I have few special scenarios I wonder if anyone solved.
1. I have some service-to-service flows through apache (as reverse proxy). in these cases the openAM session cookie will NOT be present BUT other service-to-service tokens will be present. I want the web agent to let my other apache authentication modules verify these tokens. How can it be done? (exclusion list will not help since same URL can be accessed from user or service).
2. Right after openAM cookie is verified, I want to have some internal logic (call some REST API to get some information based on username, and add this info as a header before the request continues into the application).
can it be done with the current webagent (let’s assume I can code another module but don’t want to touch the webAgent module)?