April 20, 2020 at 2:48 pm #27828
Our web application uses IIS and already has its own login page.
We installed the OpenAM Web_agent to protect the IIS application.
When opening the IIS application, the OpenAM login page will pop up first, After logging in to OpenAM, the login page of the IIS application will pop up.
We want to skip the existing login page of the IIS application and get single sign-on.
In this case, what should I do? Do I need to modify the login function of the IIS application?April 20, 2020 at 8:11 pm #27829
Since you plan to use OpenAM for SSO, this will essentially replace existing “login/logout” functionality in your ISS application. You can configure Web Agent to be in SSO mode (i.e. no policy based authorization) and pass user information (username, mail, etc.) via HTTP headers to your ISS application.
Hope this helps!April 21, 2020 at 9:10 am #27830
I’m new to OpenAM, is my understanding follow correct?
1. We need to change our IIS application(remove the login/logout functionality?).
2. We need to change our IIS application to read the HTTP headers passed by OpenAM.
3. How to pass user information via HTTP headers? through the path “Realm/Applications/Agents/Web/myagents/Application”,set the “Profile Attribute FetchMode” with “HTTP_HEADER” and add “Profile Attribute Map”?April 21, 2020 at 4:39 pm #27832
Yes, you are on the right track.
1. For your first point, the Login and Logout URL list will be configured in the Web Agent configuration – this helps Web Agent decide where to go for Login and what URL decides user wants to logout;
2. Yes, the HTTP headers are passed for it to be consumed by protected application. For example, displaying username after successful login.
3. Yes, you define attribute fetch mode and provide a map of attributes. The data is sent to Web Agent which ends up relaying it to protected application using the configured fetch mode.
https://backstage.forgerock.com/docs/openam-web-policy-agents/5.6/web-agents-guide/#configure-web-pa-services-propsApril 23, 2020 at 7:52 am #27834
Now I understand OpenAM better.April 23, 2020 at 4:45 pm #27835
You must be logged in to reply to this topic.