Integration
Native Integrations
https://backstage.forgerock.com/docs/openam-web-policy-agents/5.9/user-guide/about.html | https://backstage.forgerock.com/docs/openam-jee-policy-agents/5.9/user-guide/about.html | |
---|---|---|
Web Agent is an Access Management add-on component that operates as a Policy Enforcement Point (PEP) or policy agent for applications deployed on a Java container. Web Agents intercept inbound requests to applications. Depending on the filter mode configuration, Web Agents interact with AM to:
| Java Agent is an Access Management add-on component that operates as a Policy Enforcement Point (PEP) or policy agent for web applications deployed on a Java container. Java Agents intercept inbound requests to web applications. Depending on the filter mode configuration, Java Agents interact with AM to:
| Use the Token Validation Microservice in service-to-service deployments to validate OAuth 2.0 access_tokens. The following figure illustrates a group of Secured Microservices in a container, representing a business service such as ordering, billing, or registration. |
Add-On Integrations
These integration use-cases are for 3rd party or closed-source modules
https://backstage.forgerock.com/docs/ig/7.1/gateway-guide/about.html | |
---|---|
IG processes HTTP requests and responses by passing them through user-defined chains of filters and handlers. The filters and handlers provide access to the request and response at each step in the chain, and make it possible to alter the request or response, and collect contextual information. E.g. Use IG with AM’s password capture and replay to bring SSO to legacy web applications, without the need to edit, upgrade, or recode. This feature helps you to integrate legacy web applications with other applications using the same user identity. The following figure illustrates the flow of requests when an unauthenticated user accesses a protected application. After authenticating with AM, the user is logged into the application with the username and password from the AM login session. | Use Microgateway with business microservices to separate the security concerns of your applications from their business logic. For example, use Microgateway with the ForgeRock Token Validation Microservice to provide access_token validation at the edge of your namespace. |
Documentation
Documentation Root Pages
Identity Cloud (IC)
Identity Platform and Modules (mostly for OnPrem installations but some docs have NOT been merged into the IC docs above)
API, SDK
https://backstage.forgerock.com/docs/idcloud-am/latest/REST-guide/rest-endpoints.html
https://backstage.forgerock.com/docs/idcloud-am/latest/authentication-guide/authn-rest.html
https://backstage.forgerock.com/docs/idcloud-am/latest/authorization-guide/rest-api-authz-policy-decisions.html
https://backstage.forgerock.com/docs/am/7.1/authorization-guide/rest-api-authz-policy-decisions.htmlhttps://backstage.forgerock.com/docs/idcloud-am/latest/oauth2-guide/oauth2-client-endpoints.html
https://backstage.forgerock.com/docs/idcloud-am/latest/oauth2-guide/oauth2-admin-endpoints.html
https://backstage.forgerock.com/docs/idcloud-am/latest/oidc1-guide/oidc-client-endpoints.html
https://backstage.forgerock.com/knowledge/kb/book/b93241706/cover
https://backstage.forgerock.com/docs/am/7.1/REST-guide/index.html
Postman collections
Authentication Extension / Customization
https://backstage.forgerock.com/docs/am/7.1/auth-nodes/index.html
Node implementation example (Twilio)
https://backstage.forgerock.com/docs/idcloud-am/latest/authentication-guide/scripting-api-node.html
Webhooks
https://backstage.forgerock.com/docs/idcloud/latest/uis/debug-enduser-journeys.html
Authorization Extension / Customization
https://backstage.forgerock.com/docs/idcloud-am/latest/authorization-guide/scripted-policy-condition.html
https://backstage.forgerock.com/docs/am/7.1/authorization-guide/scripted-policy-condition.html
Special Auth Topics
https://backstage.forgerock.com/docs/idcloud-am/latest/oauth2-guide/oauth2-implementing-flows.html
https://backstage.forgerock.com/docs/am/7.1/oauth2-guide/oauth2-implementing-flows.htmlhttps://backstage.forgerock.com/docs/idcloud-am/latest/sessions-guide/session-upgrade.html
https://backstage.forgerock.com/docs/am/7.1/sessions-guide/session-upgrade.htmlhttps://backstage.forgerock.com/docs/idcloud-am/latest/authorization-guide/transactional-authorization.html
https://backstage.forgerock.com/docs/am/7.1/authorization-guide/transactional-authorization.html
https://sdks.forgerock.com/how-to/how-to-perform-transactional-authorization/https://backstage.forgerock.com/docs/idcloud-am/latest/authentication-guide/authn-suspended.html
https://sdks.forgerock.com/how-to/how-to-suspend-authentication/
Special Configuration
Change the attribute used to retrieve the user profile: https://backstage.forgerock.com/docs/idcloud-am/latest/oauth2-guide/oauth2-configure-authz.html#change-user-profile-attr-oauth2
Other Info Sources
Login and Forgerock (Jago authentication flows) by Andre Laksmana (Unlicensed)
Attachments:
image-20220401-153356.png (image/png)
image-20220401-162426.png (image/png)
image-20220426-051202.png (image/png)
image-20220426-045523.png (image/png)