README.md

September 18, 2025 · View on GitHub

OpenAM Java EE Policy Agents

OpenAM Java EE Policy Agents is an OpenAM add-on component that functions as a Policy Enforcement Point (PEP) for applications deployed on a Java EE-based servlet container or application server. The policy agent protects web-based applications and implements single sign-on (SSO) capabilities for the applications deployed in the container.

License

This project is licensed under the Common Development and Distribution License (CDDL).

Downloads

OpenAM JavaEE Policy Agent (JAR With Libraries ZIP) (All OS)
OpenAM Java Policy Agent (Uber JAR) (All OS)

Java 11+ required

How-to build

git clone https://github.com/OpenIdentityPlatform/OpenAM-JEE-Agents.git
mvn install -f OpenAM-JEE-Agents

Quick Start

Assume you have created an agent in your OpenAM instance. If not, create one as described in the documentation.

Distribution Files

Put the contents of any distribution into your container classpath folder. Add a declaration of the Agent filter to the container's xml file: For example, for Apache Tomcat it is web.xml, for Eclipse Jetty - webdefault.xml

<filter>
    <filter-name>Agent</filter-name>
    <filter-class>com.sun.identity.agents.filter.AmAgentFilter</filter-class>
    <init-param>
        <param-name>com.iplanet.am.naming.url</param-name>
        <param-value>http://openam.example.org:8080/openam/namingservice</param-value>
    </init-param>
    <init-param>
        <param-name>com.sun.identity.agents.app.username</param-name>
        <param-value>amadmin</param-value>
    </init-param>
    <init-param>
        <param-name>com.iplanet.am.service.secret</param-name>
        <param-value>AQIC5wM2LY4SfcwrWIPia7mlGbsTreZGLWhi</param-value>
    </init-param>
    <init-param>
        <param-name>cam.encryption.pwd</param-name>
        <param-value>KmhUnWR1MYWDYW4xuqdF5nbm+CXIyOVt</param-value>
    </init-param>
    <init-param>
       <param-name>com.sun.identity.agents.config.profilename</param-name>
       <param-value>myAgent</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>Agent</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Set system properties for the filter

Property	Description
com.iplanet.am.naming.url	Set this to the naming service URL(s) used for naming lookups in OpenAM. Separate multiple URLs with single space characters. Example: http://openam.example.org:8080/openam/namingservice
com.sun.identity.agents.app.username	Set this to the OpenAM user, who has access to read the agent properties, for example, `amadmin`
com.iplanet.am.service.secret	OpenAM user's password
am.encryption.pwd	When using an encrypted password, set this to the encryption key used to encrypt the agent profile password. If blank, the password is unencrypted.
com.sun.identity.agents.config.profilename	Agent name, for example: `myAgent`

Alternatively, you can set up the agent properties as init filter parameters.

You can also create the OpenSSOAgentBootstrap.properties file with the agent properties and put it into your web container classpath directory.

More info about J2EE agent parameters can be found in the documentation.

Maven Dependency

You can use the Agent filter in your Java project as a Maven dependency when running, for example , an embedded web container. Include the Agent dependency in your pom.xml file:

<dependency>
    <groupId>org.openidentityplatform.openam.agents</groupId>
    <artifactId>jee-agents-sdk</artifactId>
    <version>5.0.0</version>
</dependency>

Then, add filter to your embedded web container, for example, Eclipse Jetty:

Server jetty = new Server(8081);
ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
context.setContextPath("/");
FilterHolder filterHolder = new FilterHolder(AmAgentFilter.class);
filterHolder.setInitParameter("com.iplanet.am.naming.url", "http://openam.example.org:8080/openam/namingservice");
filterHolder.setInitParameter("com.sun.identity.agents.app.username", "amadmin");
filterHolder.setInitParameter("com.iplanet.am.service.secret", "passw0rd");
filterHolder.setInitParameter("com.sun.identity.agents.config.profilename", "myAgent");

context.addFilter(filterHolder, "/*", EnumSet.of(DispatcherType.REQUEST));
jetty.setHandler(context);

Support and Mailing List Information

OpenAM Java Policy Agent Community documentation
OpenAM Java Policy Agent Community discussions
OpenAM Java Policy Agent Community issues
OpenAM Java Policy Agent commercial support

Contributing

Please, make Pull request

Thanks for OpenAM Java Policy Agent 🥰

Sun Access Manager
Sun OpenSSO
Oracle OpenSSO
Forgerock OpenAM