Web Policy Agents 2023.3

AM Login URL

The URL of a custom login page to which the agent redirects users for authentication.

When redirecting incoming login requests to a custom login page, add the login page to Not-Enforced IP List or Not-Enforced URL List.

The login URL has the format URL[?realm=realm_name&parameter1=value1&…​], where:

  • URL is the custom SSO-token-compliant login page to where the agent redirects the unauthenticated users.

  • [?realm=realm_name?parameter1=/value1&…​] specifies optional parameters that the agent will pass to the custom login page, for example, the AM realm which the user should log into.

Specify as many parameters as your custom login pages require: https://login.example.com/login.jsp?realm=marketplace&param1=value1

You do not need to specify the realm in the login URL if any of the following conditions is true:

  • The custom login page itself sets the realm parameter, for example, because it lets the user chose it. In this case, you must ensure the custom login page always appends a realm parameter to the goto URL.

  • The realm where the agent must log the user to has DNS aliases configured in AM. AM will log in the user to the realm whose DNS alias matches the incoming request URL. For example, an inbound request from the http://marketplace.example.com URL logs into the marketplace realm if the realm alias is set to marketplace.example.com.

  • Users should always log in to the Top Level Realm.

Even if you specify the realm by default, this parameter can be overwritten by the custom login page if, for example, the user can chose the realm for authentication.

Default: AMURL/am/UI/Login

Property name

com.sun.identity.agents.config.login.url
  Introduced in Web Agent 4.x

Type

String Map

Bootstrap property

No

Required property

No

Restart required

No

AM console

Tab: AM Services

Title: AM Login URL

Copyright © 2010-2023 ForgeRock, all rights reserved.