJiYXNlVVJJIjogImh0dHA6Ly9sZWdhY3ktYXBwLWZxZG46ODA4MSINCg0KfQ0KYGBgDQoNCiMgU2V2ZXJhbCByZW1hcmtzDQoNCkFzIEkgZGVjaWRlZCB0byBhYmFuZG9uIHRoaXMgc29sdXRpb24gdGhlcmUgd2VyZSB0aGluZ3MgdW5jb25maWd1cmVkIG9yIG1pc3Njb25maWd1cmVkLiBKdXN0IHRvIG1lbnRpb24gdHdvOg0KKiBMb2dvdXQgcHJvY2VzcyAoeW91IG1pZ2h0IGVuZCB1cCB3aXRoIHRoZSBzaW11bGF0aW9uIG9mIFNTTyBzY3Jld2VkIHVwIGlmIHRoZSB1c2VycyBsb2dvdXQgb2Ygb25lIHRoZSBhcHBsaWNhdGlvbiB0cnlpbmcgdG8gcmUtbG9nLWluIGFzIGEgZGlmZmVyZW50IHVzZXIpDQoqIFNuaWZmaW5nIHRoZSBuZXR3b3JrIGR1cmluZyB0ZXN0cyBJIG5vdGljZWQgYW5ub3VuY2VtZW50IChQT1NUcyBpZiBJIHJlbWVtYmVyIGNvcmVjdGx5KSBmcm9tIE9wZW5BTSB0byBKMkVFIGFnZW50LCBtZXNzYWdlcyBub3QgaW50ZXJjZXB0ZWQgYnkgdGhlIGFnZW50IGFuZCBmb3J3YXJkZWQgKG9yIGRyb3BwZWQsIGRlcGVuZGluZyBvbiBkZWZhdWx0IHJvdXRlciBjb25maWd1cmF0aW9uKSBieSBPcGVuSUc=
Posted by at

1 comment :

  1. Wegems AgencyDecember 9, 2023 at 2:35 PM

    Join the OpenAM saga as it strikes back! Unleash the power of seamless integration by diving into the installation and configuration of Jetty for the OpenIG-J2EE Agent. This guide is your lightsaber on the journey to mastering the force of OpenAM. May the configurations be with you! 💻🌌 #OpenAM #Jetty #TechJedi

    ReplyDelete

Subscribe to: Post Comments ( Atom )