ForgeRock Identity Platform
Does not apply to Identity Cloud

Agents and policies in AM

This book provides information on agents and their use in AM. It includes chapters on SSL and policies.

Printer friendly view

Table of Contents

  • 1 What versions of Agents are compatible with AM?
  • 2 How do I check that an Agent (All versions) can connect to AM?
  • 3 How do I set up a monitoring page for the load balancer in front of Web Agents (All versions) for health checks?
  • 4 How does Post Data Preservation work for Web Agents (All versions)?
  • 5 How do I silently remove a Web Agent (All versions)?
  • 6 Installation
    • 6.1 How do I migrate from JAAS to an identity-centric security model in Java Agents 5.x?
    • 6.2 Best practice for installing IIS Web Agents (All versions)
  • 7 Configuration
    • 7.1 How do I export configuration details for the Agent (All versions)?
    • 7.2 How do I create and update an Agent in AM (All versions) using the REST API?
    • 7.3 How do I configure Agents (All versions) to authenticate users against a specific realm, tree or authentication module in AM?
    • 7.4 How do I create an Agent that inherits group settings using ssoadm in AM (All versions)?
    • 7.5 How do I define a list of Not Enforce URLs that Web Agents can ignore for authentication purposes in AM (All versions)?
    • 7.6 How do I define a list of Not Enforce URIs that Java Agents can ignore for authentication purposes in AM (All versions)?
    • 7.7 How do I change the session cookie name for AM and Agents (All versions)?
    • 7.8 How do I capture HTTP headers set by Web Agents (All versions) in Apache HTTP server using a Perl script?
  • 8 SSL Offloading
    • 8.1 How do I configure a Web Agent (All versions) for SSL offloading?
    • 8.2 How do I configure a Java Agent (All versions) for SSL offloading?
    • 8.3 How do I configure SSL offloading at the Agent (All versions) for virtual hosts?
  • 9 Policies
    • 9.1 Best practice for creating and testing policies in AM (All versions)
    • 9.2 How do I export and import policies in AM (All versions)?
    • 9.3 How do I create a policy in AM (All versions) using the REST API?
    • 9.4 How do I reduce the number of policy matches in Identity Cloud or AM (All versions)?
    • 9.5 How do I share values between scripted policies in AM (All versions)?
  • 10 Frequently Asked Questions
    • 10.1 FAQ: Installing Agents in AM
    • 10.2 FAQ: Configuring Agents in Identity Cloud and AM
    • 10.3 FAQ: Configuring policies in Identity Cloud and AM
    • 10.4 FAQ: SSL/TLS secured connections in AM and Agents
    • 10.5 FAQ: SSL certificate management in AM and Agents
    • 10.6 FAQ: AM performance and tuning
  • 11 How do I troubleshoot WebSocket issues in Agents (All versions)?
  • 12 Logging
    • 12.1 How do I enable debug logging for troubleshooting Agents (All versions)?
    • 12.2 How do I rotate Java Agents 5, 5.5 and 5.6 debug and audit logs?
    • 12.3 How do I clear debug logs in AM (All versions)?
  • 13 Known Issues
    • 13.1 Agent and IG session numbers keep growing in the CTS store in AM (All versions)
    • 13.2 Web Agent (All versions) system log grows rapidly with WebSocket 401 errors
    • 13.3 Apache and IIS Web Agent (All versions) repeatedly reports failed to load SSL errors
    • 13.4 An illegal reflective access operation has occurred when using Java 11 with ForgeRock products
    • 13.5 Installation
      • 13.5.1 Installing a Web Agent (All versions) fails with a no ssl/library support error
      • 13.5.2 Unable to find the "User" entry in the httpd.conf file error when installing the Apache Web Agent (All versions)
      • 13.5.3 Java Agents, AM 5.x and 6.x fail to install on IBM WebSphere when SSL is enabled
      • 13.5.4 Authentication fails with Internal Server Error (500) after installing or upgrading the Agent (All versions)
      • 13.5.5 Apache Web Agent (All versions) does not start after installing it on RHEL or CentOS configured with SELinux
    • 13.6 Redirect
      • 13.6.1 redirect_uri_mismatch error occurs after upgrading to, or installing Agents (All versions)
      • 13.6.2 Agent (All versions) does not redirect user correctly if the redirect URL is too long
      • 13.6.3 Redirect loop between AM and Agents (All versions) after successful authentication
    • 13.7 Policies
      • 13.7.1 Resource type lookups and policy evaluation fails in AM 6.5.0.x, 6.5.1, 6.5.2, and when the external Policy Store is restarted