OpenAM 12 tricks: I recently had to find a solution built on OpenAM where the business requirements were to be able to display a form to end users accessing a SAML SP (among several) for the first time, in order to let them make a choice upon which SAML assertions content generated by the OpenAM IdP would change.
There are actually multiple hooks in OpenAM and one way to accomplish that is to develop a custom SAML attribute mapper class on the OpenAM IdP side.
I was also asked how to avoid the OpenAM OAuth2 provider from displaying the user consent page, after authentication, in the code or implicit grant flow. One way to do that, on a per user basis, is to provision the user profile with the attribute chosen to store user consents.
This multi-valued attribute has to be set in the OpenAM (OAuth2 provider and datastore) configuration of course, and each value must be a string representing the client ID and a space separated list of scopes to allow.
For example: myClientID openid profile
Specialised in IAM (security, access control, identity management) and Open Source integration, settled in 2004 by IAM industry veteran, JANUA offers high value-added products and services to businesses and governements with a concern for Identity Management and Open Source components.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
Les derniers articles par janua (tout voir)
- New Keycloak online training - 19 janvier 2022
- Sizing Keycloak or Redhat SSO projects - 8 juin 2021
- Keycloak.X Distribution - 28 janvier 2021