Thursday, June 26, 2014

OpenAM 12.0.0 enhanced features - SFO, Persistence Cookie, Policy Support

As I spend most of my time interacting with customers, I understand their daily technical challenges (especially security concerns). I am glad there are 3 enhanced features to OpenAM 12.0.0.

OpenAM 12.0.0 should be released end of this year.


Session failover across Sites. OpenAM now allows session failover across OpenAM Sites. In order to take advantage of this capability, you must make sure that the underlying Core Token Service replicates session data across your OpenAM Sites.

==> Current restriction to multiple sites is sessions are never shared. This enhancement is good as there are indeed some valid use cases to share sessions across sites. At least, I have encountered few such scenarios in customers' environment.

Persistent Cookie from Client IP Issued. The Persistent Cookie module has been enhanced to enforce that the persistent cookie can only be used from the same client IP to which the cookie was issued.

==> Big relief. I'm always been asked: "What if someone steal the saved cookie from one PC and replay on another?"

Policy Support for Common HTTP Operations. OpenAM policies now let you allow and deny not only HTTP GET and HTTP POST, but also HTTP DELETE, HEAD, OPTIONS, PATCH, and PUT (OPENAM-336).

==> Yes, besides GET and POST, the rest of the HTTP operations are getting popular these days. 


No comments:

Post a Comment