1.1. OpenAM Web-Based Console

After you install OpenAM, login to the web-based console as OpenAM Administrator, amadmin with the password you set during installation. Navigate to a URL such as http://openam.example.com:8080/openam. In this case, communications proceed over the HTTP protocol to a FQDN (openam.example.com), over a standard Java EE web container port number (8080), to a specific deployment URI (/openam).

How the console looks to amadmin

[D]

When you login as the OpenAM Administrator, amadmin, you have access to the complete OpenAM console. In addition, OpenAM has set a cookie in your browser that lasts until the session expires, you logout, or you close your browser.[1]

When you login to the OpenAM console as a non-administrative end user, you do not have access to the administrative console. Your access is limited to a configuration page with your account information.

How the console looks to an end user

[D]

If you configure OpenAM to grant administrative capabilities to another user, then that user also sees the console after login. For instance, the OpenAM Administrator granted Kirsten Vaughan privileges to administer the OpenAM Top Level Realm. (This can be done through the console under Access Control > / (Top Level Realm) > Privileges. Kirsten has authorization to read and write policy properties and configured policy agent properties.) When Kirsten logs in, she sees only part of the console capabilities.[2]

How the console looks to an administrator

[D]

[1] Persistent cookies can remain valid when you close your browser. This section reflects OpenAM default behavior before you configure additional functionality.

[2] For more on delegated administration, see the chapter covering realms.