How to implement OpenAM SSO on existing web applications

Tagged: ,

This topic has 5 replies, 2 voices, and was last updated 2 years, 7 months ago by Jatinder Singh.

  • Author
  • #27828

    Our web application uses IIS and already has its own login page.
    We installed the OpenAM Web_agent to protect the IIS application.
    When opening the IIS application, the OpenAM login page will pop up first, After logging in to OpenAM, the login page of the IIS application will pop up.
    We want to skip the existing login page of the IIS application and get single sign-on.
    In this case, what should I do? Do I need to modify the login function of the IIS application?

     Jatinder Singh

    Since you plan to use OpenAM for SSO, this will essentially replace existing “login/logout” functionality in your ISS application. You can configure Web Agent to be in SSO mode (i.e. no policy based authorization) and pass user information (username, mail, etc.) via HTTP headers to your ISS application.

    Hope this helps!


    Thanks Jatinder,
    I’m new to OpenAM, is my understanding follow correct?
    1. We need to change our IIS application(remove the login/logout functionality?).
    2. We need to change our IIS application to read the HTTP headers passed by OpenAM.
    3. How to pass user information via HTTP headers? through the path “Realm/Applications/Agents/Web/myagents/Application”,set the “Profile Attribute FetchMode” with “HTTP_HEADER” and add “Profile Attribute Map”?

     Jatinder Singh

    Yes, you are on the right track.

    1. For your first point, the Login and Logout URL list will be configured in the Web Agent configuration – this helps Web Agent decide where to go for Login and what URL decides user wants to logout;
    2. Yes, the HTTP headers are passed for it to be consumed by protected application. For example, displaying username after successful login.
    3. Yes, you define attribute fetch mode and provide a map of attributes. The data is sent to Web Agent which ends up relaying it to protected application using the configured fetch mode.

    Useful links:


    Thanks Jatinder,
    Now I understand OpenAM better.

     Jatinder Singh

    Np :)

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?