In Single Sign On (SSO), the cookie itself is the sole mode of validation for most systems.
With OpenAM, one can assign extra attributes to the session other than the cookie. Validation based on client IP addresses can be done as well. What this means is that, when the IP address changes of an user, the user has to login to OpenAM (or Relying Party/Service Provider ) again, since his session is no longer valid for the IP.
So this is how one would do this:
Go : Configuration -> Server & Sites -> Default server settings
Then to advanced:
Then add this property:
com.iplanet.am.clientIPCheckEnabled and set it to true
To read:
http://docs.oracle.com/cd/
References:
ForgeRock documentation about X-Forwarded-For
With OpenAM, one can assign extra attributes to the session other than the cookie. Validation based on client IP addresses can be done as well. What this means is that, when the IP address changes of an user, the user has to login to OpenAM (or Relying Party/Service Provider ) again, since his session is no longer valid for the IP.
So this is how one would do this:
Go : Configuration -> Server & Sites -> Default server settings
Then add this property:
com.iplanet.am.clientIPCheckEnabled and set it to true
To read:
http://docs.oracle.com/cd/
References:
ForgeRock documentation about X-Forwarded-For
No comments:
Post a Comment