Uploaded image for project: 'OpenAM Agents'
  1. OpenAM Agents
  2. AMAGENTS-3099

com.forgerock.agents.accept.ipdp.cookie: Add SAML+agent 5 protected apps as a valid scenario for setting it

    Details

      Description

      Assumption: AM is configured as IdP with an external login page (using the “Auth URL” parameter as defined at https://backstage.forgerock.com/docs/am/6.5/saml2-guide/#idp-assertion-processing) and a 5.6.2 Apache Web agent is also used to protect some applications using the same custom login page.

      Use case: accessing a SAML based protected app and then an agent protected app require to set the com.forgerock.agents.accept.ipdp.cookie agent parameter to a non default value, otherwise, the SSO will not happen, the user will be redirected to AM when accessing the agent protected app.

      Current doc status:

      According to https://backstage.forgerock.com/docs/openam-web-policy-agents/5.6/web-agents-guide/#web-agent-profile-properties, about the com.forgerock.agents.accept.ipdp.cookie parameter, the user guide says:

      Set this property when your end users access resources protected by both Web Agents 4.x (which use SSO tokens) and 5.x (which use OpenID Connect JWTs). Converting the SSO token to a JWT will ensure a seamless experience to the user without additional redirection or re-authentication.

      Requested improvment: mention (in some way, possibly rephrasing and summarizing better than here) that the SAML + agent 5 scenario is also a valid scenario for using the above ipdp.cookie parameter (and thus setting it to a non default value).

        Attachments

          Activity

            People

            • Assignee:
              cristina.herraz Cristina Herraz
              Reporter:
              cgrosjean Cyril Grosjean
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: