This topic has 35 replies, 9 voices, and was last updated 5 years, 3 months ago by [email protected].
-
AuthorPosts
-
July 31, 2015 at 1:32 pm #4932
Vengadesh
ParticipantIs there a way to use our own login page instead of OpenAM default login page? Anyone had implemented this in the past? Kindly help me in this?
PS: I don’t want to customize the default login page of OpenAM.
Regards,
Venga-
This topic was modified 6 years, 10 months ago by
Peter Major.
July 31, 2015 at 2:06 pm #4934Brad Tumy
ParticipantTake a look at the REST authentication section in the latest OpenAM documentation.
July 31, 2015 at 6:04 pm #4945Vengadesh
ParticipantHi,
I have seen the REST API’s and I’m able to successfully invoke those and get the ssotoken, success url back. but I have few questions
1. what to do with this ssotoken and success url? do we have to redirect the user directly to the target?
2. Do we have to set the cookie?can you please guide me on this?
Regards,
VengaJuly 31, 2015 at 8:42 pm #4947Rogerio Rondini
ParticipantHi Venga,
When you use REST API instead of standard Login page, you need to do some thing that OpenAM already do for you.
One of that, and the most important, is to setup the Cookie “iPlanetDirectoryPro” with the “tokenid” returned on the JSON response of the json/authenticate service. You need to take care on:
1. Cookie name need to be “iPlanetDirectoryPro” unless you changed the cookie name in the OpenAM configuration.
2. Cookie domain need to be the same domain of OpenAM Server.
3. Cookie can not expires.After you set the cookie, you can redirect to your client app. If you`ve installed Policy Agent, it will get the cookie and SSO will works. I think you can not take care with Success URL, just redirect to you target application.
Abs.
Rogerio RondiniAugust 1, 2015 at 9:24 am #4950Vengadesh
ParticipantHi Rarondini,
Thank you very much for your inputs.
i have one more question.
……………………………
if you could see by default, if an user hits a protected resource then he will be redirected to the openam login page with goto url.how to redirect the user to my own login page when user hits the protected resource. Is there any place in openam or agentconfiguration, we have to mention our own login page url?
I tried updating the agent configuration with my login page url but it’s not getting reflected. though the default login page is commented out, agent is still redirecting me to the old login page.
………………………………………………………..
# LOGIN URL
# Specifies the login URLs to be used by the Agent to redirect
# incoming users without sufficient credentials to the OpenAM
# authentication service.
# Hot-Swap Enabled: Yes
#
#com.sun.identity.agents.config.login.url[0] = http://myhost.test.com:8080/openam/UI/Login
com.sun.identity.agents.config.login.url[0] = http://myhost.test.com:8083/Openam/Login.jsp
……………………………It would be great if you can help me with this.
Thanks,
VengaAugust 1, 2015 at 3:09 pm #4951Rogerio Rondini
ParticipantHi Venga,
If you had installed agent as Centralized, i.e, your agent profile in OpenAM Server has the configuration “Location of Agent Configuration Repository” as “centralized”, you need to change configurations in the OpenAM Server instead of in OpenSSOAgentConfiguration.properties.
Open your Agent Profile Configuration -> OpenAM Server -> OpenAM Login URL and replace the default URL.
Abs.
RogerioAugust 1, 2015 at 4:57 pm #4953soma
ParticipantAugust 1, 2015 at 9:09 pm #4956Vengadesh
ParticipantOhh Yes.. finally it worked.
thank you very much.
August 1, 2015 at 9:44 pm #4957Vengadesh
ParticipantHi Soma,
I have done a POC on this and it worked fine using the OpemAM REST API’s.
Regards,
VengaAugust 4, 2015 at 9:12 pm #4977Vengadesh
ParticipantHi Rondini,
I’m again back with another doubt. In case of federation openam doesn’t require any agent.. If so then how do we redirect the user to our custom login page when he/she performs IdP/SP initiated federation?
Can please clarify this one?
August 4, 2015 at 9:29 pm #4978Rogerio Rondini
ParticipantHi…
So.. Usually, your Service Provider configuration has a “Sign-in Page” (as Google) or “Identity Provider Login URL” (as SalesForce). I believe you can setup any authentication page in these fields.
You just need to remember to setup the right cookie (iPlanetDirectoryPro) and redirect to IDP end point like “../openam/SSOPOST/metaAlias/idp” or “../open/SSORedirect/metaAlias/idp” after authentication, and leave the rest of the service to OpenAM.
At.
August 5, 2015 at 9:18 pm #4993Vengadesh
ParticipantThanks for your inputs Rondini..! scenario worked fine.
September 2, 2015 at 9:56 pm #5349Vengadesh
ParticipantHi Rondini,
In the custom login Since the iPlanetDirectoryPro Cookie created by us, anyone can steal the cookie and misuse of that right?
How do we protect this cookie? Are we missing out anything?
Thanks
September 2, 2015 at 10:12 pm #5350Vengadesh
ParticipantDo we have to consider cookie properties like Secure cookies and HttpOnly cookie while creating the cookie?
September 14, 2015 at 11:39 am #5450BAO
ParticipantHi everybody,
For my job, I have to create a customized login page and to use the Openam API to authenticate users.
I just had a simple login page with Angular JS and a simple Javascript code, but it doesn’t work…
Someone can help me, please ?
Below my code :************************************ index.html *******************************************
<!DOCTYPE html>
<html>
<script src= “http://ajax.googleapis.com/ajax/libs/angularjs/1.3.14/angular.min.js”></script>
<script src=”openamScript.js”></script>
<head>
<meta charset=”ISO-8859-1″>
<title>Openam RESTFul Services</title>
</head>
<body>
<div ng-app=”openamTestApp” ng-controller=”loginController”>
<h3>Enter a login and a password</h3>
<form novalidate>
Login <input type=”text” ng-model=”login” /><p/>
Password <input type=”password” ng-model=”password” /><p/>
<button ng-click=”loginMethod()”>OK</button>
</form>
<p>TokenId : {{tokenId}}</p>
</div>
</body>
</html>************************************ openScript.js *******************************************
var app = angular.module(‘openamTestApp’, []);
app.controller(“loginController”, function($scope, $http) {
//Method to get a tokenId from Openam and a success URL
$scope.loginMethod = function(){
$http({
method : ‘POST’,
headers : {
‘X-OpenAM-Username’ : $scope.login,
‘X-OpenAM-Password’ : $scope.password,
‘Content-Type’ : ‘application/json’,
},
url : ‘http://localhost:8080/openam/json/authenticate’
}).
then(function(){
//If the user is logged
$scope.tokenId = ‘successful’;
},
function (){
//If the login is failed
$scope.tokenId = ‘Failed !’;
});
};
});Thank you for your helps.
-
This topic was modified 6 years, 10 months ago by
-
AuthorPosts
You must be logged in to reply to this topic.