Store OpenAM session attributes to cookie

From my understanding user session info for OpenAM only can be access by Session API. And we need to use post-auth plugin to extract those info and insert to cookie.

By question is: - Without using post-auth plugin, is that a way to configure OpenAM (via UI) return specific user session attribute(s) (eg. AuthType) to it's cookie?

Thanks

Solution

OpenAM policy agents can store session attributes to cookies or headers (see realm -> access control -> Agents -> Your agent -> application).

The other option would be to use OAuth flows (Open Identity Connect) - which can present user attributes in a JWT token as part of the authentication process. Your client would have to decode the JWT token and extract the attributes.

An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
Freshly configured OpenAm console hangs when attempted to login
Traefik Proxy update response cookies SameSite to None
Setting Client_Secret white fetching tokens using ForgeRock Javascript SDK
Authentication and getting attributes using componentspace SAML library with ForgeRock backend in .NET core
OpenAM tries to serve mixed content which is prohibited by browser
OpenAM ITfoxtec Saml2 invalid signature response?
OAuth2 authorization code flow: spring-security does not accept the issued access_token
Issue Building OpenAM from source
How to make OpenAM to return jwt-token with simple username and password authentication
Is it possible to authenticate against a Keycloak's Identity Provider (OpenAM) without using the Login screen?
Differences between SP initiated SSO and IDP initiated SSO
How to create a web policy agent in OpenAM given that the server URL has a not fully qualified hostname?
OpenAM: Web Policy Agent login to OpenAM fails
OpenAM auth chain that allows login for Administrative users only?
OpenAM - SAML, Auto federation and Self Service Password Reset
How To Configure openam SAML2 service provider to use NameID Format unspecified
OpenAM change url
Pingfederate kerberos authentication is authenticating any user from any domain
How OpenAM verify SAML response coming from IDP
OpenAM Relation between sign the SAML Response & Assertion
OpenAM SAML2 Transient Federation and Persistent Federation
OpenAM JEE Policy Agents 3.5 & 5.x
OpenAm how to redirect to template in callback (proceess method)
Passing RelayState between PingFederate(IDP) OpenAM (SP) with Sp-initiated sso
OpenAM, Not found error, then reload works
How to get header attributes in OpenAM?
Forgerock - Forgeops - util - building with RHEL?
OpenAM - Getting a Session attribute into an OpenID Connect claim
Configure nodejs as SP with passport-saml and OpenAM as IDP