Versasec CMS connected to Jans Server 1.1.5

[zackbum]

Hi,

I would test Versasec CMS which is installed on Windows Server 2022 with Jans Server version 1.1.5 in order to manage Fido credentials via LDAP. The Versasec CMS has a Gluu connector which in principal should also work with Jans opendj LDAP. The problem is now that the opendj server is only reachable by localhost:1636. I have already set up a ssh tunnel with command ssh -fNL 5901:localhost:1636 user@FQDN Jans Server on the Windows Server but the connection from Versasec CMS needs LDAPs which is currently not working. The Windows Server espects it's FQDN in the SAN of the opendj certificate which is currently a self-signed certificate with only CN=localhost. I need instructions to replace the opendj certificate in the keystore without breaking any dependencies in jans-auth.

Thanks

[ossdhaval]

Hi @zackbum

Thank you for your post.

Janssen Server has moved away from LDAP as persistence. We did not recommend it for production environments since a very long time and we have also stopped supporting it for the development purposes.

One question though. Is there a reason you are using v1.1.5? It is pretty old version. Is it to because availability of LDAP?

Marking @yurem for any additional comment.

[zackbum]

Hi osshaval,

My setup is only for learning and testing purposes and will never go to any production environment. Yes, I use Jans server version 1.1.5 because this is the last version which supports LDAP and opendj. There is a great video on YouTube from Gluu and Versasec company demonstrating the connection of Gluu server with Versasec CMS version 6.3 but the video does not explain how this connection was established. Thus, if Gluu developers are in this forum, they should know how to set up the connection on the opendj site :)

Thanks

[zackbum]

Hi,

I finally managed to get the Versasec CMS to Jans Sever LDAPS connection running :)
I have looked at the keytool and dsconfig commands in the opendj.py script and created a csr with localhost, FQDN Windows-Server and FQDN Jans-Server as SANs in the csr which was signed by my Windows CA.
The open points are: The Versasec FIDO passkey template wants Relying Party entries like name, ID and origin. I am not sure what to put in here as there is currently no relying party application defined. I will need something like Jans Tarp. Is there a guide on how to define an RP in Jans Server? In addition, the Versasec CMS wants to write credential information to the LDAP user entry. Thus, the CMS needs write permissions on user entries. As the Versasec IdP connector is written for Gluu IdP there might be a difference between the Gluu and Jans atrributes for FIDO credentials. Any suggestions to go futher?

Thanks