You are viewing the documentation for the current version.
This page is also available in versions: 7.6, 7.7, 7.8, 8.0, 8.1, 9.0, 9.1, 9.2, 9.3, 9.4, 9.5 (current), devel

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

9.5:documentation:modules_openam [2019/03/01 13:29] (current)
Line 1: Line 1:
 +<- .:​modules_reg | Modules - User registration [reg] ^ .:start | Documentation ^ .:​modules_pwd | Modules: password reset  [pwd-reset] ->
  
 +====== Modules - OpenAM authentication [openam] ======
 +
 +The module enables Single-Sign-On and authentication against OpenAM for CzechIdM. It also provides REST endpoint for retrieving users' OpenAM attributes, e.g. uid, dn, destinationindicator.
 +
 +===== Authentication process =====
 +If the OpenAM authentication is successful, the user gets OpenAM token. This token is set to the cookie for the current domain. If users credentials are not correct or if they don't exist in OpenAM at all, they can still authenticate by standard CzechIdM authentication (local authentication).
 +
 +===== SSO =====
 +When unauthenticated users come to CzechIdM and have the cookie with OpenAM token, the value of the token is validated against OpenAM. If the token is valid, the filter retrieves the user's login from OpenAM attributes and logs them in.
 +
 +====== Read more ======
 +
 +===== Admin tutorials =====
 +  * [[tutorial:​adm:​modules_openam| OpenAM module - installation and configuration]]
 +
 +===== Admin guide =====
 +  * [[.adm:​openam|OpenAM overview]]
 +
 +===== Devel tutorials =====
 +  * [[tutorial:​dev:​add_authentication_method| Authentication - create a new authentication method]]