Java Policy Agents 5.9.1

Client IP Validation Mode

For each authenticated request from a named web application, check that the IP address of the request satisfies one of the following acceptance criteria:

  • It originates from the IP address used for first authentication.

  • It has acceptable changes only, as mapped in Client IP Validation Address Map

  • If the web application is not named, check the the IP address globally, for all web applications.

Property name

org.forgerock.agents.original.ip.check.mode.map

Property aliases

org.forgerock.agents.original.ip.check.mode.map (since 5.8.0)

Supported settings

OFF

IP address checking is disabled.

DENY

An "unacceptable" IP address change triggers an HTTP 403 response.

LOGOUT

An "unacceptable" IP address change causes the agent to invalidate the user token by calling the logout endpoint in AM and killing the user’s cookies.

Default

OFF

Bootstrap property

No

Required property

No

Restart required

No

Local configuration file

AgentConfig.properties

AM console tab

Application

Copyright © 2010-2023 ForgeRock, all rights reserved.