Is OpenAM supports Web Services Security Support?

This topic has 4 replies, 3 voices, and was last updated 6 years, 5 months ago by Bhargava.bada.

  • Author
    Posts
  • #11547
     Bhargava.bada
    Participant

    Hi All,
    I am using OpenAM 12 version for development environment i am stuck at web service security using OpenAM.

    what is the best way to secure my web services using openAM .

    i don’t find any documentation related to this in OpenAM. But OpenSSO provides some kind of documentation .
    https://docs.oracle.com/cd/E19575-01/820-4803/ghupc/index.html

    is this same approch will work in openAM and is there any better approach supported by openAM.

    i just want to know is there any better approach in OpenAM ?

    Thanks
    Bhargava

    • This topic was modified 6 years, 5 months ago by Bhargava.bada.
    #11574
     Peter Major
    Moderator

    Are you talking about WS-* web-services?

    #11580
     Bhargava.bada
    Participant

    Hi Peter ,

    we have couple of restful services built in our applications . clients are already using those restful services . we need to Authenticate these requests against OpenAM via HTTP Basic Authentication .

    we tried by using OpenAM HTTP basic Authentication . But Agent Always redirects the call to OpenAM so client program is receiving 302 .

    Thanks
    Bhargava

    #11595
     andyr
    Participant

    We may be looking at a similar situation. I was told once that the OpenAM web agent is not suited to secure web services, as unauthorised requests will return a 302 as you’ve seen.

    Apparently this is something OpenIG may be better suited for, and can hook into OpenAM policy rules (so I’ve heard, I’ve not tried this).

    #11597
     Bhargava.bada
    Participant

    Hi Andy ,

    we have different options . but we are trying to do best and cleaner approach through J2ee Agent itself .
    we are trying with Non enforced URI and calling the OpenAM REST API authentication for Rest calls .
    now we are trying to identify what is cost of doing OpenAM rest API authentication becasue t requires multiple Rest calls to authenticate .

    Also from the OpenAM developers I just want to know is there any better approach/configuration can achieve through agent itself .

    Thanks
    Bhargava

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?