SmarterApp Logo
OpenAM Installation Checklist
2024-03-26 14:03:06 -0400 |

Overview

Item Description
Purpose Provide authentication for TDS components
Communicates With Progman
Permissions
ART
Proctor
Teacher Hand-Scoring System
TestSpecBank
Repository Location https://github.com/SmarterApp/IM_OpenAM
Additional Documentation SBAC OpenAM Installation
SBAC SSO Design

Instructions

Create AWS Instance

Create Load Balancer

Install OpenAM on AWS Instance

Update OpenDJ Configuration

Change OAuth Client Agent Configuration

Verify OpenAM Installation

Log Into Admin Console

Verify OpenDJ Connectivity

Verify OAuth Access Token Retrieval

curl -i -X POST \
   -H "Content-Type:application/x-www-form-urlencoded" \
   -d "grant_type=password" \
   -d "username=[Email address of user account that exists in OpenDJ, e.g. the email address for the Prime User account]" \
   -d "password=[Password for user account that exists in OpenDJ, e.g. the password for the Prime User account]" \
   -d "client_id=[OAuth Client ID from OpenAM, OAuth Client IDs found in Access Control -> click on sbac link -> click on Agents tab -> click on OAuth 2.0/OpenID Connect Client tab]" \
   -d "client_secret=[Client ID secret from OpenAM, if client secret was not changed, value will be sbac12345]" \
 'https://[FQDN or IP address of OpenAM server]/auth/oauth2/access_token?realm=%2Fsbac'
curl -i -X POST \
   -H "Content-Type:application/x-www-form-urlencoded" \
   -d "grant_type=password" \
   -d "username=prime.user@example.com" \
   -d "password=[redacted]" \
   -d "client_id=pm" \
   -d "client_secret=[redacted]" \
 'https://sso-deployment-oauth-test.sbtds.org/auth/oauth2/access_token?realm=%2Fsbac'
 
{
    "scope": "cn givenName mail sbacTenancyChain sbacUUID sn",
    "expires_in": 35999,
    "token_type": "Bearer",
    "refresh_token": "ed48e54b-b951-4fe5-bb23-ea8d2d215613",
    "access_token": "82d62be8-136d-4eeb-8f94-68e13b19fc5f"
}

Helpful OpenAM Tips

View OAuth 2.0 Profile Information

com.forgerock.openam.oauth2provider.clientType=Confidential
com.forgerock.openam.oauth2provider.contacts[0]=
com.forgerock.openam.oauth2provider.description[0]=
com.forgerock.openam.oauth2provider.name[0]=
com.forgerock.openam.oauth2provider.redirectionURIs[0]=
com.forgerock.openam.oauth2provider.responseTypes[0]=code
com.forgerock.openam.oauth2provider.responseTypes[1]=token
com.forgerock.openam.oauth2provider.responseTypes[2]=id_token
com.forgerock.openam.oauth2provider.responseTypes[3]=code token
com.forgerock.openam.oauth2provider.responseTypes[4]=token id_token
com.forgerock.openam.oauth2provider.responseTypes[5]=code id_token
com.forgerock.openam.oauth2provider.responseTypes[6]=code token id_token
userpassword=[redacted]

Turn on Debugging in OpenAM

Command-Line Utilities for OpenAM

Troubleshooting

OAuth 2.0 Authentication Failure

back to Deployment Checklists

As of Fall 2018 the Smarter Balanced Test Delivery System (TDS) is no longer supported.

The code base and documentation for the TDS is available within the Smarter Balanced GitHub repository.

Creative Commons License Unless stated otherwise, all content on SmarterApp.org is licensed under a Creative Commons Attribution 4.0 International License.