Wednesday, August 27, 2014

OpenAM RESTful APIs and Cross-Domain Single Sign-On

While reading the OpenAM Mailing list this morning, a community member has the following requirement:

  1. A few PHP applications to be SSO-ed
  2. Cannot redirect to OpenAM Login Page for authentication, which implies
  • Cannot use Policy Agent
  • Can only use OpenAM RESTful APIs

I thought that simple requirement. But he followed by asking: "Is there any way to do CDSSO with REST API without use of Policy Agent ?"


I blogged something like this before - OpenAM RESTful Services.

I think he mis-understood the concept slightly - CDSSO (cookie-based) vs RESTful APIs.

… if one is to use RESTful Web Services, please do not work with cookie. Make it a pure RESTful experience!


No comments:

Post a Comment