Web Policy Agents 5.9.1

Not-Enforced Fallback Mode

A flag to specify whether the agent allows traffic to resources specified in the not-enforced lists when AM is not available:

  • true: While AM is unavailable, the agent reads the cached agent profile configuration until it expires. After the cache expires, reads the local configuration file (agent.conf). If not-enforced properties are configured in agent.conf, the agent allows access to the not-enforced resources. However, response attributes for not-enforced resources are not available until AM is accessible.

  • false: When AM is unavailable, the web agent prevents access to all resources, including any not-enforced resources.

Configure the following properties in agent.conf, even if the agent profile is in centralized configuration:

  • com.forgerock.agents.config.fallback.mode = true

  • com.sun.identity.agents.config.notenforced.url.attributes.enable = true

  • com.sun.identity.agents.config.notenforced.url.invert = false

  • com.sun.identity.agents.config.notenforced.url[0] = http://agenttest.example.com/index.html

Default: false

Property name

com.forgerock.agents.config.fallback.mode

Property aliases

com.forgerock.agents.config.fallback.mode (since 4.x)

Type

Boolean: true returns true; all other strings return false.

Bootstrap property

Yes

Required property

No

Restart required

No

AM console tab

Application

Copyright © 2010-2023 ForgeRock, all rights reserved.