Java Policy Agents 5.10.1

Enable Custom Login Mode

Set the login redirection mode, as follows:

  • false: Use default login redirection mode. The agent can redirect requests to any AM instance supporting the /oauth2/authorize endpoint - by default, the AM instance specified during installation.

The /oauth2/authorize endpoint returns an OIDC ID token, and this is the only response the agent accepts.

Use with OAuth Login URL List to modify or redirect calls to the endpoint which provides the tokens.

  • true: Use custom login redirection mode. The agent handles JWTs or SSO tokens as session tokens for authentication and authorization, and can can redirect login anywhere.

Use with AM Login URL List and Legacy Login URL List to modify or redirect calls.

During session upgrade, the format of the composite advice is as follows:

  • When both this property and Enable SSO Token Acceptance are true, the composite advice has the following format: ?authIndexType=composite_advice&authIndexValue=<Advices Value>

  • When either property is false, the composite advice has the following format: ?composite_advice=<Advices Value>

Property name

org.forgerock.agents.legacy.login.enabled

Aliases

org.forgerock.agents.legacy.login.enabled
  Introduced in Java Agent 5.6

org.forgerock.openam.agents.config.allow.custom.login
  Introduced in Java Agent 5.6
  Recognized from AM 7

Type

Boolean: true returns true; all other strings return false.

Default

false

Bootstrap property

No

Required property

No

Restart required

No

Local configuration file

AgentConfig.properties

AM console

Tab: AM Services (from AM 7)

Title: Enable Custom Login Mode

Legacy title: Allow Custom Login Mode

Copyright © 2010-2022 ForgeRock, all rights reserved.