Re: [OpenAM] CDSSO triggered unexpectedly [SEC=UNCLASSIFIED]

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Re: [OpenAM] CDSSO triggered unexpectedly [SEC=UNCLASSIFIED]

Joel Pearson
> If cdsso.domain is irrelevant, then in which case is it ? What is it really used for ? The documentation is not clear about it.

I've noticed that you set this value when you have multiple servers using the same agent, but you want cdsso to still work.  However I don't think it's good practise to use using the same agent for multiple servers, because then only the original server will receive notifications from the OpenAM server.  There might be other uses for this value, but that's what I've seen so far, maybe if you could get to the same server with multiple hostnames you'd need to list all the values here.

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Cyril Grosjean
Sent: Sunday, 20 April 2014 9:13 PM
To: Users
Subject: Re: [OpenAM] CDSSO triggered unexpectedly

Thank you for your answer Bernhard.
If cdsso.domain is irrelevant, then in which case is it ? What is it really used for ? The documentation is not clear about it.

 From your answer, I understand the J2EE agent can not be used on a server with virtual hosts, where access to some virtual hosts should trigger usual SSO and access to other virtual hosts should trigger CDSSO.

I tested that even when using the conditional login URL feature to force usual SSO instead of CDSSO, the usual redirect to the OpenAM login page occurs (for the desired URL's only, as expected), but with a goto URL set to /agent_deployment_uri/sunwCDSSOfilter,
which tends to mean using SSO and CDSSO on the same J2EE agent protecting multiple virtual hosts is not supported.

In my use cases, I don't care about using SSO rather than CDSSO or both.
It's just that CDSSO with the J2EE agent with virtual hosts doesn't look mature to me. As you mentioned in a previous thread, support for virtual hosts with the J2EE agent still looks limited.

I did not manage to understand why I got error 500 after the LARES POST, I lost too much time with that and I'm now testing with an Apache reverse proxy+Web Agent instead ..

OpenAM mailing list
[hidden email]

This message contains privileged and confidential information only
for use by the intended recipient.  If you are not the intended
recipient of this message, you must not disseminate, copy or use
it in any manner.  If you have received this message in error,
please advise the sender by reply e-mail.  Please ensure all
e-mail attachments are scanned for viruses prior to opening or

OpenAM mailing list
[hidden email]