AM 7.5.0

Secure network communication

It is extremely important to keep your AM instances safe from both internal and external attacks. This can be a challenge when you cannot control who connects to your instances.

For example, a client could send unprotected credentials in an HTTP Authorization header. Even if AM were to reject the request, the credentials would already be leaked to any eavesdroppers.

The best way to protect your environment is to enforce the use of secure HTTPS communication.

The following table summarizes best practices about network security in AM environments:

Task Resources

Enforce secure connections

Secure connections between AM and the rest of your platform, whether it is DS servers or your applications.

Use a reverse proxy

Configure AM behind a reverse proxy. This will protect AM against DoS attacks and restrict access to AM and its endpoints to networks you trust.

Configure CORS filters

Configure a CORS filter such that only your trusted clients and applications can make cross-domain calls to your AM instances.

Adjust AM’s cookie domain

Configure AM cookie domain so that AM communicates with the hosts in the required domains and sub-domains.

Learn about the CSRF protection filter for REST endpoints

By default, AM protects its /json endpoints using a header filter.

Copyright © 2010-2024 ForgeRock, all rights reserved.