Java Policy Agents 5.10.1

OAuth Login URL List

Use this property in the default configuration (where Enable Custom Login Mode is false and AM Login URL List is empty).

Conditionally redirect unauthenticated requests based on the requested URL.

If the incoming request URL matches a domain name in this list, the agent redirects the unauthenticated request to the specified URL for login. The URL can be an AM instance, site, or a different website.

If Enable FQDN Checking is true, the agent iterates through the list of URLs until it finds an appropriate redirect URL that matches the FQDN check values. Otherwise, the agent redirects the user to the URL configured in the conditional redirect rules.

During the redirect, the agent appends the goto parameter configured in Goto Parameter Name, and a nonce parameter, to the agent’s CDSSO endpoint.

Format, with no spaces between values:

[Domain/path]|[URL?realm=value&parameter1=value1…​]

Domain/path

The incoming request URL:

  • Domain: For example, example.com. The agent must match the domain and its subdomains. For example, example.com matches mydomain.example.com and www.example.com. Domains can also include path information, for example, example.com/market, but cannot specify ports.

  • Subdomain: For example, mydomain.example.com. The agent match the domain, the subdomain, and any sub-subdomain. For example, mydomain.example.com matches true.mydomain.example.com. Subdomains can include path information, for example, mydomain.example.com/s6ecure, but cannot specify ports.

  • Path: For example, /myapp.

  • No value: Nothing is specified before the | character and the rule applies to every incoming request.

URL

The URL to which redirect incoming login requests. The URL may be an AM instance, an AM site, or a website other than AM.

Specify a URL in the format protocol://FQDN[:port]/URI, where the port is optional if it is 80 or 443. For example:

https://myweb.example.com/authApp/login.jsp

https://am.example.com:8443/openam/XUI/#login/

https://am.example.com:8443/openam/customlogin/login.jsp

If the redirection URL is not specified, the agent redirects the request to the AM instance or site specified by the following bootstrap properties:

org.forgerock.agents.am.protocol://org.forgerock.agents.am.hostname:org.forgerock.agents.am.port/org.forgerock.agents.am.path

?realm=value

The AM realm into which the agent logs the users. For example, ?realm=marketplace.

When redirecting to AM’s XUI, use an ampersand (&) instead of a question mark (?). For example, https://am.example.com:8443/openam/XUI/#login/&realm=marketplace.

You do not need to specify the realm in the login URL if any of the following conditions is true:

  • The custom login page itself sets the realm parameter, for example, because it lets the user choose it. In this case, you must ensure the custom login page always returns a realm parameter to the agent.

  • The realm that the agent is logging the user into has DNS aliases configured in AM.

  • AM logs the user into the realm whose DNS alias matches the incoming request URL. For example, an inbound request from the http://marketplace.example.com URL logs in the marketplace realm if the realm alias is set to marketplace.example.com.

  • The users should always log in to the Top Level Realm.

&parameter1=value1

Parameters that can be added to the URL. Add as many parameters as your custom login pages need. Chain parameters with an ampersand (&), for example, realm=value&parameter1=value1&parameter2=value2.

Examples

org.forgerock.agents.oauth.login.url.list[0]= thisdomain.com|?realm=blue

org.forgerock.agents.oauth.login.url.list[1]= thatdomain.net|?realm=red

org.forgerock.agents.oauth.login.url.list[2]= thatdomain.net/that/path|?realm=grey

Property name

org.forgerock.agents.oauth.login.url.list

Aliases

org.forgerock.agents.oauth.login.url.list
  Introduced in Java Agent 5.6

org.forgerock.openam.agents.config.conditional.login.url
  Introduced in Java Agent 5.6
  Recognized from AM 6

Type

List

Bootstrap property

No

Required property

No

Restart required

No

Local configuration file

AgentConfig.properties

AM console

Tab: AM Services

Title: OAuth Login URL List

Legacy title: AM Conditional Login URL

Copyright © 2010-2022 ForgeRock, all rights reserved.