Table of Contents

Modules - OpenAM authentication [openam]

The module enables Single-Sign-On and authentication against OpenAM for CzechIdM. It also provides REST endpoint for retrieving users' OpenAM attributes, e.g. uid, dn, destinationindicator.

Authentication process

If the OpenAM authentication is successful, the user gets OpenAM token. This token is set to the cookie for the current domain. If users credentials are not correct or if they don't exist in OpenAM at all, they can still authenticate by standard CzechIdM authentication (local authentication).

SSO

When unauthenticated users come to CzechIdM and have the cookie with OpenAM token, the value of the token is validated against OpenAM. If the token is valid, the filter retrieves the user's login from OpenAM attributes and logs them in.

Read more

Admin tutorials

Admin guide

Devel tutorials