This topic has 4 replies, 2 voices, and was last updated 4 years ago by 
-
Posts
-
I understand that adding realm parameters to login page URL allow authenticating against that specific realm. E.g http://openam.example.com:8080/openam/UI/Login?realm=hr
The problem is for my application, I am modelling each tenant as a realm. Each realm would contain its’ own DataStore configured to different LDAP Organization DN using the same embedded OpenDJ provided. Since all tenants’ user are logging in using the same login form, I am unable to determine beforehand what realm I should be authenticating against.
Is there anyway to solve this particular situation?
Hi Cedric
How do your users reach the login page? A common use-case is that a user tries to access a resource that is protected by an AM agent and is redirected to the login page. The URL (including the realm param) to the login page is specified in the configuration for the agent. Are your tenants part of the same organisation, or entirely unrelated? If the former, then some sort of launch page with links to the same login page but with different params is a possibility.
By the way, using the embedded OpenDJ for a user store is not recommended for anything other than a simple dev environment or PoC.
-Andy
Hi Andy,
In my case tenants are not part of the same organization. I have thought of similar idea to allow user to confirm their realm before redirecting to login page with the correct realm param.
I am wondering if this is the only way to do it or if there is a better approach.
Hi Cedric
If tenants are from different organisations, each organisation would be given its own login URL, which would contain the realm param. (Or an alternative method of differentiating between realms, such as mapping a DNS alias to a realm.) Either way, each organisation would identify itself by the URL used to reach the login page. This seems like quite a simple use-case, so I could be missing what difficulty you are facing.
-Andy
You must be logged in to reply to this topic.
