Policy Agent vs OpenIG for new applications

This topic has 4 replies, 3 voices, and was last updated 6 years, 7 months ago by Peter Major.

  • Author
  • #8248

    For new applications, is it advisable to go with Policy agent approach or OpenIG approach.
    In documentation, I see that OpenIG is mainly for legacy applications. Is it true?
    But, problem with OpenIG is, it doesn’t support cross-domain single logout feature and this creates major issues when we have multiple applications integrated with OpenIG.
    But, policy agent supports CDSSO and I think even CD Logout.

     Rogerio Rondini

    Hi @nikarthik82,

    So… If you has a new application running in a JEE Server or Web Server which are supported by Policy Agent, and there are no restriction to install that, sure Policy Agent is better. In some case, you can use OpenIG AND Policy Agent together.

    Rogerio Rondini

     Peter Major

    Something else that you should take into account is that OpenIG is *really* good at protecting APIs, so if you want to use OAuth2 tokens to access your REST APIs then you could use OpenIG to protect your endpoints easily.


    In case I want to do a cross-domain SSO, what is the best option?
    I know we can use Policy agent approach or OpenIG approach. Problem with OpenIG approach is I can’t do a single logout across domains and that is a very complex problem to solve.
    But with Policy agent CDSSO, it is easy to handle SLO across domains.

     Peter Major

    I’m not sure why CDSSO logout is such a difficult thing to achieve. IMO you could easily just write a groovy script with OpenIG to send a logout request to OpenAM using an http client when “/logout” endpoint is accessed on the IG protected domain.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?