Java Policy Agents 2023.3

Enable Custom Login Mode

Set the login redirection mode, as follows:

  • false: Use default login redirection mode.

    • The agent can redirect requests to any AM instance that supports the /oauth2/authorize endpoint. By default, this is the AM instance that is specified during installation.

    • The /oauth2/authorize endpoint returns an OIDC ID token. This is the only response the agent accepts.

    • Use with OAuth Login URL List to modify or redirect calls to the endpoint that provides the tokens.

  • true: Use custom login redirection mode.

    • The agent handles JWTs or SSO tokens as session tokens for authentication and authorization, and can can redirect login anywhere.

    • Use with AM Login URL List and Legacy Login URL List to modify or redirect calls.

During session upgrade, the format of the composite advice is as follows:

  • When both this property and Enable SSO Token Acceptance are true, the composite advice has the following format: ?authIndexType=composite_advice&authIndexValue=<Advices Value>

  • When either property is false, the composite advice has the following format: ?composite_advice=<Advices Value>

Property name

org.forgerock.agents.legacy.login.enabled

Aliases

org.forgerock.agents.legacy.login.enabled
  Introduced in Java Agent 5.6

org.forgerock.openam.agents.config.allow.custom.login
  Introduced in Java Agent 5.6
  Recognized from AM 7

Type

Boolean: true returns true; all other strings return false.

Default

false

Bootstrap property

No

Required property

No

Restart required

No

Local configuration file

AgentConfig.properties

AM console

Tab: AM Services (from AM 7)

Title: Enable Custom Login Mode

Legacy title: Allow Custom Login Mode

Copyright © 2010-2023 ForgeRock, all rights reserved.