Web Policy Agents 2023.11

Prepare for installation

For information about installing Web Agent, refer to the Installation. This section summarizes considerations for using the agent with Identity Cloud:

  • Configure Identity Cloud and set up a policy before you install the agent. When you configure the agent in the Identity Cloud admin UI, you can select the policy.

  • For environments with load balancers or reverse proxies, consider the communication between the agent and the Identity Cloud servers, and between the agent and the client. Do one of the following:

    • Configure the environment before you install the agent.

    • Install the agent using agentadmin --s --forceInstall to prevent the agent from trying to connect to Identity Cloud before installation.

Example installation for this guide

Unless otherwise stated, the examples in this guide assume the following installation:

  • AM server URL: https://tenant.forgeblocks.com:443/am

  • Agent URL: http://agent.example.com:80

  • Agent profile name: web-agent

  • Agent profile realm: /alpha

  • Agent profile password: /secure-directory/pwd.txt

Add a demo user in Identity Cloud

Add a user so you can test the examples in this guide.

  1. In the Identity Cloud admin UI, select group Identities > Manage > settings_system_daydream Alpha realm - Users.

  2. Add a new user with the following values:

    • Username : demo

    • First name : demo

    • Last name : user

    • Email Address : demo@example.com

    • Password : Ch4ng3!t

Create a policy set and policy in Identity Cloud

  1. In the Identity Cloud admin UI, select open_in_new Native Consoles > Access Management. The AM admin UI is displayed.

  2. In the AM admin UI, select Authorization > Policy Sets > New Policy Set, and add a policy set with the following values:

    • Id : PEP

    • Resource Types : URL

  3. In the policy set, add a policy with the following values:

    • Name : PEP-policy

    • Resource Type : URL

    • Resource pattern : *://*:*/*

    • Resource value : *://*:*/*

  4. On the Actions tab, add actions to allow HTTP GET and POST.

  5. On the Subjects tab, remove any default subject conditions, add a subject condition for all Authenticated Users.

Create an agent profile in Identity Cloud

  1. In the Identity Cloud admin UI, go to verified_user Gateways & Agents > New Gateway/Agent, and add a Web Agent with the following values:

    • Agent ID : web-agent

    • Password : password

    • Application URL : http://agent.example.com:80

  2. Click Save Profile and Done.

  3. On the agent profile page, select Use Policy Authorization, select a policy set to assign to the profile, and then click Save.

    If a suitable policy set isn’t available, select Edit advanced settings to edit or create one.

Copyright © 2010-2023 ForgeRock, all rights reserved.