This topic contains 2 replies, has 1 voice, and was last updated by  Nikolaos Giannopoulos 9 months, 3 weeks ago.

  • Author
  • #18937
     Nikolaos Giannopoulos 


    An existing legacy OpenAM application uses a custom policy condition to specify fixed key-value pairs that correspond to an Application e.g.

    IF IP=[*] THEN RedirectSuccess=<URL>

    When the policy is evaluated the key-value pairs are appended to the CDC servlet URL as GET params so that they are available to OpenAM custom auth module and PAP.

    While this works we are exploring if there is a better way to handle this in the new OpenAM 13.5.1 we are building.

    All info is static like URL to Redirect to:
    – on success login
    – on SSO error
    – for help desk

    The policy makes sense but perhaps there is a better way to do this?


     Nikolaos Giannopoulos 

    Just had a thought of using Web Agent Custom Properties.

    Question: How would these be loaded say within OpenAM custom auth module (OR a class running inside OpenAM WAR)?

    Question: How I need to know the Agent that kicked in or is there some way to determine the currently invoked Agent?

     Nikolaos Giannopoulos 

    I guess I will answer my own question as it hopefully may be useful to others – I ended up:

    1. Adding custom properties on the Web Agent Advanced tab

    2. Added the Agent profile name as a GET param on the CD-SSO servlet login URL

    3. Added in my SPAdapter pre single sign on processing to use the AgentConfiguration class with the passed in realm and the agent profile name (extracted from the request URL) to read the custom attributes. I also set the Agent profile name as a cookie so that I can pull up custom attributes in a custom auth module, in a PAP or other Adapters.


Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?