How to implement openAM SSO to my existing web applications

AKZap picture AKZap · May 7, 2013 · Viewed 12k times · Source

I'm try to implementing SSO in my existing web applications with using OpenAM by refer following link

http://fczaja.blogspot.com/2012/06/idp-initiated-sso-and-identity_21.html

PS. my web applications have their own login page already

Now what is got after implementation is, openAM login page are protected in my web applications and i need to make login again to my application

what i need is, want to skip the login page of my application to become single sign on.

so, can anyone tell me what tasks need i do left? do i need to revise my Login page of my application? do i need any database or datastore to keep user login information?

Answer

David van Zijl picture David van Zijl · Jun 23, 2013

Now that an OpenAM agent is in place on top of your app, your web app can work under the assumption the there is already a valid logged-in user - you need to remove the login page from your web app.

To get the current user details just alter your OpenAM agent config to set HTTP headers with relevant fields like username, full name, etc. Then instead of a web app login page you just check HTTP headers (should be safe from spoofing as long as the only route into your web app is coming through the OpenAM agent).

Another way is to grab the OpenAM cookie and use it to make REST calls directly to the server. Makes things a little more fragile though because you now need to maintain additional config.

You don't necessarily need any additional user tables / datastores for your web app, only if you need to map their login name to whatever it is your web app is doing (saving preferences, etc) in which case you need to check that the username you've been given already exists inside your app. If not then add it.