Accept SSO Token

A flag for whether the agent accepts SSO tokens and ID tokens as session cookies:

  • 0. The agent does not accept SSO tokens as session cookies.

  • 1. The agent accepts both SSO tokens and ID tokens as session tokens during the login flow, and afterwards. SSO tokens are not converted to ID tokens. Set this property to 1 only for environments migrating from earlier versions of the agent, in the following scenarios:

    • Your custom login pages use SSO tokens as session tokens, and Enable Custom Login Mode is set to 2.

    • Your applications, for example, REST or JavaScript clients, can only set SSO tokens.

The SSO token name is given by Cookie Name.

If the agent receives a request with both an SSO token and an ID token, it checks the ID token first. If invalid, it checks the SSO token. If both are invalid, the agent redirects the user for authentication.

The agent caches session information for SSO tokens.

Configure this property with Enable Custom Login Mode, as described in Login Redirect Configuration Options.

This property requires AM 6 or later versions.

Default: 0

Property name

com.forgerock.agents.accept.sso.token

Property aliases

com.forgerock.agents.accept.sso.token (since 5.7)

Type

Integer

Bootstrap property

No

Required property

No

Restart required

No

AM console tab

SSO (Available in the console from AM 6.5)