Web Policy Agents 2024.6

Accept SSO Token

A flag for whether the agent accepts SSO tokens and ID tokens as session cookies:

  • 0. The agent does not accept SSO tokens as session cookies.

  • 1. The agent accepts both SSO tokens and ID tokens as session tokens during the login flow, and afterwards. SSO tokens are not converted to ID tokens. Set this property to 1 only for environments migrating from earlier versions of the agent, in the following scenarios:

    • Your custom login pages use SSO tokens as session tokens, and Enable Custom Login Mode is set to 2.

    • Your applications, for example, REST or JavaScript clients, can only set SSO tokens.

The SSO token name is given by Cookie Name.

If the agent receives a request with both an SSO token and an ID token, it checks the ID token first. If invalid, it checks the SSO token. If both are invalid, the agent redirects the user for authentication.

The agent caches session information for SSO tokens.

Configure this property with Enable Custom Login Mode, as described in Login redirect configuration options in the User Guide.

Default: 0

Property name

  Introduced in Web Agent 5.7





Bootstrap property


Required property


Restart required


AM console

Tab: SSO

Title: Accept SSO Token

Copyright © 2010-2024 ForgeRock, all rights reserved.