Agent Profile ID Allow List

The claims to validate in the ID token containing the end user’s session:

  • 0: Validate the aud and nonce claim.

  • 1: Validate the nonce claim; don’t validate the aud claim.

A comma-separated list of profile IDs that the agent considers as valid values for the aud claim. This claim is represented in the ID token containing the end user’s session.

When several agents are configured with different agent profiles to protect the same application, set this property to a list of the agent profiles that are protecting the same application.

With the following setting, the agent considers agentprofile1 and agentprofile2 to be valid, and does not validate them: com.forgerock.agents.jwt.aud.whitelist=agentprofile1,agentprofile2

Default: Empty

Property name

com.forgerock.agents.jwt.aud.whitelist

Property aliases

com.forgerock.agents.jwt.aud.whitelist (since 5.7)

Type

String

Bootstrap property

No

Required property

No

Restart required

No

AM console tab

Global