Request authorization from AM
Once you have configured AM to determine whether to grant or deny access based on the policies you created, you must configure your policy enforcement points (PEP) to use AM.
The ForgeRock Identity Platform provides the following PEPs:
-
Web agents and Java agents, which are add-on components installed on the web server or container serving your applications. They are tightly integrated with AM, and serve exclusively as policy enforcement points.
For more information, see the ForgeRock web agents documentation, or the ForgeRock Java agents documentation.
-
ForgeRock Identity Gateway, which is a high-performance reverse proxy server that can also function as a policy enforcement point.
For more information, see the ForgeRock Identity Gateway Getting Started Guide.
The ForgeRock Identity Platform PEP’s intercept inbound client requests to access a resource in your web site or application. Then, based on internal rules, they may defer the request to AM for policy evaluation. Since they are tightly integrated with AM, you do not need to add additional code to request policy evaluation or manage advices.
We recommend that you use the ForgeRock Identity Platform PEP’s. However, you can code your own and make REST calls to AM to request policy evaluation.
Related information: Request policy decisions over REST