Java Agents 2024.3

Strategy when AM unavailable

When Autonomous mode is false, this property defines the strategy to use when AM becomes unavailable at runtime (for example, due to network errors).

Default: EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503

Property name

org.forgerock.agents.strategy.when.am.unavailable

Aliases

org.forgerock.agents.strategy.when.am.unavailable
  Introduced in Java Agent 5.9.0

Function

Agent

Supported settings

IMMEDIATE_403

When AM is unavailable, immediately return HTTP 403 for every request

IMMEDIATE_503

When AM is unavailable, immediately return HTTP 503 for every request

EVAL_NER_ELSE_403

When AM is unavailable, match incoming requests against not-enforced rules. Grant access to matched resources. Return HTTP 403 for all other requests.

EVAL_NER_ELSE_503

When AM is unavailable, match incoming requests against not-enforced rules. Grant access to matched resources. Return HTTP 503 for all other requests.

EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_403

When AM is unavailable, match incoming requests against not-enforced rules. Resolve unmatched requests against the cache. Return HTTP 403 for requests that don’t match the cache result. Cached entries expire naturally. After the interval defined in "Policy Cache TTL" (org.forgerock.agents.policy.cache.ttl.minutes), this becomes exactly like EVAL_NER_ELSE_403.

EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503

When AM is unavailable, match incoming requests against not-enforced rules. Resolve unmatched requests against the cache. Return HTTP 503 for requests that don’t match the cache result. Cached entries expire naturally. After the interval defined in "Policy Cache TTL" (org.forgerock.agents.policy.cache.ttl.minutes), this becomes exactly like EVAL_NER_ELSE_503.

EVAL_NER_CACHE_INDEFINITELY_ELSE_403

As soon as AM becomes unavailable, freeze values in the agent caches and preserve them indefinitely. Match incoming requests against not-enforced rules. Resolve unmatched requests against the frozen cache. Return HTTP 403 for requests that don’t match the cache result.

EVAL_NER_CACHE_INDEFINITELY_ELSE_503

As soon as AM becomes unavailable, freeze values in the agent caches and preserve them indefinitely. Match incoming requests against not-enforced rules. Resolve unmatched requests against the frozen cache. Return HTTP 503 for requests that don’t match the cache result.

Default

EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503

Bootstrap property

Yes

Required property

No

Restart required

No

Local configuration file

AgentBootstrap.properties

Copyright © 2010-2024 ForgeRock, all rights reserved.