Latest update: 7.1.4
- Overview
- Introducing Authentication
- Configuring AM for Authentication
- Authentication Nodes and Trees
- Authentication Modules and Chains
- About Authentication Levels for Chains
- Configuring Authentication Chains
- Login Session Timeouts for Chains
- Implementing Post-Authentication Plugins
- Customizing Authentication Chains
- Configuring Success and Failure Redirection URLs
- Configuring Realm Authentication Properties
- Authenticating (Browser)
- Authenticating (REST)
- Single Sign-On
- Social Authentication
- Suspended Authentication
- MFA: Web Authentication (WebAuthn)
- MFA: Push Authentication
- MFA: Open AuTHentication (OATH)
- Managing Devices for MFA
- Reference
- Core Authentication Attributes
- Supported Callbacks
- Authenticate Endpoint Parameters
- Authentication Nodes Configuration Reference
- Basic Authentication Nodes
- Multi-Factor Authentication Nodes
- Get Authenticator App Node
- HOTP Generator Node
- MFA Registration Options Node
- OATH Registration Node
- OATH Token Verifier Node
- Opt-out Multi-Factor Authentication Node
- OTP Collector Decision Node
- OTP Email Sender Node
- OTP SMS Sender Node
- Push Registration Node
- Push Result Verifier Node
- Push Sender Node
- Recovery Code Collector Decision Node
- Recovery Code Display Node
- WebAuthn Authentication Node
- WebAuthn Device Storage Node
- WebAuthn Registration Node
- Risk Management Authentication Nodes
- Behavioral Authentication Nodes
- Contextual Authentication Nodes
- Certificate Collector Node
- Certificate Validation Node
- Certificate User Extractor Node
- Cookie Presence Decision Node
- Device Profile Collector
- Device Match
- Device Profile Save
- Device Profile Location Match
- Device Geofencing
- Device Tampering Verification
- Persistent Cookie Decision Node
- Set Persistent Cookie Node
- Federation Authentication Nodes
- Identity Management Authentication Nodes
- Accept Terms and Conditions Node
- Anonymous User Mapping Node
- Anonymous Session Upgrade Node
- Attribute Collector Node
- Attribute Present Decision Node
- Attribute Value Decision Node
- Create Object Node
- Create Password Node
- Consent Collector Node
- Display Username Node
- Identify Existing User Node
- KBA Decision Node
- KBA Definition Node
- KBA Verification Node
- Patch Object Node
- Platform Password Node
- Platform Username Node
- Profile Completeness Decision Node
- Query Filter Decision Node
- Required Attributes Present Node
- Select Identity Provider Node
- Terms and Conditions Decision Node
- Time Since Decision Node
- Utility Authentication Nodes
- Agent Data Store Decision Node
- Choice Collector Node
- Email Suspend Node
- Email Template Node
- Failure URL Node
- Get Session Data Node
- Inner Tree Evaluator Node
- Message Node
- Meter Node
- Page Node
- Polling Wait Node
- Register Logout Webhook Node
- Remove Session Properties Node
- Retry Limit Decision Node
- Scripted Decision Node
- Set Session Properties Node
- State Metadata Node
- Success URL Node
- Timer Start Node
- Timer Stop Node
- Thing Authentication Nodes
- Scripted Decision Node API Functionality
- Authentication Module Properties
- Active Directory Module Properties
- Adaptive Risk Authentication Module Properties
- Amster Authentication Module Properties
- Anonymous Authentication Module Properties
- Certificate Authentication Module Properties
- Data Store Authentication Module Properties
- Device ID (Match) Authentication Module Properties
- Device ID (Save) Authentication Module Properties
- Federation Authentication Module Properties
- ForgeRock Authenticator (OATH) Authentication Module Properties
- ForgeRock Authenticator (Push) Authentication Module Properties
- ForgeRock Authenticator (Push) Registration Authentication Module Properties
- HOTP Authentication Module Properties
- HTTP Basic Authentication Module Properties
- JDBC Authentication Module Properties
- LDAP Authentication Module Properties
- Legacy OAuth 2.0/OpenID Connect Authentication Module Properties
- MSISDN Authentication Module Properties
- OATH Authentication Module Properties
- OpenID Connect id_token bearer Authentication Module Properties
- Persistent Cookie Authentication Module Properties
- RADIUS Authentication Module Properties
- SAE Authentication Module Properties
- SAML2 Authentication Module Properties
- Scripted Authentication Module Properties
- SecurID Authentication Module Properties
- Social Authentication Module Properties - Instagram
- Social Authentication Module Properties - OAuth 2.0
- Social Authentication Module Properties - OpenID Connect 1.0
- Social Authentication Module Properties - VKontakte
- Social Authentication Module Properties - WeChat
- Social Authentication Module Properties - WeChat Mobile
- Windows Desktop SSO Authentication Module Properties
- Authentication Modules Configuration Reference
- Account Active Check Module
- Active Directory Authentication Module
- Adaptive Risk Authentication Module
- Amster Authentication Module
- Anonymous Authentication Module
- Certificate Authentication Module
- Data Store Authentication Module
- Device ID (Match) Authentication Module
- Device ID (Save) Module
- Federation Authentication Module
- ForgeRock Authenticator (OATH) Authentication Module
- ForgeRock Authenticator (Push) Authentication Module
- ForgeRock Authenticator (Push) Registration Authentication Module
- HOTP Authentication Module
- HTTP Basic Authentication Module
- JDBC Authentication Module
- LDAP Authentication Module
- Legacy OAuth 2.0/OpenID Connect Authentication Module
- MSISDN Authentication Module
- OATH Authentication Module
- OpenID Connect id_token bearer Module
- Persistent Cookie Module
- RADIUS Authentication Module
- SAE Authentication Module
- SAML2 Authentication Module
- Scripted Authentication Module
- SecurID Authentication Module
- Social Authentication Modules
- Windows Desktop SSO Authentication Module
- Scripted Module API Functionality
- Glossary
Authenticating (REST)
AM provides the /json/authenticate endpoint for authentication, and the /json/sessions endpoint for managing sessions and logging out.
The following table summarizes authentication operations you can perform using REST:
| Task | Resources |
|---|---|
| Authenticate to AM Authenticating to AM means logging in to a specific realm and receiving a session token from AM. Add parameters to the authentication request to provide AM with more information about how you want to authenticate. | See "Logging in to AM Using REST" |
| Use the Session Token AM provides you with a session token after authenticating to a realm. Use this token in subsequent calls to AM. For example, when using REST calls to create, modify, or delete configuration objects. | See "Using the Session Token After Authentication" |
| Log Out of AM Log out your users by sending a | See "Logging out of AM Using REST" |
| Invalidate Sessions Obtain all the sessions for a given user and invalidate them to ensure they are logged out of AM. | See "Invalidating All Sessions for a Given User" |