Access Management 7.4.1

Configure external UMA stores

UMA stores can only be configured at the server level so that all realms in the environment can access them. The procedures in this section show you how to configure the stores across all instances in your environment.

Configure an UMA resource store

UMA resource stores inherit most of their properties from the defaults. For details, refer to Configuring Servers.

  1. In the AM admin UI, go to Configure > Server Defaults > UMA > UMA Resource Store.

    • In the Store Mode field, choose External Token Store.

    • In the Root Suffix field, enter the base DN of the store. For example, dc=uma-resources,dc=example,dc=com.

    • Save your work.

  2. Go to Configure > Server Defaults > UMA > External UMA Resource Store Configuration.

    • Enter the properties for the store.

      For information about the available settings, refer to UMA Properties.

    • Save your work.

Configure an UMA audit store

UMA audit stores inherit most of their configuration properties from the defaults. For details, refer to Configuring Servers.

  1. In the AM admin UI, go to Configure > Server Defaults > UMA > UMA Audit Store.

    • From the Store Mode drop-down list, choose External Token Store.

    • In the Root Suffix field, enter the base DN of the store.

      For example, dc=uma-audit,dc=example,dc=com.

    • Save your work.

  2. Go to Configure > Server Defaults > UMA > External UMA Audit Store Configuration.

    • Enter the properties for the store.

      For information about the available settings, refer to UMA Properties.

    • Save your work.

Configure an UMA pending requests store

UMA pending requests stores inherit most of their configuration properties from the defaults. For details, refer to Configuring Servers.

  1. Go to Configure > Server Defaults > UMA > Pending Requests Store.

    • From the Store Mode drop-down list, choose External Token Store.

    • In the Root Suffix field, enter the base DN of the store.

      For example, dc=uma-pending,dc=example,dc=com.

    • Save your work.

  2. Go to Configure > Server Defaults > UMA > External Pending Requests Store Configuration.

    • Enter the properties for the store.

      For information about the available settings, refer to UMA Properties.

    • Save your work.

Configure an UMA resource labels store

UMA resource labels stores inherit most of their configuration properties from the defaults. For details, refer to Configuring Servers.

  1. In the AM admin UI, go to Configure > Server Defaults > UMA > UMA Resource Labels Store.

    • From the Store Mode drop-down list, choose External Token Store.

    • In the Root Suffix field, enter the base DN of the store.

      For example, dc=uma-labels,dc=example,dc=com.

    • Save your work.

  2. Go to Configure > Server Defaults > UMA > External UMA Resource Labels Store Configuration.

    • Enter the properties for the store.

      For information about the available settings, refer to UMA Properties.

    • Save your work.

Authenticate to an UMA store using mTLS

By default, AM authenticates to external UMA stores using simple (username/password) authentication. To enhance security, you can configure mutual TLS (mTLS) authentication which lets AM authenticate using a trusted certificate.

For details, refer to Secure authentication to data stores.

Copyright © 2010-2024 ForgeRock, all rights reserved.