Most of the documentation around designing an Authentication solution using OpenAM recommends the usage of either Web Server Policy Agent or Java EE Policy Agent.
I am looking for alternatives where I don’t need to use a policy agent. This would help me to avoid the maintenance e.g. upgrades etc related to policy agents that would be installed in hundreds of my web servers in the farm.
One obvious solution is to implement similar functionality of ‘session evaluation’ as part of my application code.
Are there any other alternatives available where in OpenAM can be used in agentless mode.
PS: By Session Evaluation I mean the feature that validates if a session is in progress and accordingly allows the access to protected resource or initiates the authentication process by redirecting to OpenAM.
Thanks and Regards
You are effectively proposing writing your own agent, and embedding it into your project. There is nothing wrong with this, just be aware of what you are doing.
I would start by taking apart one of the other OpenAM agents and decide how much you can leverage. If you can't leverage what's there, take a look at the REST API, where they have some decent examples.