OpenAM lets you protect your application, adding authentication and authorization. When you protect a web application running in a supported web server, for example, you can set everything up without actually touching your application. Okay, we gulped the marketing Kool-aid. We can even install OpenAM. But how does one get started protecting a web site?
It turns out that Sam Drew wrote a short, sweet tutorial on how to get started with OpenAM that he called, Add Authentication to a Website using OpenAM. He tells me he did it after coming to ForgeRock when he was first learning about OpenAM. As you follow along, you see the pieces of the OpenAM puzzle coming together clearly: core OpenAM services connected to an OpenDJ identity store to hold user data; an agent installed as an Apache web server plugin to manage the connection with core OpenAM services, and to manage the redirections to login and logout pages; access policy configured in OpenAM to allow users to access URLs on Apache when they have authenticated to OpenAM.
In order to complete the tutorial, you need to be able to configure your network with a couple of hosts, and potentially set up Apache web server. I only have one physical system here (this laptop), so I tried it with a couple of VirtualBox guests running on host-only network, all hosts sharing their names and IP addresses through /etc/hosts entries. Nice work, Sam.