Openam Login page customization

This topic has 2 replies, 2 voices, and was last updated 6 years ago by Fernando A. Barbeiro Campos.

  • Author
    Posts
  • #13071
     sathishgr8
    Participant

    Hi,

    We are trying to implement our own set of login pages and use openam for sso.

    Currently we have tried to customize the login screen provided in the documentation and successful in it.

    But our new requirement is to host the login page in a separate container (not in openam war)
    And the container will have a policy agent installed, which communicates with openam server.

    Went through this document of openam, but it doesn’t give us an input of the procedures to be done for the separate container deployment.
    https://backstage.forgerock.com/#!/docs/openam/11.0.0/install-guide/chap-custom-ui

    When we saw the network, the openam xui uses
    /json/authenticate – for sso token generation. we will do it and set the iplanetdirectorypro cookie.

    json/users?_action=idFromSession – have no clue why this is used? should we use it for our new login page as well?

    users/amAdmin – the profile of amAdmin is sent back from the openam server. do we require to do it?

    json/users?_action=validateGoto – goto redirect to the requested page. should we do it? or policy agent will take care of it?

    Any help will be much appreciated.

    Thanks,
    Sathish G

    #13072

    Hi Sathish,

    I don’t know whether it’s your scenario or not, but if you’re willing to implement an authentication based on username / password, maybe a Zero Page Login could be suitable for you.

    Essentially, according the doc, all that you have to do is implement a mechanism that do a post for a defined endpoint openam/json/authenticate:

    $ curl \
    --request POST \
    --header "Content-Type: application/json" \
    --header "X-OpenAM-Username: demo" \
    --header "X-OpenAM-Password: changeit" \
    --data "{}" \
    https://openam.example.com:8443/openam/json/authenticate
    { "tokenId": "AQIC5w...NTcy*", "successUrl": "/openam/console" }

    This tokenId is the cookie that you must propagate through iPlanetDirectoryPro.

    Hope that can help, if not, I’m sure that the rest of the community are able to provide another options.

    Regards,
    Fernando

    #13073

    By the way, just to help:

    https://backstage.forgerock.com/#!/docs/openam/13.5/dev-guide

    Look for 2.1.1.4. Authentication and Logout

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?