How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I configure a Java Agent (All versions) for SSL offloading?

Last updated Jan 11, 2023

The purpose of this article is to provide guidance on configuring a Java Agent for SSL offloading to ensure the agent can redirect to the URL in the goto parameter successfully, even if this parameter uses protocol http instead of https.

1 reader recommends this article

Configuring an Agent for SSL offloading

You can configure a Java Agent for SSL offloading using either the AM admin UI or ssoadm:

  • AM admin UI: navigate to: Realms > [Realm Name] > Applications > Agents > Java > [Agent ID] > Advanced > Alternate Agent URL > Alternative Agent Protocol and enter the required protocol (http or https).
  • ssoadm: enter the following command: $ ./ssoadm update-agent -e [realmname] -b [agentname] -u [adminID] -f [passwordfile] -a com.sun.identity.agents.config.agent.protocol=[protocol]replacing [realmname], [agentname], [adminID], [passwordfile] and [protocol] with appropriate values.

When this is specified, the protocol part of the incoming request is overridden with the one specified here.


You should specify this property if the agent sits behind an SSL/TLS offloader, a load balancer or a proxy, and the protocol used by users is different to the protocol used by the agent.


For example, with the following settings:

Load balancer URL= com.sun.identity.agents.config.agent.protocol=https

When a request is received, the agent overrides the protocol part of the incoming URL (http) with the protocol specified in com.sun.identity.agents.config.agent.protocol (https) and uses this for the goto parameter.

See Also

How do I configure a Web Agent (All versions) for SSL offloading?

How do I configure SSL offloading at the Agent (All versions) for virtual hosts?

FAQ: SSL/TLS secured connections in AM and Agents

Agents and policies in AM

Configure load balancers and reverse proxies

Override protocol, host, and port

Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.