September 6, 2016 at 10:34 am #12886superzlcParticipant
I’m using openIG as a reverse proxy and following PEP example in docs to protect my web applications.
However,I have to achieve “Session Ugrade” function to protect web applications with different authentication level.
I have configured only one j2ee policy agent in OpenAM server to custom request headers with openig server.
Is there any solution to achieve the goal without configuring any other policy agents?
Thanks for any help .September 6, 2016 at 8:42 pm #12895Rogerio RondiniParticipant
So… I don`t know how you have configured the overall solution, but in general you can achieve Session Upgrade on the login time or in the policy evaluation time.
In login just need to have a authenticatin chain with more than one auth module.
In the policy evaluation time you can configure Policies with additional Condition. I mean, you can have a Policy to protect some resources where the condition to grant access is the user be logged in a HOTP module. In case of user no be logged, OpenAM will redirect again to the HOTP login page.September 7, 2016 at 6:07 pm #12916Joachim AndresParticipant
Hi superzlc – have you actually deployed an agent or are you referring to the agent profile configuration in OpenAM ?
If you have an agent deployed for the PEP, then the agent would deal with the upgrade.
If OpenIG is the (only) PEP, note that IG will retrieve the advice, but not natively treat it, i.e. re-direct to the appropriate authentication page. There shall be an open Jira ticket for this.September 8, 2016 at 3:38 am #12928superzlcParticipant
Thanks for you help. @Rogerio and @Joachim.
@Joachim I have deployed an agent. Because I have to configure custom request http headers to my web application.For example, request[“app_user”] = [sn], I need agent to supply the value of “sn” in LDAP.
I have followed the PEP example in docs to protect my web appliaction with OpenAM.
OpenIG also plays an role of reverse proxy in my environment.I use handlers and filters in config json files to achive it.
I have read some documents about OpenIG,I think maybe there would be no direct solution about “Session Upgrade”.
About the “open jira ticket” I will search some information about it.
Thanks for your help.
- This reply was modified 6 years ago by superzlc.
You must be logged in to reply to this topic.