2 Replies Latest reply on Dec 8, 2011 6:19 AM by 796252

    Integrating OpenAM with WebApplication


      I have a simple web application which authenticates users via username/password entries in the database. The webapplication lies within the enterprise network

      Now we are trying to implement SSO using OpenAM, for this web application. OpenAM is deployed within the DMZ of enterprise.

      I would like to continue to use the authentication already provided by the web application. I do not want to replicate the userName and Password combinations to the OpenAM datastore.

      The scenario would be as follows

      1. Enterprise user (within the network) access the web application via browser.
      2. The request is redirected to openAM login page
      3. OpenAM internally uses the web application authentication (which could be exposed as a webservice)
      4. After authentication user can navigate to other web applications (like Salesforce) without needing to login again.

      1. Should i implement a customized authentication using openAM as described @ http://openam.forgerock.org/doc/dev-guide/OpenAM-Dev-Guide/chap-auth-spi.html
      Should i implement a post authentication plugin using openAM as described @ http://openam.forgerock.org/doc/dev-guide/OpenAM-Dev-Guide/chap-post-auth.html

      2. How do i manage to implement this using federated SSO. The link @ http://developers.sun.com/identity/reference/techart/app-integration.html provides integration pattern for delegated SSO