> For the complete documentation index, see [llms.txt](https://book.konstantinsecurity.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://book.konstantinsecurity.com/readme/architect/identity-and-access-management-idm/sso/openam.md). # OpenAM ## OpenAM [30845478](https://gitlab.com/johnmkane/tech-recipe-book/-/blob/main/Book/Architect/Identity%20and%20Access%20Management%20\(IDM\)/SSO/OpenAM/OpenAM/30845478/README.md) ## [OpenAM](https://github.com/OpenIdentityPlatform/OpenAM) If you have multiple sites and applications in your company, probably you need to provide seamless authentication to all of them. So when user logged in at one of your sites once, he does not need to enter his credentials on other sites. So, OpenAM can help you to solve all this issues. Key features of OpenAM are: * **Authentication** - OpenAM ships with more than 20 authentication modules, which you can use to customize your authentication process. Also, you can customize sequence of authentication modules, to provide multi-factor or adaptive authentication. * **Authorization** - OpenAM can also manage authorization, so you can restrict access to desired resources according to different authorization policies. * **Identity Provider** - OpenAM can act as an Identity Provider, using SAML, OAuth 2.0 or OpenID Connect 1. So, your clients can develop their own applications or websites and authenticate via OpenAM like they authenticate via Facebook or Google. * **Single Sign On** - after single authentication, user gets access to all resources protected by OpenAM. So, there is no need to authenticate at other services. * **High Performance and Clusterization** - To enable high availability for large-scale and mission-critical deployments, OpenAM provides both system failover and session failover. These two key features help to ensure that no single point of failure exists in the deployment, and that the OpenAM service is always available to end-users. Redundant OpenAM servers, policy agents, and load balancers prevent a single point of failure. Session failover ensures the user’s session continues uninterrupted, and no user data is lost. * **Extensibility** - OpenAM allows to extend just any functionality, from authentication modules to user data source. Besides, it supports UI customization to create separate end-user pages with personal branding. * **Developer SDK** - OpenAM ships with Java SDK, which allows to interact with authorization API, authentication API, manage accounts and so on… * **Security** - As OpenAM is open source, it allows community and clients test it for possible vulnerabilities, and do PEN tests. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://book.konstantinsecurity.com/readme/architect/identity-and-access-management-idm/sso/openam.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.