Java Agents 2024.11

Convert SSO Tokens Into OIDC JWTs

For each incoming request, the agent looks for an OIDC JWT in the cookie named by JWT Cookie Name. Set this property as follows:

  • true: Use this value to allow users to access resources protected with systems that continue to use SSO tokens, and to use the default login redirection mode.

    • If the agent does not find a JWT in the cookie, the agent looks for an SSO token in the iPDP cookie defined during AM installation. During agent startup, the agent retrieves the name of this cookie from AM.

    • If the agent finds an SSO token in the iPDP cookie, it makes a request to AM to convert the SSO token into an OIDC JWT.

    • The agent caches the SSO token, so that if it is presented in another incoming request, the agent substitutes the JWT without making a request to AM.

    • If the agent does not find either token, authentication fails. The user can only access resources that are available through not-enforced rules.

  • false: Do not convert SSO tokens into OIDC JWTs.

Property name

org.forgerock.agents.accept.ipdp.cookie

Aliases

com.forgerock.agents.accept.ipdp.cookie
  Introduced in Java Agent 5.6
  Recognized from AM 7

org.forgerock.agents.accept.ipdp.cookie.enabled
  Introduced in Java Agent 5.7

org.forgerock.agents.exchange.ipdp.cookie.enabled
  Introduced in Java Agent 2024.9

Function

SSO cookie handling

Type

Boolean: true returns true; all other strings return false.

Default

false

Bootstrap property

No

Required property

No

Restart required

No

Local configuration file

AgentConfig.properties

AM console

Tab: SSO (from AM 7)

Title: Convert SSO Tokens Into OIDC JWTs

Legacy title: Convert SSO Tokens into OpenID Connect JWTs

Copyright © 2010-2024 ForgeRock, all rights reserved.