request higher authentication level – redirect loop

This topic has 2 replies, 2 voices, and was last updated 7 years, 2 months ago by martinvis.

  • Author
    Posts
  • #4882
     martinvis
    Participant

    We are evaluating OpenAM as our SSO solution. Currently we would like to authenticate user anonymously for some pages (to track anonymous users across our web applications) but for other pages we would like to require username/password authentication.

    According to documentation this should be possible by setting the appropriate authentication levels for different authentication method instances and setting the required authentication level in policy settings. During our testing, when visiting url with web agent policy set to higher authentication level we get a redirect loop between OpenAM and web agent. It seems that the web agent got an advice from OpenAM that it needs higher authentication level and redirects to OpenAM but OpenAM immediately redirects the user back to the web agent. So far we were not able to overcome this problem.

    Is there any more detailed documentation or example article how to achieve this ? To require user to have stronger authentication for some pages ?

    Thank you very much in advance.

    #4884
     Chris Lee
    Participant

    Hi there,

    As I understand it what you’re looking to do is possible, but you may be hitting a bug in the code.

    There’s a fixed bug in our tracking system that may be related, perhaps it helps?: https://bugster.forgerock.org/jira/browse/OPENAM-5234

    A patch is attached to the issue that may get you past the problem you’re having.

    Hope it helps!

    Kind regards,
    Chris

    #4892
     martinvis
    Participant

    Hi Chris,

    thanks a lot for your help and quick response. Our problem really was caused by this bug in XUI.

    We got it working in 12.0.0 by simply turning off XUI for now, probably better to wait till 12.0.2 release for production use.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?