Web Policy Agents 2023.6

Not-Enforced Fallback Mode

A flag to specify whether the agent allows traffic to resources specified in the not-enforced lists when AM is not available:

  • true: While AM is unavailable, the agent reads the cached agent profile configuration until it expires. After the cache expires, reads the local configuration file (agent.conf). If not-enforced properties are configured in agent.conf, the agent allows access to the not-enforced resources. However, response attributes for not-enforced resources are not available until AM is accessible.

  • false: When AM is unavailable, the web agent prevents access to all resources, including any not-enforced resources.

Configure the following properties in agent.conf, even if the agent profile is in centralized configuration:

  • com.forgerock.agents.config.fallback.mode = true

  • com.sun.identity.agents.config.notenforced.url.attributes.enable = true

  • com.sun.identity.agents.config.notenforced.url.invert = false

  • com.sun.identity.agents.config.notenforced.url[0] = http://agenttest.example.com/index.html

Default: false

Property name

com.forgerock.agents.config.fallback.mode
  Introduced in Web Agent 4.x

Function

Not-enforced

Type

Boolean: true returns true; all other strings return false.

Bootstrap property

Yes

Required property

No

Restart required

No

AM console

Tab: Application

Title: Not-Enforced Fallback Mode

Copyright © 2010-2023 ForgeRock, all rights reserved.