Install the webagent4 in sso-only mode. Create an application which uses dynamic URL values (with or without query parameters).
Each individual application url is validated against OpenAM SessionService and stored in cache. If agent has configured with Profile and/or Policy attributes - there is an additional PolicyService request too.
Only the first application resource is validated against SessionService - all the rest of the resources should be served from the cache. This is the agent3 behaviour running in sso-only mode.