Openam supports machine to machine certificate authentication or not

This topic has 5 replies, 3 voices, and was last updated 6 years, 3 months ago by srastogi.

  • Author
  • #10911


    Does OpenAM supports machine to machine certificate authentication. If yes, is there any related document or can anyone please share the link to configure the same.



    Any comments on the above raised query..whether it is achievable or not..

     Peter Major

    I’m sure you have read the documentation already, but in case not, does this help:!/docs/openam/13/admin-guide#cert-module-conf-hints ?


    Thanks Peter for your response.

    Currently user’s certificate based authentication we are not looking at,we want to understand OpenAM supports machine to machine certificate based authentication or not.

    If so, is there any standard document or link available. Because I think in the above shared link it is most likely talking about user certificate based authentication.

     Neil Madden

    The short answer is “it’s complicated”, I’m afraid.

    For connections from OpenAM to OpenDJ, you can configure client certificate authentication, but it was not possible to configure OpenAM to actually send a client certificate. OPENDK-2923 fixes this, but it is not yet available in any released version of OpenAM.

    For OpenAM to OpenAM connections (crosstalk), you should be able to accomplish this configuring the HTTPS connector in your container to require client certificates (this is container specific). If you do not also want to require all your users to present client certificates, then you will need to configure a second HTTPS connector for inter-server communications. However, this is a much less tested configuration. You would then need to configure your server URLs to point at the new connector (running on a different port), and set the* system properties to configure the client certificate. You can also set the opensso.protocol.handler.pkgs system property to com.sun.identity.protocol. This will use the same JVM system properties to set the keystore, but additionally allows you to set to name the alias of the certificate you want to use in the case where there is more than one key in that keystore.


    Hi Neil,

    Thanks for the update..

    Is there any document available which will help us to configure the same, try once.Because I tried a lot to find some link/document related to machine to machine authentication (OpenAM authentication to any of the server) but no luck.


Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?