This topic has 4 replies, 2 voices, and was last updated 1 year, 5 months ago by ray.deng83.
-
AuthorPosts
-
October 24, 2019 at 12:56 am #26952
ray.deng83
ParticipantHi Folks,
I have AM as a PEP for IG and I set up a web agent in AM. The authentication and policy authorization was fine. But when I tried to add Not Enforced URI in the agent config page, I never got it work and I have tried all kinds of URLs. Any suggestion? Thanks.
Best,
LeOctober 24, 2019 at 9:53 am #26953violette
ParticipantHi Le,
If IG is set up to do SSO/PEP, the only fields used and required by IG are the agent credentials.
The other parameters set in the agent configuration page in AM are not used by IG.References:
https://backstage.forgerock.com/docs/ig/6.5/reference/#AmService
https://backstage.forgerock.com/docs/ig/6.5/gateway-guide/index.html#setup-agent
https://backstage.forgerock.com/docs/ig/6.5/gateway-guide/#pep-app-confOctober 24, 2019 at 4:55 pm #26954ray.deng83
ParticipantHi Violette,
Thanks for the response and clarifying on that. How would you approach this in IG? Say, I have a list of applications, and each application will correspond to one route. For each route, we want to have Not Enforced List of URIs. Thanks.
Best,
LeOctober 25, 2019 at 9:42 am #26956violette
ParticipantHi Le,
Purely IG, you can declare a conditional filter before your PEP filter to easily skip it, in case of not enforced URLs. You will have to play with condition expression to do that.
An alternative is to configure your policy in AM, but this will generate calls to AM for each URLs. (Using the Conditional Filter is a better solution, IMO)There is a nice example in the documentation: https://backstage.forgerock.com/docs/ig/6.5/reference/#ConditionalFilter
October 26, 2019 at 4:51 am #26965ray.deng83
ParticipantHi Violette,
That makes perfect sense. Thanks for the help!
Best,
Le -
AuthorPosts
You must be logged in to reply to this topic.