SDK
ForgeRock Identity Platform
Does not apply to Identity Cloud

Transactional Authorization and Environment Setup

Last updated Mar 10, 2021

This article contains information about Transactional Authorization (also known as Step Up Authentication), which is supported by the JavaScript® SDK with IG as the gateway protecting your resource server.


2 readers recommend this article

Transactional Authorization and Environment Setup

The JavaScript SDK supports Transactional Authorization (also known as Step Up Authentication) with IG as the gateway protecting your resource server, and when directly interacting with a RESTful resource server. But, due to browser security requirements (more specifically CORS ), there are limitations to be aware of when using IG. How you have IG set up and hosted in respect to AM within your environments will impact the SDK’s support of this feature.

As long as IG and AM are hosted under the same origin – which is the scheme, domain, (subdomains included) and port – the SDK will support transactional authorization. The reason for this is the redirect that the SDK has to follow from IG to AM when IG is enforcing additional login according to a policy. This redirect cannot be from one origin (for example, https://IG.example.com) to a different origin (for example, https://AM.example.com), which is referred to as an external redirect . If the origins are different, the request will fail CORS.

This limitation does not apply to RESTful resource servers with which the SDK interacts directly, as long as the server responds with the JSON sent to it by AM. When the SDK detects this JSON response from the resource, it constructs its own request to AM separately, which will not be blocked by CORS.



Copyright and TrademarksCopyright © 2021 ForgeRock, all rights reserved.
Loading...