This topic has 35 replies, 9 voices, and was last updated 3 years, 10 months ago by 
-
Posts
-
Hi,
I have seen the REST API’s and I’m able to successfully invoke those and get the ssotoken, success url back. but I have few questions
1. what to do with this ssotoken and success url? do we have to redirect the user directly to the target?
2. Do we have to set the cookie?can you please guide me on this?
Regards,
VengaHi Venga,
When you use REST API instead of standard Login page, you need to do some thing that OpenAM already do for you.
One of that, and the most important, is to setup the Cookie “iPlanetDirectoryPro” with the “tokenid” returned on the JSON response of the json/authenticate service. You need to take care on:
1. Cookie name need to be “iPlanetDirectoryPro” unless you changed the cookie name in the OpenAM configuration.
2. Cookie domain need to be the same domain of OpenAM Server.
3. Cookie can not expires.After you set the cookie, you can redirect to your client app. If you`ve installed Policy Agent, it will get the cookie and SSO will works. I think you can not take care with Success URL, just redirect to you target application.
Abs.
Rogerio RondiniHi Rarondini,
Thank you very much for your inputs.
i have one more question.
……………………………
if you could see by default, if an user hits a protected resource then he will be redirected to the openam login page with goto url.how to redirect the user to my own login page when user hits the protected resource. Is there any place in openam or agentconfiguration, we have to mention our own login page url?
I tried updating the agent configuration with my login page url but it’s not getting reflected. though the default login page is commented out, agent is still redirecting me to the old login page.
………………………………………………………..
# LOGIN URL
# Specifies the login URLs to be used by the Agent to redirect
# incoming users without sufficient credentials to the OpenAM
# authentication service.
# Hot-Swap Enabled: Yes
#
#com.sun.identity.agents.config.login.url[0] = http://myhost.test.com:8080/openam/UI/Login
com.sun.identity.agents.config.login.url[0] = http://myhost.test.com:8083/Openam/Login.jsp
……………………………It would be great if you can help me with this.
Thanks,
VengaHi Venga,
If you had installed agent as Centralized, i.e, your agent profile in OpenAM Server has the configuration “Location of Agent Configuration Repository” as “centralized”, you need to change configurations in the OpenAM Server instead of in OpenSSOAgentConfiguration.properties.
Open your Agent Profile Configuration -> OpenAM Server -> OpenAM Login URL and replace the default URL.
Abs.
RogerioHi Vengades,
Do you have a working solution?
I have a same issue, I use java and OpenAM SDK.Link of my issue: post-4952
Hi Rondini,
I’m again back with another doubt. In case of federation openam doesn’t require any agent.. If so then how do we redirect the user to our custom login page when he/she performs IdP/SP initiated federation?
Can please clarify this one?
Hi…
So.. Usually, your Service Provider configuration has a “Sign-in Page” (as Google) or “Identity Provider Login URL” (as SalesForce). I believe you can setup any authentication page in these fields.
You just need to remember to setup the right cookie (iPlanetDirectoryPro) and redirect to IDP end point like “../openam/SSOPOST/metaAlias/idp” or “../open/SSORedirect/metaAlias/idp” after authentication, and leave the rest of the service to OpenAM.
At.
Hi Rondini,
In the custom login Since the iPlanetDirectoryPro Cookie created by us, anyone can steal the cookie and misuse of that right?
How do we protect this cookie? Are we missing out anything?
Thanks
Do we have to consider cookie properties like Secure cookies and HttpOnly cookie while creating the cookie?
Hi everybody,
For my job, I have to create a customized login page and to use the Openam API to authenticate users.
I just had a simple login page with Angular JS and a simple Javascript code, but it doesn’t work…
Someone can help me, please ?
Below my code :************************************ index.html *******************************************
<!DOCTYPE html>
<html>
<script src= “http://ajax.googleapis.com/ajax/libs/angularjs/1.3.14/angular.min.js”></script>
<script src=”openamScript.js”></script>
<head>
<meta charset=”ISO-8859-1″>
<title>Openam RESTFul Services</title>
</head>
<body>
<div ng-app=”openamTestApp” ng-controller=”loginController”>
<h3>Enter a login and a password</h3>
<form novalidate>
Login <input type=”text” ng-model=”login” /><p/>
Password <input type=”password” ng-model=”password” /><p/>
<button ng-click=”loginMethod()”>OK</button>
</form>
<p>TokenId : {{tokenId}}</p>
</div>
</body>
</html>************************************ openScript.js *******************************************
var app = angular.module(‘openamTestApp’, []);
app.controller(“loginController”, function($scope, $http) {
//Method to get a tokenId from Openam and a success URL
$scope.loginMethod = function(){
$http({
method : ‘POST’,
headers : {
‘X-OpenAM-Username’ : $scope.login,
‘X-OpenAM-Password’ : $scope.password,
‘Content-Type’ : ‘application/json’,
},
url : ‘http://localhost:8080/openam/json/authenticate’
}).
then(function(){
//If the user is logged
$scope.tokenId = ‘successful’;
},
function (){
//If the login is failed
$scope.tokenId = ‘Failed !’;
});
};
});Thank you for your helps.
You must be logged in to reply to this topic.
