I have installed OpenAM in domain 1, and my application is in domain 2 protected with J2EE agent,My question is, Once I get access to my application after authentication do the agent contacts over the network to openam(for authorization), for every click I make on my application,If the answer is yes than what will be the performance impact if my agent and openam is in two domains which are geographically separated, If the answer is no,how does an agent invalidates an access to my application,when admin invalidates a user session from openAm home page.
How J2EE Agent contacts OpenAm?
756 Views Asked by Phalguni At
2
There are 2 best solutions below
0
5dB
On
By default OpenAM and J2EE Policy Agent communicates in Notification mode so OpenAM would notify (check notificationUrl field in config properties) an agent for any Logout events. Now, as mentioned by @warren-strange a J2EE Policy Agent periodically sends request to OpenAM server and that way it would be able to know if Token exists and is valid.
Related Questions in OPENAM
- OpenAM Community Edition with Vue SPA / CORS Settings
- Can we extend OPENAM session time by a specific time period?
- Websphere liberty - how to disable user credentials pop-up for basic registry credentials
- Unknown objectclass inetadmin when trying to create user in opendj through openam
- How to Downgrade ForgeRock AM from 720 to 653
- Failed to configure ForgeRock openAM deployment
- Traefik Proxy update response cookies SameSite to None
- how can i connect openam7 with mysql in ubuntu 22.04
- How to install high availability of OpenAM version 14
- Setting Client_Secret white fetching tokens using ForgeRock Javascript SDK
- How to I add validation for user not present in the database after open AM Authentication
- Facing an Forgerock object execption in OpenDJ Reset password with OPenAM
- Have to decrpt a SHA1 password to Forgerock OpenIDM
- ForgeRock OpenAM 5.5 Sign-in Sticky Session
- Authentication and getting attributes using componentspace SAML library with ForgeRock backend in .NET core
Related Questions in CROSS-DOMAIN-POLICY
- Response body is not available to scripts (Reason: CORS Allow Origin Not Matching Origin) in response header of browser - [AJAX Call]
- How to detect a click event on specific button in cross domain iframe?
- How to access my domain cookie on another domain inside script file
- CakePHP 4.2: Download link from Gmail does not work
- Javascript cross-origin exception on Chrome but not on Firefox
- Third Party Cookie Blocking issue using ajax http calls in 2021 (ITP restrictions)?
- How to read cross-origin CSS rules with JavaScript?
- Is there a way to login user in an iframe (origin abc.com) on website 123.com
- Can an iframe specify a whitelist of domains that can access its innerHTML, contentWindow, contentDocument etc?
- Call to my rest service from Angular app hosted in Asp.net core web server blocked by CORS policy
- Simulate mouse click with exact X/Y coordinate in JavaScript without document.elementFromPoint
- Sending requests to facebook as a user from a third-party app
- Access to XMLHttpRequest has been blocked by CORS policy in ASP.NET CORE
- Inconsistency in performing Cross Origin requests using actionscript
- Render dynamic content in iframe base on parent
Related Questions in OPENSSO
- OpenAM Web Agent Redirect Issue #403x
- Can we have two entries in AMConfig.properties for `com.iplanet.am.server.host`?
- OpenAm how to redirect to template in callback (proceess method)
- Domino SAML Login - access secured resources through API
- How to parse OpenAM XACML using JVM?
- Get resource list from OpenAM
- Where to save user quota data? In LDAP or RDBMS?
- Changing LDAP datastore config from OpenAM SDK
- How to create a user in OpenAM with create realm privilege?
- How to configure Oracle OpenSSO Fedlet with multiple service providers in ASP.Net?
- How to setup IDP from scratch using opensso library?
- SAML 2.0 TO OAUTH
- Why is kerberos commonly used with Openam?
- Does OPENAM support SHA-256 encryption
- Opensso support for Apache 2.4 and Tomcat 7+
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
The agent needs to communicate with OpenAM for authorization decisions, but it will cache the resulting decision so subsequent evaluations will be local.
OpenAM can call back the agent in the container (that is what agentapp.war is for). This can be used to notify the agent that the users session is no longer valid. For example, if they logged out of OpenAM, or their session expired.
The performance impact will be very small. OpenAM is supporting installations with tens of millions of users - so unless your site is very large this will not be an issue.
You generally want to localize the agent to OpenAM traffic to the same data center when possible. If you had multiple regions you would want to have OpenAM instances in those regions. They can be configured to fail over to each other if required.