Enforce Policies From ForgeRock Identity Cloud

This example sets up ForgeRock Identity Cloud as a policy decision point for requests processed by Java Agents. For more information about Java Agents, see the User Guide.

  1. Set up Identity Cloud:

    1. Install Identity Cloud with the default configuration in Example Installation for This Guide, as described in the ForgeRock Identity Cloud docs.

    2. Log in to the ForgeRock Identity Cloud as an administrator.

    3. Make sure that you are managing the alpha realm. If not, click the current realm at the top of the screen, and switch to the alpha realm.

    4. In the platform console, go to Identities > Manage > Alpha realm - Users, and add a new user with the following values:

      • Username : demo

      • First name : demo

      • Last name : user

      • Email Address : demo@example.com

      • Password : Ch4ng3!t

  2. Set up Access Management in Identity Cloud:

    1. Go to the alpha realm in the AM console:

      1. In the platform console, click Native Consoles > Access Management. The Access Management console is displayed.

      2. Make sure that you are managing the alpha realm. If not, click the current realm at the top of the screen, and switch to the alpha realm.

    2. Add a Java Agent:

      • Click Applications > Agents > Java, and add an agent with the following values:

      • On the AM Services tab, set the following values:

        • AM Conditional Login URL : |?realm=/alpha

          Note the | at the start of the URL.

        • Policy Evaluation Realm : /alpha

        • Policy Set : PEP

    3. Click Authorization > Policy Sets, and add a new policy set with the following values:

      • Id : PEP

      • Resource Types : URL

    4. In the policy set, add a policy with the following values:

      • Name : PEP-policy

      • Resource Type : URL

      • Resource pattern : ://:*/*

      • Resource value : ://:*/*

        This policy protects all web pages.

    5. On the Actions tab, add actions to allow HTTP GET and POST.

    6. On the Subjects tab, remove any default subject conditions, add a subject condition for all Authenticated Users.

  3. Set up Java Agents:

    1. Make sure that the server where you plan to install the agent is shut down.

    2. Create a text file for the agent password, and protect it. For example, use commands similar to these, changing the password value and path:

      • Unix

      • Windows

      $ cat > /tmp/pwd.txt
      password
      CTRL+D
      
      $ chmod 400 /tmp/pwd.txt
      C:> type > pwd.txt
      password
      CTRL+Z

      In Windows Explorer, right-click the password file, for example pwd.txt, select Read-Only, and then click OK.

    3. Using Installation Guide, install Java Agents with the following values:

    4. Start the Java Agent.

  4. Test the setup:

    1. Log out of Identity Cloud, and clear any cookies.

    2. Go to http://www.example.com:80/app. The Identity Cloud login page is displayed.

    3. Log in to Identity Cloud as user demo, password Ch4ng31t, to access the web page protected by the Java Agent.