June 24, 2016 at 8:21 am #11547
I am using OpenAM 12 version for development environment i am stuck at web service security using OpenAM.
what is the best way to secure my web services using openAM .
i don’t find any documentation related to this in OpenAM. But OpenSSO provides some kind of documentation .
is this same approch will work in openAM and is there any better approach supported by openAM.
i just want to know is there any better approach in OpenAM ?
June 25, 2016 at 3:12 am #11574Peter MajorModerator
- This topic was modified 6 years, 5 months ago by Bhargava.bada.
Are you talking about WS-* web-services?June 25, 2016 at 9:35 pm #11580
Hi Peter ,
we have couple of restful services built in our applications . clients are already using those restful services . we need to Authenticate these requests against OpenAM via HTTP Basic Authentication .
we tried by using OpenAM HTTP basic Authentication . But Agent Always redirects the call to OpenAM so client program is receiving 302 .
BhargavaJune 27, 2016 at 12:56 pm #11595andyrParticipant
We may be looking at a similar situation. I was told once that the OpenAM web agent is not suited to secure web services, as unauthorised requests will return a 302 as you’ve seen.
Apparently this is something OpenIG may be better suited for, and can hook into OpenAM policy rules (so I’ve heard, I’ve not tried this).June 27, 2016 at 1:29 pm #11597
Hi Andy ,
we have different options . but we are trying to do best and cleaner approach through J2ee Agent itself .
we are trying with Non enforced URI and calling the OpenAM REST API authentication for Rest calls .
now we are trying to identify what is cost of doing OpenAM rest API authentication becasue t requires multiple Rest calls to authenticate .
Also from the OpenAM developers I just want to know is there any better approach/configuration can achieve through agent itself .
You must be logged in to reply to this topic.