Request authorization from AM
When you have configured AM to determine whether to grant or deny access based on your configured policies, you must configure policy enforcement points (PEPs) to use AM.
The Ping Identity Platform provides the following PEPs:
- Web agents and Java agents
-
Add-on components installed on the web server or container that serves your applications. The web and Java agents are tightly integrated with AM and serve exclusively as PEPs.
For more information, refer to Policy enforcement in the ForgeRock web agents documentation, or to Policy enforcement in the ForgeRock Java agents documentation.
- PingGateway
-
A high-performance reverse proxy server that can also function as a PEP.
For more information, refer to Policy enforcement in the PingGateway documentation.
The Ping Identity Platform PEPs intercept inbound client requests to access resources in your website or application. Based on internal rules, the PEPs can defer requests to AM for policy evaluation. Because they are tightly integrated with AM, you do not need additional code to request policy evaluation or to manage advices.
Use the Ping Identity Platform PEPs where possible. If your deployment has specific requirements that aren’t met by the Ping Identity Platform PEPs, you can write your own PEPs that make REST calls to AM to request policy evaluation.
Related information: Request policy decisions over REST