This topic has 1 reply, 2 voices, and was last updated 4 months ago by Scott Heger.

  • Author
    Posts
  • #28781
     ray.deng83
    Participant

    Hi Folks, A quick question here.

    We are using 6.5.1 and we have a scenario where upstream application captures and sends user credentials to OpenAM authentication chain. By default, OpenAM should show a custom branded login page and use data store for user credentials validation. However, within this scenario, since the user credentials have been captured, we don’t want to show the OpenAM login page. Instead, OpenAM should directly validate the credentials. The authentication chain should proceed if credential validation is successful, or it returns with an error response to the upstream application if credential validation is failed.

    Questions:
    1. How should the upstream app forward the user credentials to OpenAM chain?
    2. How can I bypass the OpenAM login page?

    Thanks and appreciate your input!

    #28782
     Scott Heger
    Participant

    I would recommend using a Tree vs a Chain. With a tree you have the Zero Page Login Collector node that looks for username and password in headers in the request. If you are stuck with using a chain, take a look at the HTTP Basic authentication module. I haven’t used that one but it might do what you are looking for.

    https://backstage.forgerock.com/docs/am/6.5/authentication-guide/#auth-node-zero-page-login-collector
    https://backstage.forgerock.com/docs/am/6.5/authentication-guide/#http-module-conf-hints

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?