OpenAM handles authentication and federation; hardening focuses on token, session, and admin controls.\n\n## SSO and Session Security\n\n- Enforce TLS and secure cookie settings.\n- Limit session lifetimes based on risk profile.\n- Require MFA for sensitive realms.\n\n## Admin and Realm Controls\n\n- Segment admin endpoints to management networks.\n- Apply least-privilege role assignment per realm.\n- Audit policy changes and privileged logins.