I was recently responsible for installation & configuration of OpenAM. We use it at one of the project to provide cross-domain Single Sign On (CDSSO). At first it seemed to be a complex but relatively straightforward task but as it came out later on, it can give you a serious headache when you try to achieve smth different than default.
Below is the short summary of pros & cons:
- It's a quite mature solution that is built upon its ancestor OpenSSO
- Experienced users can benefit from its reach configuration options
- Built-in support for multiple user data stores (LDAP, db, ...).
- Out-of-the-box support for SAML2 protocol
- Portability (100% java)
- Built-in support for multi-instance configuration (for Load Balancing)
- Very poor documentation - most of the information about the product installation and configuration is available at the Wiki page in form of short, informal articles. Most of the useful information you find on the old OpenSSO specification pages hosted by Sun so you can never be sure if that info is still relevant with the latest version of OpenAM.
- No community - there is actually no real community of people using that solution. This means there is no fora you can search for advise. There is only an oldschool mailing list with very limited usability
- Not that flexible - although quite complex configuration is available sometimes I felt limited, especially when trying to implement smth different than defualt e.g. custom login screens.
Be aware that doing anything different than default may require some custom tweaks or not even be possible. If you plan to implement something that is not described in basic tutorials consider other solution first.
If you want to use SAML 2.0 functionality offered by OpenAM I would recommend you to read my tutorial on how to achieve IdP initiated SSO and Identity Federation with OpenAM and SAML.
Here are some links to other useful resources: