I am new to security domain, so don't know whether this question is valid to be asked here. I am currently using OpenAM for the security of my web application with J2ee agent, now I find that OpenAM can do authorization with OAUTH as well as on the basis policies defined, now both openam and oauth develops tokens for valid users, and do not share user credential with the application, so how different are the two? My second question is if my application does not support oauth like google and facebook what basic things I need to do to implement oauth into my application.
Difference between OAUTH authorization and OpenAM authorization
2k Views Asked by Phalguni At
1
There are 1 best solutions below
Related Questions in OAUTH
- Using html5 localstorage instead of cookies with passport.js
- OAuth integration with QuickBooks using Scribe
- OAuth with Developer tokens
- Oauth in Tyrus WebSocket
- Accessing Picasa Web API using PHP
- how can I access user details through "oauth_token" from twitter api in ionic framework
- Is my JWT refresh plan secure?
- When to refresh token?
- SignalR oAuth on self host
- Bearer token in MVC controller to access Web API
- OAuthorization through app or web api
- Authenticating mobile app login using webservice using oauth connection
- Testing local rails application with OAuth
- Configure the authorization server endpoint
- Azure Active Directory Login: Web App Permissions, User Consent not triggered
Related Questions in OPENAM
- OpenAM : Can't login with custom authentication module
- openam installation error: Rebuilding OpenDJ indexes...Failed 1
- OpenAM or OpenSSO fedlets as SP and ADFS as IdP without full implementation of OpenAM or OpenSSO?
- OpenAM 12.0 XUI javascript error
- OpenAm with Tivoly Directory Server
- OpenAM : How to create the profile on login dynamically
- OpenAM, OpenId, REST API, In-House applications: how do I connect them all?
- OpenAM Agentless Architecture options
- Spring Oauth 2 SSO, Zuul and OpenAM integration
- How to form SP initiated URL for openam/saml2 with ADFS?
- OpenAM Policy Evalution is slow with 100s of users
- Openam and OpenDJ Integration issue: authorization failure
- open custom authentication module access http session
- Check custom LDAP attribute in OpenAM 13
- control-panel not list iPlanetAMPolicyService - openam 13
Related Questions in OPENSSO
- OpenAM or OpenSSO fedlets as SP and ADFS as IdP without full implementation of OpenAM or OpenSSO?
- OpenAM : How to create the profile on login dynamically
- SAML 2.0 TO OAUTH
- How Identity Managment can value add into single-sign-on system
- Where to save user quota data? In LDAP or RDBMS?
- Get resource list from OpenAM
- How to parse OpenAM XACML using JVM?
- SAML 2.0 AuthnRequest AudienceRestriction
- Cross domain sso with OpenAM with SAML 2.0
- OpenAM J2EE Agent 3.2.0 SNAPSHOT - ERROR
- IdRepoPluginsCache.getAMRepoPlugin: Unable to instantiate plugin for Org: Error in OpenAm
- Not able to configure J2ee agent on adding my customized data store for users
- How J2EE Agent contacts OpenAm?
- Difference between OAUTH authorization and OpenAM authorization
- What ever happened to OpenSSO?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
OpenAM supports OAuth based authorization if that is what your confusion is about. It also supports
1) OpenID Connect 2) SAML
Your application can use either of these to get authorization from OpenAM. Your application can also use the REST APIs for this purpose. The choice is yours.
As far as the tokens go, OAuth tokens are different from OpenAM Tokens. OAuth tokens include
1) refresh_token 2) access_token
The access_token is used for making oauth based calls. However, OpenAM tokens are basically what is there in the cookie or what you get via the REST API.
Regarding your second question, to support OAuth, you would need to use a oauth client library and enable oauth on the server side (in this case OpenAM). This client library would be dependent on the language you choose to write this application.