AM 7.4.1

Register Thing node

This node authenticates a thing. A thing represents an IoT device, service, or the IoT Gateway.

Before you configure this node, ensure that the ref:pingam:reference:global-services-configuration.adoc#global-iot[IoT Service] IoT Service is configured for the realm.

Support for this node is provided by the IoT SDK.

The node collects a JWT from the request and validates the JWT according to the configured JWT registration method.

If the JWT is valid, the node uses the claims in the JWT to create an identity for the thing and register (or rotate) a confirmation key for it. Then, evaluation continues through the Success outcome.

If the node cannot validate the JWT, evaluation continues through the Failure outcome.

For an example on how to use this node, refer to Authenticate Thing node.

Compatibility

Product Compatible?

ForgeRock Identity Cloud

ForgeRock Access Management (self-managed)

ForgeRock Identity Platform (self-managed)

Outcomes

  • Success

  • Failure

Properties

Property Usage

JWT Registration Method

Choose the method to validate the JWT:

Proof of Possession & Certificate

Register using a Proof of Possession JWT that includes an X.509 certificate for providing trust. A challenge nonce is presented in the callback and must be included in the signed JWT.

Proof of Possession & Software Statement

Register using a Proof of Possession JWT and a Software Statement for providing trust. A challenge nonce is presented in the callback and must be included in the signed Proof of Possession JWT. The claims in the Software Statement take precedence over the claims in the Proof of Possession JWT.

Proof of Possession

Register using a Proof of Possession JWT without using a trusted third party. A challenge nonce is presented in the callback and must be included in the signed JWT.

Software Statement

Register using a Software Statement, without doing proof of possession. If you select this registration method, the resultant session token will not include a proof of possession restriction.

Default: Proof of Possession & Certificate

Verify Certificate Subject

If the configured JWT registration method is Proof of Possession & Certificate, this option verifies that the subject provided in the JWT is the same as the X.509 certificate subject CN or UID.

Default: Enabled

Create Identity

Specifies whether AM will create an ID for the thing if one does not exist.

Default: Disabled

Rotate Confirmation Key

Specifies whether multiple confirmation keys can be registered for a thing. Disable this setting to allow only one key per thing.

Default: Disabled

Default Attribute Values

Lets you set default values for the thing’s attributes, where KEY is the name of the attribute in the data store, and VALUE is the default value of the attribute.

Claim to Attribute Mapping

If Create Identity is enabled, this property lets you map verified claims in the JWT to attributes in the thing identity. KEY is the claim name and VALUE is the name of the attribute in the data store.

Overwrite Attributes

Specifies whether the node overwrites the value for an existing profile attribute when a claim with a different value is provided in the JWT.

Default: Disabled