A nice feature which comes with OpenAM agents 3.3 is the ability to define conditional login URLs.
Until that version, an agent would always redirect unauthenticated users to the same unique URL, with the usual com.sun.identity.agents.config.login.url parameter.
It’s now possible to redirect users to different URLs, based on the incoming user requests. You can use that feature for branding reasons for example, or simply to force authentication through a given authentication method.
For example, when you integrate an application thanks to form filling/password replay, while other applications support authentication based on HTTP headers provided by an OpenAM agent, and you have enabled Windows Desktop SSO authentication, you may want to avoid WDSSO for the application that require password replay, since WDSSO won’t allow OpenAM to capture the credentials.
Check this document and look for the com.sun.identity.agents.config.conditional.login.url parameter to learn about that new OpenAM agent feature, in the case of the J2EE agent:
J2EE agent conditional login URL
For the Web agent, see this document and look for the com.forgerock.agents.conditional.login.url parameter:
Web agent conditional login URL