Keep administration of access management services separate from management of the services themselves.
-
Create realms for your organization(s) and separate administrative users from end users. For instructions, see Configuring Realms. You must then either:
-
Use the
realm=query string parameter when redirecting users to OpenAM, which gives you a way to isolate the URLs used by an application.realm-name -
Create fully qualified domain name realm/DNS aliases, and use them to control access to the realms.
-
-
When customizing
config/auth/default*/Login.jsp, make sure that you do not introduce any security vulnerabilities such as cross-site scripting due to unvalidated input. -
Create a policy agent profile for each policy agent. See Configuring Policy Agent Profiles for instructions.
