Prepare for installation
For information about installing Web Agent, refer to the Installation. This section summarizes considerations for using the agent with Identity Cloud:
-
Configure Identity Cloud and set up a policy before you install the agent. When you configure the agent in the Identity Cloud admin UI, you can select the policy.
-
For environments with load balancers or reverse proxies, consider the communication between the agent and the Identity Cloud servers, and between the agent and the client. Do one of the following:
-
Configure the environment before you install the agent.
-
Install the agent using agentadmin --s --forceInstall to prevent the agent from trying to connect to Identity Cloud before installation.
-
Example installation for this guide
Unless otherwise stated, the examples in this guide assume the following installation:
-
AM server URL:
https://tenant.forgeblocks.com:443/am
-
Agent URL:
http://agent.example.com:80
-
Agent profile name:
web-agent
-
Agent profile realm:
/alpha
-
Agent profile password:
/secure-directory/pwd.txt
Add a demo user in Identity Cloud
Add a user so you can test the examples in this guide.
-
In the Identity Cloud admin UI, select Identities > Manage > Alpha realm - Users.
-
Add a new user with the following values:
-
Username :
demo
-
First name :
demo
-
Last name :
user
-
Email Address :
demo@example.com
-
Password :
Ch4ng3!t
-
Create a policy set and policy in Identity Cloud
-
In the Identity Cloud admin UI, select Native Consoles > Access Management. The AM admin UI is displayed.
-
In the AM admin UI, select Authorization > Policy Sets > New Policy Set, and add a policy set with the following values:
-
Id :
PEP
-
Resource Types :
URL
-
-
In the policy set, add a policy with the following values:
-
Name :
PEP-policy
-
Resource Type :
URL
-
Resource pattern :
*://*:*/*
-
Resource value :
*://*:*/*
-
-
On the Actions tab, add actions to allow HTTP
GET
andPOST
. -
On the Subjects tab, remove any default subject conditions, add a subject condition for all
Authenticated Users
.
Create an agent profile in Identity Cloud
-
In the Identity Cloud admin UI, go to Gateways & Agents > New Gateway/Agent, and add a Web Agent with the following values:
-
Agent ID :
web-agent
-
Password :
password
-
Application URL :
http://agent.example.com:80
-
-
Click Save Profile and Done.
-
On the agent profile page, select Use Policy Authorization, select a policy set to assign to the profile, and then click Save.
If a suitable policy set isn’t available, select Edit advanced settings to edit or create one.