How to use our own login page instead of OpenAM default login page?

Tagged: ,

This topic has 35 replies, 9 voices, and was last updated 3 years, 10 months ago by [email protected].

  • Author
    Posts
  • #4932
     Vengadesh
    Participant

    Is there a way to use our own login page instead of OpenAM default login page? Anyone had implemented this in the past? Kindly help me in this?

    PS: I don’t want to customize the default login page of OpenAM.

    Regards,
    Venga

    • This topic was modified 5 years, 5 months ago by Peter Major.
    #4934
     Brad Tumy
    Participant

    Take a look at the REST authentication section in the latest OpenAM documentation.

    #4945
     Vengadesh
    Participant

    Hi,

    I have seen the REST API’s and I’m able to successfully invoke those and get the ssotoken, success url back. but I have few questions

    1. what to do with this ssotoken and success url? do we have to redirect the user directly to the target?
    2. Do we have to set the cookie?

    can you please guide me on this?

    Regards,
    Venga

    #4947
     Rogerio Rondini
    Participant

    Hi Venga,

    When you use REST API instead of standard Login page, you need to do some thing that OpenAM already do for you.

    One of that, and the most important, is to setup the Cookie “iPlanetDirectoryPro” with the “tokenid” returned on the JSON response of the json/authenticate service. You need to take care on:
    1. Cookie name need to be “iPlanetDirectoryPro” unless you changed the cookie name in the OpenAM configuration.
    2. Cookie domain need to be the same domain of OpenAM Server.
    3. Cookie can not expires.

    After you set the cookie, you can redirect to your client app. If you`ve installed Policy Agent, it will get the cookie and SSO will works. I think you can not take care with Success URL, just redirect to you target application.

    Abs.
    Rogerio Rondini

    #4950
     Vengadesh
    Participant

    Hi Rarondini,

    Thank you very much for your inputs.

    i have one more question.
    ……………………………
    if you could see by default, if an user hits a protected resource then he will be redirected to the openam login page with goto url.

    how to redirect the user to my own login page when user hits the protected resource. Is there any place in openam or agentconfiguration, we have to mention our own login page url?

    I tried updating the agent configuration with my login page url but it’s not getting reflected. though the default login page is commented out, agent is still redirecting me to the old login page.
    ………………………………………………………..
    # LOGIN URL
    # Specifies the login URLs to be used by the Agent to redirect
    # incoming users without sufficient credentials to the OpenAM
    # authentication service.
    # Hot-Swap Enabled: Yes
    #
    #com.sun.identity.agents.config.login.url[0] = http://myhost.test.com:8080/openam/UI/Login
    com.sun.identity.agents.config.login.url[0] = http://myhost.test.com:8083/Openam/Login.jsp
    ……………………………

    It would be great if you can help me with this.

    Thanks,
    Venga

    #4951
     Rogerio Rondini
    Participant

    Hi Venga,

    If you had installed agent as Centralized, i.e, your agent profile in OpenAM Server has the configuration “Location of Agent Configuration Repository” as “centralized”, you need to change configurations in the OpenAM Server instead of in OpenSSOAgentConfiguration.properties.

    Open your Agent Profile Configuration -> OpenAM Server -> OpenAM Login URL and replace the default URL.

    Abs.
    Rogerio

    #4953
     soma
    Participant

    Hi Vengades,

    Do you have a working solution?
    I have a same issue, I use java and OpenAM SDK.

    Link of my issue: post-4952

    • This reply was modified 5 years, 6 months ago by soma.
    #4956
     Vengadesh
    Participant

    Ohh Yes.. finally it worked.

    thank you very much.

    #4957
     Vengadesh
    Participant

    Hi Soma,

    I have done a POC on this and it worked fine using the OpemAM REST API’s.

    Regards,
    Venga

    #4977
     Vengadesh
    Participant

    Hi Rondini,

    I’m again back with another doubt. In case of federation openam doesn’t require any agent.. If so then how do we redirect the user to our custom login page when he/she performs IdP/SP initiated federation?

    Can please clarify this one?

    #4978
     Rogerio Rondini
    Participant

    Hi…

    So.. Usually, your Service Provider configuration has a “Sign-in Page” (as Google) or “Identity Provider Login URL” (as SalesForce). I believe you can setup any authentication page in these fields.

    You just need to remember to setup the right cookie (iPlanetDirectoryPro) and redirect to IDP end point like “../openam/SSOPOST/metaAlias/idp” or “../open/SSORedirect/metaAlias/idp” after authentication, and leave the rest of the service to OpenAM.

    At.

    #4993
     Vengadesh
    Participant

    Thanks for your inputs Rondini..! scenario worked fine.

    #5349
     Vengadesh
    Participant

    Hi Rondini,

    In the custom login Since the iPlanetDirectoryPro Cookie created by us, anyone can steal the cookie and misuse of that right?

    How do we protect this cookie? Are we missing out anything?

    Thanks

    #5350
     Vengadesh
    Participant

    Do we have to consider cookie properties like Secure cookies and HttpOnly cookie while creating the cookie?

    #5450
     BAO
    Participant

    Hi everybody,

    For my job, I have to create a customized login page and to use the Openam API to authenticate users.
    I just had a simple login page with Angular JS and a simple Javascript code, but it doesn’t work…
    Someone can help me, please ?
    Below my code :

    ************************************ index.html *******************************************
    <!DOCTYPE html>
    <html>
    <script src= “http://ajax.googleapis.com/ajax/libs/angularjs/1.3.14/angular.min.js”></script&gt;
    <script src=”openamScript.js”></script>
    <head>
    <meta charset=”ISO-8859-1″>
    <title>Openam RESTFul Services</title>
    </head>
    <body>
    <div ng-app=”openamTestApp” ng-controller=”loginController”>
    <h3>Enter a login and a password</h3>
    <form novalidate>
    Login <input type=”text” ng-model=”login” /><p/>
    Password <input type=”password” ng-model=”password” /><p/>
    <button ng-click=”loginMethod()”>OK</button>
    </form>
    <p>TokenId : {{tokenId}}</p>
    </div>
    </body>
    </html>

    ************************************ openScript.js *******************************************
    var app = angular.module(‘openamTestApp’, []);
    app.controller(“loginController”, function($scope, $http) {
    //Method to get a tokenId from Openam and a success URL
    $scope.loginMethod = function(){
    $http({
    method : ‘POST’,
    headers : {
    ‘X-OpenAM-Username’ : $scope.login,
    ‘X-OpenAM-Password’ : $scope.password,
    ‘Content-Type’ : ‘application/json’,
    },
    url : ‘http://localhost:8080/openam/json/authenticate&#8217;
    }).
    then(function(){
    //If the user is logged
    $scope.tokenId = ‘successful’;
    },
    function (){
    //If the login is failed
    $scope.tokenId = ‘Failed !’;
    });
    };
    });

    Thank you for your helps.

Viewing 15 posts - 1 through 15 (of 36 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?