[prev in list] [next in list] [prev in thread] [next in thread]
List: forgerock-openam
Subject: [OpenAM] Neophyte Question? How does a basic website get the user info?
From: brad.tumy () gmail ! com (Brad Tumy)
Date: 2013-12-24 13:56:57
Message-ID: 6AA65195-3558-41EA-873F-514BB5CE692E () gmail ! com
[Download RAW message or body]
Darrell,
You can pass the userid from OpenAM via the Agent to your application via header \
variables. Take a look at the documentation (Admin Guide I think) for Response \
Attributes or Session Attributes processing. Once your application has the userid \
(or some other unique identifier) you can replace your hard coded user with the \
dynamic variable.
OpenAM also supports the REST API (Dev Guide). Take a look at section 3.5 Token \
Validation, Attribute Retrieval.
With either of these options you will probably be able to query OpenAM for your \
user?s data instead of querying OpenDJ (which seems to me to be more desirable.)
Good Luck,
Brad Tumy
On Dec 24, 2013, at 6:34 AM, Darrell O'Donnell <darrell.odonnell at \
continuumloop.com> wrote:
> This is almost embarrassing, as I feel like I am missing some piece of information \
> that will make me say "duh!" and whack myself in the head.
> I have a very, very simple system that I am deploying. I have a basic website that \
> is comprised of the following (in Apache v2.2): UI - HTML, CSS, JavaScript sitting \
> in a largely static page but deployed under Apache via WSGI. Web Services - Python \
> backend that speaks to both OpenDJ and our own datastores, deployed in Apache via \
> WSGI. This service creates a very limited set of REST endpoints that are used by \
> the UI to do the operations it needs. Much of the information is stored in OpenDJ \
> (e.g. user information, organizational units). I can easily create a Policy Agent \
> to protect both the UI and the backend web services. The OpenAM UI works just fine \
> to get the user authenticated using the OpenAM login screen.
> Here is where I fall down though: I need to know who this user is. Once the user \
> has logged in I need to query through to OpenDJ (via the Python web services) to \
> get additional information about the user (e.g. user Display Name, what \
> organization they are part of, what key permissions do they have).
> I have the web services working just fine as a hard-coded user but I want to use \
> the user that is logged in - not my hard-coded user. To me this means either \
> impersonating (not ideal) the user via my hard-coded user account or passing them \
> in to OpenDJ as an authenticated user.
> Is there some kind of "Who am I?" query that I pass a session token \
> (iPlanetDirectoryPro SSO token for example) in to that will return the key \
> information that I need to connect through to OpenDJ.
> This feels like some existential "who am I?" kind of search, hence my \
> embarrassment!
> Hopefully this question makes sense. I really appreciate any help.
>
> cheers,
>
> Darrell
>
> --
> Darrell O'Donnell, P.Eng.
> a/CTO - MASAS National Implementation Team
> Multi-Agency Situational Awareness System (www.masas.ca)
> Special Advisor (under contract) to the Centre for Security Science (CSS), \
> Government of Canada +1.613.866.8904
> darrell.odonnell at continuumloop.com
>
> _______________________________________________
> OpenAM mailing list
> OpenAM at forgerock.org
> https://lists.forgerock.org/mailman/listinfo/openam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.forgerock.org/pipermail/openam/attachments/20131224/3c8f61ac/attachment.html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic