[Openam] Auto sign in to the other OpenAM server

池凱琳/Kalin Chih kalinchih at gmail.com
Fri Nov 19 19:25:38 GMT 2010


Hi,

My company have 2 business units and they have different customers.
So we decide to host 2 IdPs for the 2 business units.

However, a group of customers are shared by the 2 business units.
And both sides have the account mapping table.
So if an account exists in the account mapping table (customer in both
sides).
Is it possible that when the user has signed in a IdP, this IdP will auto
sign in the other IdP?

I assume this is a SP initiated SSO and will indicate that we want to send
the authentication request to the IdP.
After the IdP authentication, the IdP will check the account mapping table.
If the account does not exist in the account mapping table, the IdP (IdP A)
will return to the SP.
If the account exists in the account mapping table, the IdP (IdP A) will
play a SP role to auto sign in the other IdP (IdP B).

I know it's a very complex scenario.
Is it possible to use OpenAM/OpenSSO to implement this scenario?

I appreciate any feedback and advice.

Kalin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.forgerock.org/pipermail/openam/attachments/20101120/83c26d14/attachment.html>


More information about the OpenAM mailing list