July 28, 2015 at 4:18 pm #4882martinvisParticipant
We are evaluating OpenAM as our SSO solution. Currently we would like to authenticate user anonymously for some pages (to track anonymous users across our web applications) but for other pages we would like to require username/password authentication.
According to documentation this should be possible by setting the appropriate authentication levels for different authentication method instances and setting the required authentication level in policy settings. During our testing, when visiting url with web agent policy set to higher authentication level we get a redirect loop between OpenAM and web agent. It seems that the web agent got an advice from OpenAM that it needs higher authentication level and redirects to OpenAM but OpenAM immediately redirects the user back to the web agent. So far we were not able to overcome this problem.
Is there any more detailed documentation or example article how to achieve this ? To require user to have stronger authentication for some pages ?
Thank you very much in advance.July 28, 2015 at 6:40 pm #4884Chris LeeParticipant
As I understand it what you’re looking to do is possible, but you may be hitting a bug in the code.
There’s a fixed bug in our tracking system that may be related, perhaps it helps?: https://bugster.forgerock.org/jira/browse/OPENAM-5234
A patch is attached to the issue that may get you past the problem you’re having.
Hope it helps!
ChrisJuly 29, 2015 at 9:05 am #4892martinvisParticipant
thanks a lot for your help and quick response. Our problem really was caused by this bug in XUI.
We got it working in 12.0.0 by simply turning off XUI for now, probably better to wait till 12.0.2 release for production use.
You must be logged in to reply to this topic.