Monday, January 20, 2014

OpenDJ 2.6.0 on Windows Platform

Installing OpenDJ on Windows can sometimes be clueless.

I was at a customer's site last week and was trying to showcase how easy it would be to install and setup OpenDJ and had it up and running in minutes.

I had done it countless times before the meet-up …. on Linux and Solaris …. and on my Windows 7 laptop ….  Ooops! Big mistake!

I was trying to impress, but was embarrassed.

The customer gave me a Windows Server 2008 OS. So what? I remembered Windows 2008 is supported.

But as soon as I executed setup.bat, the following error occurred:
"…\lib\winlauncher.exe is not a valid Win32 application"

A quick workaround is by setting the appropriate ClassPath and running the Java command directly.

set CLASSPATH=C:\…\opendj\lib\bootstrap.jar

java.exe -Dorg.opends.server.scriptName=setup org.opends.quicksetup.installer.SetupLauncher

That solved the setup.bat issue. But subsequently, I needed to start OpenDJ using start-ds.bat. Bomb yet again! So embarrassed.

I am now trying to reproduce the problem in our labs with a Windows 2008 R2 server and attempting to go via the pure Java command path.

Anyone encountered similar issue on Windows machine?


Thursday, January 16, 2014

OpenAM Policy Agent 3.3.0 for Apache HTTPD 2.4 for Windows Platform

In the latest release of OpenAM Policy Agent 3.3.0, a web policy agent is now available for Apache HTTPD Server 2.4 (OPENAM-1195).

This week, I am in a customer's site to help them with a PoC. They are on Windows platform and thus I downloaded the Policy Agent for Apache 2.4 for Windows ( for  them.

No luck! The agentadmin.bat could not even execute!

The following error is encountered: could not find or load main class 

I found out that in the agent's lib directory, there is only a single jar file (apache24_agent.jar). Missing jar files (opensso-installtools-launcher.jar and opensso-installtools.jar).

That's quite silly, but not a big deal. What I did was to download Policy Agent for Apache 2.2 for Windows ( The 2 missing jars were there.

Copy and paste and the problem was solved!

The next issue was harder. 

Customer had install Apache 2.4 ( from ApacheLouge. 

When policy agent was installed/configured and the Apache HTTPD server was started, we encountered the following error:

httpd: Syntax error on line 532 of C:/Users/Administrator/Downloads/Apache24-VC11/conf/httpd.conf: Syntax error on line 1 of C:/Users/Administrator/Downloads/apache24_agent/Agent_001/config/dsame.conf: Cannot load C:/Users/Administrator/Downloads/apache24_agent/bin/libamapc24.dll into server: %1 is not a valid Win32 application.

I have no clue what happened and in the end, we downgraded to Apache 2.2 instead.

This morning, I tried installing Apache 2.4 from ApacheHaus ( and integrate Policy Agent 2.4 with it.

No problem!

Why? I have no idea.


Tuesday, January 7, 2014

CA SiteMinder 12.52 release

CA has just released SiteMinder 12.52 with the launch of Enhanced Session Assurance with DeviceDNA™feature.

In this new release we’ve taken a significant step forward in security – something that all too often gets overlooked in the rush for SSO. The latest release of CA SiteMinder addresses the challenge of session stealing and replay with a new patent-pending technology that leverages the proven capabilities from our CA Advanced Authentication product line to map a CA SiteMinder session to a particular device. We can then detect if a session is stolen and replayed through a different device, at which time the session is invalidated and security is preserved.

The product that has been plugged into SiteMinder is CA RiskMinder. This product has been there for years.

If customers wanted to integrate SiteMinder with RiskMinder, they had to pay. With SiteMinder 12.52, everything comes free!

Now, I hope there is no need to install RiskMinder separately in 12.52 in order to use the Enhanced Session Assurance with DeviceDNA™feature.

By the way, this reminds me that OpenAM has similar feature since version 10.0.0 - Adaptive Authentication Module. In OpenAM 11.0.0, the adaptive authentication capability has been enhanced with Device Print authentication module.

OpenAM adaptive authentication capabilities now include the Device Print authentication module (OPENAM-1375). The Device Print module uses characteristics of a system, including installed fonts, screen resolution, timezone, and also geolocation to uniquely identify the system. The Device Print module includes all of the functionality associated with the HOTP authentication module.

Nothing extra to install. The new module comes built-in by default.