FAQ: Distributed Authentication Service (DAS) in OpenAM

Last updated Jan 5, 2021

The purpose of this FAQ is to provide answers to commonly asked questions regarding the Distributed Authentication Service (DAS) in OpenAM. This information applies to OpenAM 12.x and earlier as DAS was deprecated in OpenAM 13.

1 reader recommends this article


This article has been archived and is no longer maintained by ForgeRock.

Frequently asked questions

Q. What is the status of DAS in OpenAM 13?

A. DAS is deprecated in OpenAM 13 and has been removed from the product bundle. See The status of the Distributed Authentication Service (DAS) in OpenAM 13 for further information on what this means for your OpenAM deployment.

Q. Does DAS validate goto URLs?

A. Yes, as of OpenAM 11.0.3, DAS supports goto whitelisting and can therefore validate goto URLs against a valid goto URL resources list.

See How do I configure a list of valid goto URL resources in AM 5.x, 6.0.0.x, 6.5.0.x, 6.5.1 and 6.5.2.x? for further information.

Q. Does DAS use HTTP persistent connections (keep-alive)?

A. Yes, OpenAM does implement HTTP persistent connections on the DAS.

Q. Can I use the OAuth authentication module with DAS?

A. No, you cannot since the OAuth authentication module is not included in the DAS.

Q. Does DAS support SAML authentication?

A. No, DAS is an OpenAM authentication protocol proxy and not an HTTP reverse-proxy; this means it cannot handle SAML related protocol messages.

Q. How do I customize the DAS Login page?

A. You should follow the procedures detailed in OpenAM Installation Guide › Customizing the OpenAM End User Pages but apply the changes to the DAS end user pages located in the /path/to/tomcat/webapps/OpenAM-DistAuth-12.0.0/config/auth/default directory (for OpenAM 12.0.0) where OpenAM is deployed.

Ensure the realms used have a Realm/DNS alias for the DAS configured in OpenAM under Access Control > Realm Name > General.

See FAQ: Customizing, branding and localizing end user pages in the OpenAM Classic UI for further information on customizing end user pages.

Q. Can I do a health check on DAS using isAlive.jsp?

A. No, isAlive.jsp checks the configuration store, which DAS does not have; therefore, isAlive.jsp is excluded from the DAS war file.

See Also

How do I configure HTTPOnly and Secure cookies for DAS in OpenAM 11.x and 12.x?

Error when HTTPOnly is enabled for DAS in OpenAM 11.x and 12.x

OpenAM Installation Guide › Installing OpenAM Distributed Authentication

OpenAM Administration Guide › Securing OpenAM › Protecting Network Access

Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.