Goto URL not getting Authentication successful details

Tagged: ,

This topic has 9 replies, 4 voices, and was last updated 5 days, 10 hours ago by [email protected].

  • Author
    Posts
  • #27904

    Hi,
    I have created a client application and the call back URL is http://localhost:8080/FRclientApp/callback.
    OpenAM 6.5.2, employee realm created, in that sample tree created like username, password, datastore decision, failure, and successful(http://localhost:8080/FRclientApp/callback).

    Client application redirecting to openam login page with sample tree service and goto URL(http://localhost:8080/FRclientApp/callback), after authentication successful, then redirecting to goto URL.

    But here the problem is we are unable to get any request parameters, session details, request header parameters. So the client application how to know the authentication successfully and create the local session.

    Please help me.

    Goto Call back URL code

    Map<String, String[]> map=request.getParameterMap();
    		
    		Set<Map.Entry<String, String[]>> set=map.entrySet();
    		for(Map.Entry<String, String[]> entry : set) {
    			System.out.println("entry:"+entry.getKey());
    		}
    		System.out.println("request:"+request.getSession().getAttribute("name"));
    #27905
     Jatinder Singh
    Participant

    If I understand your question correctly – your client application is unable to get user’s session data from AM? If that is correct – you will first need to configure appropriate fetch mode in your choice of enforcerer. For a Web Agent you can visit Web Agent > Application > Response Attribute Fetch Mode and also configure Response Attribute Map.

    Hope this helps!

    #27907
     Jatinder Singh
    Participant

    P.S There are different fetch mode availables. Please check the docs and see which one fits your scenario/requirements.

    #27910

    Hi Jatinder,
    Thanks for the reply.

    yeah your understanding is correct but we are not using any agent just we have create the tree name is test and my simple client application redirecting to OpenAM login page (http://openam.narayanatutorial.com:8991/am/XUI/?realm=employee&service=test#login/), after authentication successful, OpenAM redirecting to client application (http://localhost:8080/FRClientApp/callback) here we are trying to get the request parameters map but not getting any thing.

    Tree name test and configuration: [username collector] -> [password collector] -> [data store decision] -> [succss URL[http://localhost:8080/FRClientApp/callback]] or [Failure node]

    tree details

    Please help me and let me know if need more details.

    #27926
     Jatinder Singh
    Participant

    If you are not using an agent and you want to implement SSO and share user data, your other option is to implement Federation protocol such as SAML2 or OAuth2. With AM tree by itself is not enough to correctly protect an application. You will require either an enforcer like an Agent (Web, Java or IG) or a Federation protocol.

    So, if you can share a bit about your requirements – may be I can help you guide in the right direction.

    Cheers.
    Jatinder

    #27952
     Scott Heger
    Participant

    Another option is to integrate your application with AM using the AM REST API. You could write your own implementation following the information in the AM Development Guide (https://backstage.forgerock.com/docs/am/6.5/dev-guide/) or you could implement the ForgeRock provided JavaScript library at https://github.com/ForgeRock/forgerock-javascript-sdk.

    Basically you need something in your application to grab the ssoToken from the iPlanetDirectoryPro cookie (assuming you haven’t renamed it and also assuming you application is in the same DNS domain as your AM server) and make queries to AM with that ssoToken to get the information you are after. AM is not going to just send it to you via the success URL.

    Btw, don’t use localhost when setting up AM. Always use a Fully Qualified Domain Name even if you have to hard code something in your local hosts file for testing purposes (e.g. am.example.com).

    #27962

    Hi Jatinder, thanks for your reply.

    My requirement

    The simple java client web application needs to be protected by OpenAM, using either an OpenAM tree or module without using Agent, SAML, OAuth, etc…

    OpenAM Tree URL: http://openam.narayanatutorial.com:8991/am/XUI/?realm=employee&service=test
    The above tree(test) is very simple like username collector, password collector, and datastore decision and then Success URL (http://localhost:8080/FRclientApp/callback)

    Execution Flow:
    1. Accessing Java client Application (http://localhost:8080/FRclientApp/index.jsp)
    2. Redirecting to OpenAM login page URL mentioned above.
    3. Enter username and password
    4. After authentication successful, redirecting to (http://localhost:8080/FRclientApp/callback), in the callback servlet program, I am trying to retrieving the request parameters and cookie details of authentication, but not getting.

    Once we will get the authentication success details then we can create the session in the java client application and then allow the user to enter into the application

    #27977
     Andy Cory
    Participant

    Hi

    The simple java client web application needs to be protected by OpenAM, using either an OpenAM tree or module without using Agent, SAML, OAuth, etc…

    But something must act as the ‘gatekeeper’ to protect your application. Logging in with AM will give you a session, and (assuming you use the built-in UI) a cookie with a pointer to that session. But the gatekeeper, whatever it is, will need to firstly have access to the cookie (so the domain of the application and of AM should be the same, which is not the case in your example), and secondly validate the contents of the cookie with AM before letting the request through. Usually that’s the job of the agent. If you can’t use an agent or a federation protocol as proposed by @jsingh then your application will need to do the gatekeeper job itself by integrating with AM’s REST API just as @shegergmail-com suggests in his response. Between them, Scott and Jatinder have listed the only realistic options in my view.

    #28145

    Thanks to all for your valuable response

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

©2020 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?