- About Authorization and Policy Decisions
- Configuring Policies
- Policies (REST)
- Querying Policies
- Reading a Specific Policy
- Creating Policies
- Updating Policies
- Deleting Policies
- Copying and Moving Policies
- Managing Environment Condition Types
- Managing Subject Condition Types
- Managing Subject Attributes
- Managing Decision Combiners
- Policies (REST)
- Configuring Resource Types
- Configuring Policy Sets
- Importing and Exporting Policies
- Requesting Authorization from AM
- Transactional Authorization
- Dynamic OAuth 2.0 Authorization
- Customizing Policy Evaluation With a Plug-In
- Scripting a Policy Condition
Requesting Authorization from AM
Once you have configured AM to determine whether to grant or deny access based on the policies you created, you must configure your policy enforcement points (PEP) to use AM.
The ForgeRock Identity Platform provides the following PEPs:
Web Agents and Java Agents, which are add-on components installed on the web server or container serving your applications. They are tightly integrated with AM, and serve exclusively as policy enforcement points.
ForgeRock Identity Gateway, which is a high-performance reverse proxy server that can also function as a policy enforcement point.
For more information, see the ForgeRock Identity Gateway Getting Started Guide.
The ForgeRock Identity Platform PEP's intercept inbound client requests to access a resource in your web site or application. Then, based on internal rules, they may defer the request to AM for policy evaluation. Since they are tightly integrated with AM, you do not need to add additional code to request policy evaluation or manage advices.
We recommend that you use the ForgeRock Identity Platform PEP's. However, you can code your own and make REST calls to AM to request policy evaluation.