October 24, 2019 at 12:56 am #26952
I have AM as a PEP for IG and I set up a web agent in AM. The authentication and policy authorization was fine. But when I tried to add Not Enforced URI in the agent config page, I never got it work and I have tried all kinds of URLs. Any suggestion? Thanks.
LeOctober 24, 2019 at 9:53 am #26953violetteParticipant
If IG is set up to do SSO/PEP, the only fields used and required by IG are the agent credentials.
The other parameters set in the agent configuration page in AM are not used by IG.
https://backstage.forgerock.com/docs/ig/6.5/gateway-guide/#pep-app-confOctober 24, 2019 at 4:55 pm #26954
Thanks for the response and clarifying on that. How would you approach this in IG? Say, I have a list of applications, and each application will correspond to one route. For each route, we want to have Not Enforced List of URIs. Thanks.
LeOctober 25, 2019 at 9:42 am #26956violetteParticipant
Purely IG, you can declare a conditional filter before your PEP filter to easily skip it, in case of not enforced URLs. You will have to play with condition expression to do that.
An alternative is to configure your policy in AM, but this will generate calls to AM for each URLs. (Using the Conditional Filter is a better solution, IMO)
There is a nice example in the documentation: https://backstage.forgerock.com/docs/ig/6.5/reference/#ConditionalFilterOctober 26, 2019 at 4:51 am #26965
That makes perfect sense. Thanks for the help!
You must be logged in to reply to this topic.