Initiating Realm Authentication with the Login URL
To initiate authentication for a member of a particular realm, append the domain=realm-name parameter or the realm=realm-name parameter to the base login URL as in:
http://OpenSSO-machine-name.domain:port/opensso/UI/Login?realm=sun |
Note –
If there is no defined parameter, the realm will be determined from the server host and domain specified in the login URL. The base login URL will initiate authentication for the top level realm without the realm parameter.
The realm of a request for authentication is determined from the following, in order of precedence:
-
The domain parameter.
-
The realm parameter.
-
The value of the Realm/DNS Alias Names attribute.
After calling the correct realm, the authentication module(s) to which the user will authenticate are retrieved from the Default Authentication Chain attribute or the Administrator Authentication Chain attribute.
Caution – If User1 is authenticated to realmA and then tries to access realmB, a warning page is displayed that asks the user to authenticate to realmB with the authentication process specified for realmB, or return to the existing authenticated session with realmA. If the user chooses to authenticate to realmB, only the values of the realm and module (if specified) parameters are passed and honored for determining the new authentication process.
- © 2010, Oracle Corporation and/or its affiliates