Reputation: 53
OpenAM custom realm for J2EE Agent
I have an issue to force openAM to log in using my custom realm. I have configured my J2EE tomcat agent to use my custom realm /stmdevrealm:
com.sun.identity.agents.config.organization.name =stmdevrealm
My login page is accessible on http://login.stmdev.comp:9150/openam/UI/Login and my protected app is available on http://app.stmdev.comp:9140/agentsample/
When I try to log in to realm using http://login.stmdev.comp:9150/openam/UI/Login?realm=stmdevrealm I am able to log in successfully. However, when I'm accessing my protected app it uses default / realm.
Realm/DNS Aliases for "/" is set as
login.stmdev.comp
for "app" it is set as:
app.stmdev.comp
What did I miss? How to force my agent to use right realm?
Upvotes: 0
Views: 288
Answers (1)
Reputation: 2744
The realm where the agent profile exists is not related to the realm where user's should authenticate against.
Either change login URL property in the agent profile as you mentioned or use a separate DNS alias /FQDN for your sub-realm and specify this one.
However you need to consider the other use-case as well, where users have already a valid SSO Session but are authenticated in a different realm.
If you do not want to allow those users access to the protected app you need a proper policy condition
Upvotes: 1
Related Questions
- Issue with Configuring OpenAM Agent
- OpenAm agent for tomcat can not read authservice url?
- How to set custom realm in embedded tomcat server? I am using Spring Boot.
- Java Web Application: Using a custom realm
- Not able to configure J2ee agent on adding my customized data store for users
- How J2EE Agent contacts OpenAm?
- Tomcat 6 customized Realm
- Configuring OpenAM with Tomcat Agent
- OpenAM Tomcat J2EE Agent Configuration For Authorization
- Realm Configuration for Glassfish by Application like context in tomcat