0

I have setup OpenAM (SingleSignOn) and can login successfully. The next step (dont know if this is possible) is to send extra parameters with the auth request.

i.e.: http://auth.mysite.com/openam/identity/authenticate?username=gareth&password=myFirstPassword&uri=realm%3Dboohoo&extraParam=whateverIWant

As you can see, i want to send some custom data which relates to the user.

Is this possible with OpenAM?

Cheers.

Gareth H
  • 103
  • 2
  • 14

1 Answers1

0

Using REST-based Identity Web Services this is not possible as the HttpRequest is not passed through.

Also down beneath AuthContext based auth is used which works an callbacks ... see javadoc.

The question is what do you want to do with this extra parameter?

Bernhard Thalmayr
  • 2,674
  • 1
  • 11
  • 7
  • I am working on eCommerce website. As the customer doesnt have to be logged in, they can add items to a guest basket but can only purchase once logged in. We want to be able to send that guest basket with the login data, so we can check other channels (we have multiple web frontends which are separate of one another) and merge the baskets so the customer only has one global basket. We use a SaaS platform, so do not have full control of the frontend, so am unable to login the user, AND THEN make the basket request afterwards. Hope that makes sense. – Gareth H Nov 15 '12 at 10:50
  • PS. We dont have to use the REST API, i just provided that as an example. We can also use the "frontend" login page - not sure what you'd call this... – Gareth H Nov 15 '12 at 10:52
  • /UI/Login can handle extra request parameters and you should be able to access those from a custom authentication module (AMLoginModule#getHttpServletRequest). But you need to make sure that the absence of the parameter and/or modified value (since user can change it) is properly handled. – Peter Major Nov 16 '12 at 00:30
  • @PeterMajor: I have currently implemented a custom IdRepo as per these 2 links: http://www.badgers-in-foil.co.uk/notes/installing_a_custom_opensso_identity_repository/ and https://wikis.forgerock.org/confluence/display/openam/Develop+and+Deploy+a+Custom+IdRepo+Plugin - Would i still use this code? or would this be binned and i'd now use the customer AMLoginModule that i'd need to write? Just trying to understand how things fit together. Cheers. – Gareth H Nov 16 '12 at 08:41
  • IdRepo is an abstraction layer for managing user profiles. While it has an authenticate method, it won't have access to request parameters simply because it is a much lower level API (The DataStore module is actually using the authenticate method on the configured data stores). A custom authentication module however is actually handling user authentications and there you have access to the request as well (with the aforementioned limitations of course). – Peter Major Nov 21 '12 at 22:25
  • @PeterMajor thanks for that. While doing some googling, i also spotted: http://docs.forgerock.org/en/openam/10.0.0/dev-guide/index.html#chap-post-auth which sounds like it fits my problem. i.e.: i can access the raw request on login success, do the work and then let openam carry on and do its stuff with saml. Obviously, i think it means i can keep my custom id repo and then bolt on the post auth plugin. Does this sound possible? – Gareth H Nov 23 '12 at 10:15