We have an old monolithic web app, which has two entry points, one accessed via regular form based authentication, and the other via basic authentication. We’ve been testing OpenAM as an SSO solution.
Just form based authentication works great.
Just BASIC authentication works great
How do we get Form & Basic working hand in hand on the same application ?
Few points about the setup;
We are using J2EE web agent
Agent is configured to point to a realm for authentication.
Form based auth is going against this realm.
Form & Basic using the same datastore for auth, and work on the same realm
We want http://www.example.com to be authenticated via form & http://www.example.com/xyz to be authenticated against Basic.
We have done that using spring security & filter-intercept in the past. So not looking to get it done at the app level, but at the OpenAM server/agent level.