Hi, We're starting a SSO project with a client that needs to integrate OAM with some third party web applications. These are custom Java EE apps for which we do not have access to the source code, nor can we make any modifications to the way they do authentication. Even though these apps run inside an application server (weblogic) they use a custom security implementation that the vendor will not modify under any circumstance. The authentication is done via a form with username and password fields.
So, what we would like to know is if there is any way in OAM of protecting the apps without touching the app security implementation. We need a way to present an OAM login page, capture the username and password, check the credentials from OAM and if allowed then post those credentials to the application form. Is this technically feasible using OAM? If so, Can you point us to any documentation where this is explained?
Regards. Franco.