Java Policy Agents 5.10

Client IP Validation Mode

For each authenticated request from a named web application, check that the IP address of the request satisfies one of the following acceptance criteria:

  • It originates from the IP address used for first authentication.

  • It has acceptable changes only, as mapped in Client IP Validation Address Map

  • If the web application is not named, check the the IP address globally, for all web applications.

Property name

org.forgerock.agents.original.ip.check.mode.map

Aliases

org.forgerock.agents.original.ip.check.mode.map
  Introduced in Java Agent 5.8.0
  Recognized from AM 7.1

Supported settings

OFF

IP address checking is disabled.

DENY

An "unacceptable" IP address change triggers an HTTP 403 response.

LOGOUT

An "unacceptable" IP address change causes the agent to invalidate the user token by calling the logout endpoint in AM and killing the user’s cookies.

Default

OFF

Bootstrap property

No

Required property

No

Restart required

No

Local configuration file

AgentConfig.properties

AM console

Tab: Application (from AM 7.1)

Title: Client IP Validation Mode

Copyright © 2010-2022 ForgeRock, all rights reserved.