start with “docker run -it -p 8081:8081 -p 8082:8082 markboydcode/openam-v12-10” to map tomcat (8082) and apache (8081) to the same ports on host. You must hit openam with a domain of localhost.lds.org. See readme.txt in root of image for details.
As of this post the web agent doesn't enforce the configured set of policies. It should require authentication when going to http://localhost.lds.org:8081/secure/path and then allow the request through returning the headers.jsp page located in openam's root and showing the set of headers seen in the request by the server. But after authentication it returns a 403 forbidden. Still trying to figure that out.