0

I have a requirement where I need to to do cross domain SSO using openAM. The SP server has a different cookie than the IDP. I need to access the IDP cookie to retrieve the IDP datastore user details. The SP uses a anonymous user.

Soumyajit Swain
  • 1,298
  • 1
  • 21
  • 35

3 Answers3

1

IdP and SP are terms of standardsbased SSO using federation protocols like those defined in SAML standard. SAML does not rely on cookies as SSO tracking mechanism. (except from IdP discovery).

OpenAM's proprietary SSO mechanism relies on cookies.

If you mean by 'SP' a web-app protected by an OpenAM agent (url or policy agent) then you have to configure the agent to run in so called CDSSO mode.

Unfortunatley it's not really clear what you want to achieve.

You may look at the tech-overview from OpenSSO (http://docs.oracle.com/cd/E19681-01/820-3740/index.html) first as OpenAM does not have such a doc yet.

Bernhard Thalmayr
  • 2,674
  • 1
  • 11
  • 7
  • I am looking for a way to use the http:///openam/cdcservlet. The document doesn't say what are the query parameters requires for the servlet.Can I call the servlet directly from my web application and get the cookie? – Soumyajit Swain Oct 30 '12 at 09:49
  • CDCServlet is the proprietary way to implement CDSSO, but basically a policy agent - when correctly configured - can automagically generate these parameters and process the LARES response (which is POSTed to an agent endpoint -> that one actually contains the sessionid, so the agent creates the cookie for you based on that). – Peter Major Nov 11 '12 at 14:05
  • Finally setup the CDSSO using OpenAM. The below can be useful with similar issues. http://soumyajitswain.blogspot.in/2012/12/cross-domain-sso-with-openam.html – Soumyajit Swain Dec 27 '12 at 10:43
1

I implemented a cross domain solution using the instructions present in this tutorial: http://fczaja.blogspot.com/2012/06/idp-initiated-sso-and-identity.html

Please go through it and see if it is helpful for you as well. Thanks.

Apoorve
  • 165
  • 3
  • 9
0

I managed to implement the cross domain SSO using the rest API of openAM. The openAM authentication call returns a tokenId on successful login. This I stored and shared between all domains and it worked.

Soumyajit Swain
  • 1,298
  • 1
  • 21
  • 35
  • I used the openam cdsso url with tomcat j2ee agent.I have listed down the steps in my blog. http://soumyajitswain.blogspot.in/2012/12/cross-domain-sso-with-openam.html – Soumyajit Swain Sep 26 '13 at 11:58