Book

Agents and policies in AM

This books provides information on agents and their use in AM. It includes chapters on SSL and policies.


Printer friendly view

Table of Contents

  • 1 What versions of Agents are compatible with AM?
  • 2 How do I check that an Agent (All versions) can connect to AM?
  • 3 How do I set up a monitoring page for the load balancer in front of Web Agents (All versions) for health checks?
  • 4 How does Post Data Preservation work for Web Agents (All versions)?
  • 5 How do I silently remove a Web Agent (All versions)?
  • 6 Installation
    • 6.1 How do I migrate from JAAS to an identity-centric security model in Java Agents 5.x?
    • 6.2 Best practice for installing IIS Web Agents (All versions)
  • 7 Configuration
    • 7.1 How do I export configuration details for the Agent (All versions)?
    • 7.2 How do I create and update an Agent in AM (All versions) using the REST API?
    • 7.3 How do I configure Agents (All versions) to authenticate users against a specific realm, tree or authentication module in AM?
    • 7.4 How do I create an Agent that inherits group settings using ssoadm in AM (All versions)?
    • 7.5 How do I define a list of Not Enforce URLs that Web Agents can ignore for authentication purposes in AM (All versions)?
    • 7.6 How do I define a list of Not Enforce URIs that Java Agents can ignore for authentication purposes in AM (All versions)?
    • 7.7 How do I change the session cookie name for AM and Agents (All versions)?
    • 7.8 How do I capture HTTP headers set by Web Agents (All versions) in Apache HTTP server using a Perl script?
  • 8 SSL Offloading
    • 8.1 How do I configure a Web Agent (All versions) for SSL offloading?
    • 8.2 How do I configure a Java Agent (All versions) for SSL offloading?
    • 8.3 How do I configure SSL offloading at the Agent (All versions) for virtual hosts?
  • 9 Policies
    • 9.1 Best practice for creating and testing policies in AM (All versions)
    • 9.2 How do I export and import policies in AM (All versions)?
    • 9.3 How do I create a policy in AM (All versions) using the REST API?
    • 9.4 How do I reduce the number of policy matches in Identity Cloud or AM (All versions)?
    • 9.5 How do I share values between scripted policies in AM (All versions)?
  • 10 Frequently Asked Questions
    • 10.1 FAQ: Installing Agents in AM
    • 10.2 FAQ: Configuring Agents in Identity Cloud and AM
    • 10.3 FAQ: Configuring policies in Identity Cloud and AM
    • 10.4 FAQ: SSL/TLS secured connections in AM and Agents
    • 10.5 FAQ: SSL certificate management in AM and Agents
    • 10.6 FAQ: AM performance and tuning
  • 11 How do I troubleshoot WebSocket issues in Agents (All versions)?
  • 12 Logging
    • 12.1 How do I enable debug logging for troubleshooting Agents (All versions)?
    • 12.2 How do I rotate Java Agents 5, 5.5 and 5.6 debug and audit logs?
    • 12.3 How do I clear debug logs in AM (All versions)?
  • 13 Known Issues
    • 13.1 Agent and IG session numbers keep growing in the CTS store in AM (All versions)
    • 13.2 Web Agent (All versions) system log grows rapidly with WebSocket 401 errors
    • 13.3 Apache and IIS Web Agent (All versions) repeatedly reports failed to load SSL errors
    • 13.4 An illegal reflective access operation has occurred when using Java 11 with ForgeRock products
    • 13.5 Installation
      • 13.5.1 Installing a Web Agent (All versions) fails with a no ssl/library support error
      • 13.5.2 Unable to find the "User" entry in the httpd.conf file error when installing the Apache Web Agent (All versions)
      • 13.5.3 Java Agents, AM 5.x and 6.x fail to install on IBM WebSphere when SSL is enabled
      • 13.5.4 Authentication fails with Internal Server Error (500) after installing or upgrading the Agent (All versions)
      • 13.5.5 Apache Web Agent (All versions) does not start after installing it on RHEL or CentOS configured with SELinux
    • 13.6 Redirect
      • 13.6.1 redirect_uri_mismatch error occurs after upgrading to, or installing Agents (All versions)
      • 13.6.2 Agent (All versions) does not redirect user correctly if the redirect URL is too long
      • 13.6.3 Redirect loop between AM and Agents (All versions) after successful authentication
    • 13.7 Policies
      • 13.7.1 Resource type lookups and policy evaluation fails in AM 6.5.0.x, 6.5.1, 6.5.2, 6.5.2.1 and 6.5.2.2 when the external Policy Store is restarted