Securing REST APIS using OpenAM 12.0 J2EE Policy Agents

0
votes

I am new to OpenAM and trying to secure my webservices using OpenAM. I have installed J2EE policy agents using below information in the link.

https://wikis.forgerock.org/confluence/display/openam/Installing+Tomcat+6.0+Policy+Agent

I need to provide security for my REST APIs. So where should we need to configure the REST APIs in the OpenAM console.

Please provide me some links where i get some information.

1
securityopenamrest-security

1 Answers

1
votes

OpenAM policy agents are the OpenAM proprietary way to achieve (Web)SSO and authorizations. You could configure URL policies as described in the docs https://backstage.forgerock.com/#!/docs/openam/13/admin-guide#chap-authz-policy, however the REST client must obtain an SSOToken and send this along when accessing the REST service.

You could also use OAuth2 which would be a standards-based approach.