How to use our own login page instead of OpenAM default login page?

Tagged: ,

This topic has 35 replies, 9 voices, and was last updated 5 years, 3 months ago by [email protected].

  • Author
  • #4932

    Is there a way to use our own login page instead of OpenAM default login page? Anyone had implemented this in the past? Kindly help me in this?

    PS: I don’t want to customize the default login page of OpenAM.


    • This topic was modified 6 years, 10 months ago by Peter Major.
     Brad Tumy

    Take a look at the REST authentication section in the latest OpenAM documentation.



    I have seen the REST API’s and I’m able to successfully invoke those and get the ssotoken, success url back. but I have few questions

    1. what to do with this ssotoken and success url? do we have to redirect the user directly to the target?
    2. Do we have to set the cookie?

    can you please guide me on this?


     Rogerio Rondini

    Hi Venga,

    When you use REST API instead of standard Login page, you need to do some thing that OpenAM already do for you.

    One of that, and the most important, is to setup the Cookie “iPlanetDirectoryPro” with the “tokenid” returned on the JSON response of the json/authenticate service. You need to take care on:
    1. Cookie name need to be “iPlanetDirectoryPro” unless you changed the cookie name in the OpenAM configuration.
    2. Cookie domain need to be the same domain of OpenAM Server.
    3. Cookie can not expires.

    After you set the cookie, you can redirect to your client app. If you`ve installed Policy Agent, it will get the cookie and SSO will works. I think you can not take care with Success URL, just redirect to you target application.

    Rogerio Rondini


    Hi Rarondini,

    Thank you very much for your inputs.

    i have one more question.
    if you could see by default, if an user hits a protected resource then he will be redirected to the openam login page with goto url.

    how to redirect the user to my own login page when user hits the protected resource. Is there any place in openam or agentconfiguration, we have to mention our own login page url?

    I tried updating the agent configuration with my login page url but it’s not getting reflected. though the default login page is commented out, agent is still redirecting me to the old login page.
    # Specifies the login URLs to be used by the Agent to redirect
    # incoming users without sufficient credentials to the OpenAM
    # authentication service.
    # Hot-Swap Enabled: Yes
    #com.sun.identity.agents.config.login.url[0] =
    com.sun.identity.agents.config.login.url[0] =

    It would be great if you can help me with this.


     Rogerio Rondini

    Hi Venga,

    If you had installed agent as Centralized, i.e, your agent profile in OpenAM Server has the configuration “Location of Agent Configuration Repository” as “centralized”, you need to change configurations in the OpenAM Server instead of in

    Open your Agent Profile Configuration -> OpenAM Server -> OpenAM Login URL and replace the default URL.



    Hi Vengades,

    Do you have a working solution?
    I have a same issue, I use java and OpenAM SDK.

    Link of my issue: post-4952

    • This reply was modified 6 years, 11 months ago by soma.

    Ohh Yes.. finally it worked.

    thank you very much.


    Hi Soma,

    I have done a POC on this and it worked fine using the OpemAM REST API’s.



    Hi Rondini,

    I’m again back with another doubt. In case of federation openam doesn’t require any agent.. If so then how do we redirect the user to our custom login page when he/she performs IdP/SP initiated federation?

    Can please clarify this one?

     Rogerio Rondini


    So.. Usually, your Service Provider configuration has a “Sign-in Page” (as Google) or “Identity Provider Login URL” (as SalesForce). I believe you can setup any authentication page in these fields.

    You just need to remember to setup the right cookie (iPlanetDirectoryPro) and redirect to IDP end point like “../openam/SSOPOST/metaAlias/idp” or “../open/SSORedirect/metaAlias/idp” after authentication, and leave the rest of the service to OpenAM.



    Thanks for your inputs Rondini..! scenario worked fine.


    Hi Rondini,

    In the custom login Since the iPlanetDirectoryPro Cookie created by us, anyone can steal the cookie and misuse of that right?

    How do we protect this cookie? Are we missing out anything?



    Do we have to consider cookie properties like Secure cookies and HttpOnly cookie while creating the cookie?


    Hi everybody,

    For my job, I have to create a customized login page and to use the Openam API to authenticate users.
    I just had a simple login page with Angular JS and a simple Javascript code, but it doesn’t work…
    Someone can help me, please ?
    Below my code :

    ************************************ index.html *******************************************
    <!DOCTYPE html>
    <script src= “”></script&gt;
    <script src=”openamScript.js”></script>
    <meta charset=”ISO-8859-1″>
    <title>Openam RESTFul Services</title>
    <div ng-app=”openamTestApp” ng-controller=”loginController”>
    <h3>Enter a login and a password</h3>
    <form novalidate>
    Login <input type=”text” ng-model=”login” /><p/>
    Password <input type=”password” ng-model=”password” /><p/>
    <button ng-click=”loginMethod()”>OK</button>
    <p>TokenId : {{tokenId}}</p>

    ************************************ openScript.js *******************************************
    var app = angular.module(‘openamTestApp’, []);
    app.controller(“loginController”, function($scope, $http) {
    //Method to get a tokenId from Openam and a success URL
    $scope.loginMethod = function(){
    method : ‘POST’,
    headers : {
    ‘X-OpenAM-Username’ : $scope.login,
    ‘X-OpenAM-Password’ : $scope.password,
    ‘Content-Type’ : ‘application/json’,
    url : ‘http://localhost:8080/openam/json/authenticate&#8217;
    //If the user is logged
    $scope.tokenId = ‘successful’;
    function (){
    //If the login is failed
    $scope.tokenId = ‘Failed !’;

    Thank you for your helps.

Viewing 15 posts - 1 through 15 (of 36 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?