We have a requirement of upgrading a OpenAM 12.0 instance to AM 6.0 instance. ForgeRock does not support upgrade from 12.0 to AM 6.0. So we have decided to setup a separate instance of AM 6.0 and migrate apps slowly from OpenAM 12.0 instance to AM 6.0.
The problem we are facing is with SSO. Once a app is migrated to the newer version (6.0) the user authenticates against 6.0. After that if the user wants to log in to a app that is still protected by OpenAM 12.0 the user have to authenticate again against 12.0. Is there a way that the second authentication can be avoided? Did somebody do it already? Can someone help me?
Please understand that the user store instance is same for both OpenAM 12.0 and AM 6.0. Also the applications are mostly SAML based federated applications.