Skip to content
/ OpenAM-JEE-Agents Public

OpenAM-JEE-Agents are open-source agents for Java EE applications that enforce access policies, enable secure single sign-on, authentication, and authorization, and integrate with OpenAM to protect resources in enterprise Java environments.

License

View license
6 stars 13 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

OpenIdentityPlatform/OpenAM-JEE-Agents

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

210 Commits
.github
.github
 
 
jee-agents-distribution
jee-agents-distribution
 
 
jee-agents-sdk
jee-agents-sdk
 
 
legal
legal
 
 
.gitignore
.gitignore
 
 
LICENSE.MD
LICENSE.MD
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

OpenAM Java EE Policy Agents

Latest release Build Deploy Issues Last commit License Top language Code size in bytes

OpenAM Java EE Policy Agents is an OpenAM add-on component that functions as a Policy Enforcement Point (PEP) for applications deployed on a Java EE-based servlet container or application server. The policy agent protects web-based applications and implements single sign-on (SSO) capabilities for the applications deployed in the container.

License

This project is licensed under the Common Development and Distribution License (CDDL).

Downloads

Java 11+ required

How-to build

git clone https://github.com/OpenIdentityPlatform/OpenAM-JEE-Agents.git
mvn install -f OpenAM-JEE-Agents

Quick Start

Assume you have created an agent in your OpenAM instance. If not, create one as described in the documentation.

Distribution Files

Put the contents of any distribution into your container classpath folder. Add a declaration of the Agent filter to the container's xml file: For example, for Apache Tomcat it is web.xml, for Eclipse Jetty - webdefault.xml

<filter>
    <filter-name>Agent</filter-name>
    <filter-class>com.sun.identity.agents.filter.AmAgentFilter</filter-class>
    <init-param>
        <param-name>com.iplanet.am.naming.url</param-name>
        <param-value>http://openam.example.org:8080/openam/namingservice</param-value>
    </init-param>
    <init-param>
        <param-name>com.sun.identity.agents.app.username</param-name>
        <param-value>amadmin</param-value>
    </init-param>
    <init-param>
        <param-name>com.iplanet.am.service.secret</param-name>
        <param-value>AQIC5wM2LY4SfcwrWIPia7mlGbsTreZGLWhi</param-value>
    </init-param>
    <init-param>
        <param-name>cam.encryption.pwd</param-name>
        <param-value>KmhUnWR1MYWDYW4xuqdF5nbm+CXIyOVt</param-value>
    </init-param>
    <init-param>
       <param-name>com.sun.identity.agents.config.profilename</param-name>
       <param-value>myAgent</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>Agent</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Set system properties for the filter

Property Description
com.iplanet.am.naming.url Set this to the naming service URL(s) used for naming lookups in OpenAM. Separate multiple URLs with single space characters. Example: http://openam.example.org:8080/openam/namingservice
com.sun.identity.agents.app.username Set this to the OpenAM user, who has access to read the agent properties, for example, amadmin
com.iplanet.am.service.secret OpenAM user's password
am.encryption.pwd When using an encrypted password, set this to the encryption key used to encrypt the agent profile password. If blank, the password is unencrypted.
com.sun.identity.agents.config.profilename Agent name, for example: myAgent

Alternatively, you can set up the agent properties as init filter parameters.

You can also create the OpenSSOAgentBootstrap.properties file with the agent properties and put it into your web container classpath directory.

More info about J2EE agent parameters can be found in the documentation.

Maven Dependency

You can use the Agent filter in your Java project as a Maven dependency when running, for example , an embedded web container. Include the Agent dependency in your pom.xml file:

<dependency>
    <groupId>org.openidentityplatform.openam.agents</groupId>
    <artifactId>jee-agents-sdk</artifactId>
    <version>5.0.0</version>
</dependency>

Then, add filter to your embedded web container, for example, Eclipse Jetty:

Server jetty = new Server(8081);
ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
context.setContextPath("/");
FilterHolder filterHolder = new FilterHolder(AmAgentFilter.class);
filterHolder.setInitParameter("com.iplanet.am.naming.url", "http://openam.example.org:8080/openam/namingservice");
filterHolder.setInitParameter("com.sun.identity.agents.app.username", "amadmin");
filterHolder.setInitParameter("com.iplanet.am.service.secret", "passw0rd");
filterHolder.setInitParameter("com.sun.identity.agents.config.profilename", "myAgent");

context.addFilter(filterHolder, "/*", EnumSet.of(DispatcherType.REQUEST));
jetty.setHandler(context);

Support and Mailing List Information

Contributing

Please, make Pull request

Thanks for OpenAM Java Policy Agent 🥰

  • Sun Access Manager
  • Sun OpenSSO
  • Oracle OpenSSO
  • Forgerock OpenAM

About

OpenAM-JEE-Agents are open-source agents for Java EE applications that enforce access policies, enable secure single sign-on, authentication, and authorization, and integrate with OpenAM to protect resources in enterprise Java environments.

Topics

open-source tomcat jetty sso openam sso-client

Resources

Readme

License

View license

Security policy

Security policy
Activity
Custom properties

Stars

6 stars

Watchers

5 watching

Forks

13 forks
Report repository

Releases 12

5.0.1 Latest
Nov 11, 2025
+ 11 releases

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 6

Languages