How to achieve "Session Upgrade" in OpenIG

This topic has 3 replies, 3 voices, and was last updated 6 years ago by superzlc.

  • Author
  • #12886

    I’m using openIG as a reverse proxy and following PEP example in docs to protect my web applications.
    However,I have to achieve “Session Ugrade” function to protect web applications with different authentication level.
    I have configured only one j2ee policy agent in OpenAM server to custom request headers with openig server.
    Is there any solution to achieve the goal without configuring any other policy agents?
    Thanks for any help .

     Rogerio Rondini

    So… I don`t know how you have configured the overall solution, but in general you can achieve Session Upgrade on the login time or in the policy evaluation time.
    In login just need to have a authenticatin chain with more than one auth module.

    In the policy evaluation time you can configure Policies with additional Condition. I mean, you can have a Policy to protect some resources where the condition to grant access is the user be logged in a HOTP module. In case of user no be logged, OpenAM will redirect again to the HOTP login page.

     Joachim Andres

    Hi superzlc – have you actually deployed an agent or are you referring to the agent profile configuration in OpenAM ?

    If you have an agent deployed for the PEP, then the agent would deal with the upgrade.

    If OpenIG is the (only) PEP, note that IG will retrieve the advice, but not natively treat it, i.e. re-direct to the appropriate authentication page. There shall be an open Jira ticket for this.


    Thanks for you help. @Rogerio and @Joachim.
    @Joachim I have deployed an agent. Because I have to configure custom request http headers to my web application.For example, request[“app_user”] = [sn], I need agent to supply the value of “sn” in LDAP.
    I have followed the PEP example in docs to protect my web appliaction with OpenAM.
    OpenIG also plays an role of reverse proxy in my environment.I use handlers and filters in config json files to achive it.
    I have read some documents about OpenIG,I think maybe there would be no direct solution about “Session Upgrade”.
    About the “open jira ticket” I will search some information about it.
    Thanks for your help.

    • This reply was modified 6 years ago by superzlc.
Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?