Request authorization from AM
When you have configured AM to determine whether to grant or deny access based on your configured policies, you must configure policy enforcement points (PEPs) to use AM.
The ForgeRock Identity Platform provides the following PEPs:
- Web agents and Java agents
-
Add-on components installed on the web server or container that serves your applications. The web and Java agents are tightly integrated with AM and serve exclusively as PEPs.
For more information, refer to Policy enforcement in the ForgeRock web agents documentation, or to Policy enforcement in the ForgeRock Java agents documentation.
- ForgeRock Identity Gateway
-
A high-performance reverse proxy server that can also function as a PEP.
For more information, refer to Policy enforcement in the ForgeRock Identity Gateway documentation.
The ForgeRock Identity Platform PEPs intercept inbound client requests to access resources in your website or application. Based on internal rules, the PEPs can defer requests to AM for policy evaluation. Because they are tightly integrated with AM, you do not need additional code to request policy evaluation or to manage advices.
ForgeRock recommends you use the ForgeRock Identity Platform PEPs; however, you can code your own and make REST calls to AM to request policy evaluation.
Related information: Request policy decisions over REST