Java Agents 2024.3

Enable SSO Token Acceptance

Set this property as follows:

  • true: Accept SSO tokens. Use this option when the agent and the token issuer are in the same domain, and for web applications and APIs where the backend accepts user information from SSO tokens.

  • false: Do not accept SSO tokens; require OIDC JWTs for authentication.

During session upgrade the format of the composite advice is as follows:

  • When both this property and Enable Custom Login Mode are true, the composite advice has the following format: ?authIndexType=composite_advice&authIndexValue=<Advices Value>

  • When either property is false, the composite advice has the following format: ?composite_advice=<Advices Value>

Property name

org.forgerock.agents.accept.sso.tokens.enabled

Aliases

org.forgerock.agents.accept.sso.tokens.enabled
  Introduced in Java Agent 5.7.1
  Recognized from AM 7.1

org.forgerock.agents.accept.sso.tokens
  Introduced in Java Agent 5.7.1

com.forgerock.agents.accept.sso.tokens
  Introduced in Java Agent 5.7.1

Function

Custom login redirect, Login redirect, SSO cookie handling

Type

Boolean: true returns true; all other strings return false.

Default

false

Bootstrap property

No

Required property

No

Restart required

No

Local configuration file

AgentConfig.properties

AM console

Tab: SSO (from AM 7.1)

Title: Enable SSO Token Acceptance

Legacy title: Accept SSO Tokens