This topic has 4 replies, 2 voices, and was last updated 1 year, 5 months ago by 
.
-
Posts
-
Hi Folks,
I have AM as a PEP for IG and I set up a web agent in AM. The authentication and policy authorization was fine. But when I tried to add Not Enforced URI in the agent config page, I never got it work and I have tried all kinds of URLs. Any suggestion? Thanks.
Best,
LeHi Le,
If IG is set up to do SSO/PEP, the only fields used and required by IG are the agent credentials.
The other parameters set in the agent configuration page in AM are not used by IG.References:
https://backstage.forgerock.com/docs/ig/6.5/reference/#AmService
https://backstage.forgerock.com/docs/ig/6.5/gateway-guide/index.html#setup-agent
https://backstage.forgerock.com/docs/ig/6.5/gateway-guide/#pep-app-confHi Violette,
Thanks for the response and clarifying on that. How would you approach this in IG? Say, I have a list of applications, and each application will correspond to one route. For each route, we want to have Not Enforced List of URIs. Thanks.
Best,
LeHi Le,
Purely IG, you can declare a conditional filter before your PEP filter to easily skip it, in case of not enforced URLs. You will have to play with condition expression to do that.
An alternative is to configure your policy in AM, but this will generate calls to AM for each URLs. (Using the Conditional Filter is a better solution, IMO)There is a nice example in the documentation: https://backstage.forgerock.com/docs/ig/6.5/reference/#ConditionalFilter
You must be logged in to reply to this topic.
