Web Policy Agents 5.10.2

Enforce policies from Identity Cloud

This example sets up ForgeRock Identity Cloud as a policy decision point for requests processed by Web Agents. For more information about Web Agents, see the User guide.

Before you start, use the Installation guide to install a Web Agent with the following values:

  • AM server URL: https://tenant.forgeblocks.com:443/am

  • Agent URL: http://agent.example.com:80

  • Agent profile name: web-agent

  • Agent profile realm: /alpha

  • Agent profile password: /tmp/pwd.txt

  1. Using the ForgeRock Identity Cloud Docs, log in to Identity Cloud as an administrator.

  2. Make sure that you are managing the alpha realm. If not, switch realms.

  3. Add a user profile with the following values:

    • Username : demo

    • First name : demo

    • Last name : user

    • Email Address : demo@example.com

    • Password : Ch4ng3!t

  4. Add a Web Agent profile:

    1. Go to Gateways & Agents > New Gateway/Agent, and a Web Agent with the following values:

      • Agent ID: web-agent

      • Password: password

      • Application URL:`\http://agent.example.com:80`

    2. Click Done

  5. Add a policy set and policy:

    1. On the agent profile page, make sure that Use Policy Authorization is selected.

    2. Go to Policy Set > Add. The AM UI is displayed, on the New Policy Set page.

    3. Add a policy set with the following values:

      • Id : PEP

      • Resource Types : URL

    4. In the policy set, add a policy with the following values:

      • Name : PEP-policy

      • Resource Type : URL

      • Resource pattern : *://*:*/*

      • Resource value : *://*:*/*

    5. On the Actions tab, add actions to allow HTTP GET and POST.

    6. On the Subjects tab, remove any default subject conditions, add a subject condition for all Authenticated Users.

  6. Assign the new policy set to the agent profile:

    1. Return to the agent profile page on the Identity Cloud Admin UI, and refresh the page.

    2. In Policy Set, select PEP to assign the PEP policy set to the agent profile.

  7. Test the setup:

    1. Log out of Identity Cloud, and clear any cookies.

    2. Go to http://agent.example.com:80. The Identity Cloud login page is displayed.

    3. Log in to Identity Cloud as user demo, password Ch4ng3!t, to access the web page protected by the Web Agent.

Copyright © 2010-2023 ForgeRock, all rights reserved.