Reputation: 862
Securing REST APIS using OpenAM 12.0 J2EE Policy Agents
I am new to OpenAM and trying to secure my webservices using OpenAM. I have installed J2EE policy agents using below information in the link.
https://wikis.forgerock.org/confluence/display/openam/Installing+Tomcat+6.0+Policy+Agent
I need to provide security for my REST APIs. So where should we need to configure the REST APIs in the OpenAM console.
Please provide me some links where i get some information.
Upvotes: 0
Views: 276
Answers (1)
Reputation: 2744
OpenAM policy agents are the OpenAM proprietary way to achieve (Web)SSO and authorizations. You could configure URL policies as described in the docs https://backstage.forgerock.com/#!/docs/openam/13/admin-guide#chap-authz-policy, however the REST client must obtain an SSOToken and send this along when accessing the REST service.
You could also use OAuth2 which would be a standards-based approach.
Upvotes: 1
Related Questions
- How should I ethically approach user password storage for later plaintext retrieval?
- OpenAM weblogic Policy Agent Installation
- OpenAM Policy Evalution is slow with 100s of users
- OpenAM J2EE agent installation bringing down tomcat
- OpenAM Policy Enforcement
- Securing webservices with OPENAM
- OpenAM Tomcat J2EE Agent Configuration For Authorization