Wikis - Page

Easy NAM Client

0 Likes

Introduction:

 


NetIQ Access Manager 4.4 provides a rich set of REST Endpoints for NAM such as components Administration and OAuth/OpenID Management. EasyNAMClient uses those Rest Endpoints to provide a learning tool to new NAM users. This tool can be used by NAM/OAuth beginners as a starting point to explore NAM REST Endpoints and to write an OAuth client.

 

Features:

 




    1. Admin Console APIs

 

    1. IDP Monitoring

 

    1. AG Monitoring

 

    1. User Session

 

    1. OAuth Client Management
      You need to have an Access Token to perform the operation specified below. Access Token can be received using Password Grant of Easy NAM Client.
      a. View Client Application using Client ID
      b. View all the Client Applications created by a user
      c. Modify Client Application
      d. Delete Client Application

 

    1. Testing of OAuth Grants:
      a. Authorization code
      b. Implicit
      c. Password/Resource Owner
      This also includes support for Refresh Token grant and Token Revocation. This grant can also be used to get Access Token for OAuth Client Management.
      d. Client Credentials
      e. SAML2 Bearer




 

Deployment:

 



Download the file EasyNAMClient and unzip the folder on your desktop machine. Access the file EasyNAMClient.html using Chrome browser. EasyNAMClient can be used to test different OAuth Grants, and you do not need to create a specific Client for EasyNAMClient in NAM. EasyNAMClient will work with any OAuth Client Application.

 

How to use:

 



EasyNAMClient is simple to use, and GUI is self-explanatory. Below are some links to the videos which can help start using the tool. Note that this tool is open for customization. You can also make HTML code changes (EasyNAMClient.html) and Angular JS code changes (oauthapp.js) to write your own NAM client.

Links to videos explaining how to use Easy NAM Client:


    1. Admin Console APIs

 

    1. IDP Monitoring

 

    1. AG Monitoring

 

    1. User Session

 

    1. OAuth Client Management
      You need to have an Access Token to do the operation specified below. Access Token can be received using Password Grant of Easy NAM Client.
      a. View Client Application using Client ID
      b. View all the Client Applications created by the user
      c. Modify Client Application
      d. Delete Client Application

 

    1. Testing of OAuth Grants
      a. Authorization Code
      b. Implicit
      c. Password/Resource Owner
      This also includes support for Refresh Token grant and Token Revocation. This grant can also be used to get Access Token for OAuth Client Management.
      d. Client Credentials
      e. SAML2 Bearer

 

    1. Issues you may face while using EasyNAMClient




 

Limitations:

 



EasyNAMClient only works with Chrome Browser.

 

Display:

 



Easy NAM Client shows JSON/XML objects similar to those returned by NAM Endpoints.

Issues and Workaround:

Issues you may face with the Application and tips to overcome them:

    1. Using certificates not issued by well-known Certification Authority (CA)
      Oftentimes test servers do not have certificates issued by well-known CAs and use certificates issued by internal Admin Console CA. Browsers consider communication with these servers suspicious and throw warnings. However, when you use EasyNAMClient, the REST HTTP requests to NAM will be entirely blocked by the browser (Chrome). You can check for this errors if you use developer tool (e.g. NET::ERR_CERT_AUTHORITY_INVALID). We can ignore these error messages by using either of following workarounds:

        1. Use EasyNAMClient with only those servers which use certificates issued by well-known CAs.

      1. Start fiddler trace when you are using EasyNAMClient. Since EasyNAMClient is a learning tool to understand the NAM REST Endpoints, you can also use fiddler to inspect REST Endpoint requests and responses.


 

    1. CORS:NAM is adding CORS support for all the REST Endpoints. However, there are still some of them which are not CORS-enabled. Due to this reason, you may see EasyNAMClient showing blank response for some requests. (Use F12 to see the error on Browser’s Console). You can see CORS-related error for some of the REST Endpoints. To avoid this, you can add a Chrome Extension called CORS toggle. Enable the Chrome Toggle when you want to use EasyNAMClient. Make sure to toggle it back once done.




 

Suggestions:

 



Considering that this is the first version of EasyNAMClient, you are welcome to give your suggestions and considerations on how to improve the tool. Please send your feedback to: RajaManjit.Singh@microfocus.com

 

References:

 



REST API Guide:
https://www.netiq.com/documentation/access-manager-44-developer-documentation/pdfdoc/accessmanager_rest_api_guide/accessmanager_rest_api_guide.pdf

Learn about How Access Manager Uses OAuth and OpenID Connect:
https://www.netiq.com/documentation/access-manager-44/admin/data/b1dj6b2f.html

Component Statistics using REST APIs:
https://www.netiq.com/documentation/access-manager-44/admin/data/b1bfre0e.html

Labels:

How To-Best Practice
Support Tips/Knowledge Docs
Support Tip
Comment List
Related
Recommended