ForgeRock® Access Management Core Concepts

ForgeRock® Access Management Core Concepts

AM-400

Course Description

Revision A

Description

This structured course comprises a mix of instructor-led lessons and demonstrations with plenty of lab exercises to ensure opportunities to fully understand each of the topics covered. It provides students with a strong foundation for the design, installation, configuration, and administration of ForgeRock Access Management (AM).

The key objectives of the course are to present core concepts and key features of ForgeRock Access Management, and to provide hands-on experience that enables students to implement a complete access management solution based on real-life use cases.

Note that Revision A of this course is built on version 5.0 of ForgeRock Access Management.

Target Audiences

The course is aimed at those responsible for overseeing various aspects of a successful deployment of ForgeRock Access Management. This includes, but is not limited to, those with the following roles:

  • System Integrators
  • System Consultants
  • System Architects
  • System Developers
  • System Administrators

Objectives

Upon completion of this course, you should be able to:

  • Protect a web site with ForgeRock Access Management and a policy agent, add separation of admins and users and add user self-service
  • Extend protection utilizing richer authentication capabilities
  • Control and extend access to web resources depending upon predetermined criteria
  • Extend services to mobile applications and low-level devices, share resources and perform social authentication using OAuth 2.0 (OAuth2)-based protocols
  • Define the areas that must be considered when going to production with a complete ForgeRock Access Management-based solution
  • Communicate identity information across federated identities using SAML v2.0 (SAML2)

Prerequisites

To succeed fully in this course, students should have a working familiarity with:

  • Unix OS environment command-line administration
  • Unix OS networking, security and directory fundamentals
  • Java web services and application platform administration
  • Java, JSON, and XML application configuration
  • Internet protocols such as HTTP, TCP/IP

Duration

5 days

Course Contents

Chapter 1:Basic Configuration

Lesson 1: Implementing Basic Authentication with AM

Describe how AM allows you to manage basic authentication through the use of sessions and cookies

Implement basic authentication with AM

Discuss the need and use of realms

Implement separation of admin and users using realms

Lesson 2: Protecting a Website

List and describe AM authentication clients

Describe Policy Agent main functionality

Implement Policy Enforcement using Policy Agents

Lesson 3: Empowering Users

Describe the main capabilities of User Self-Service

Configure User Self-Service self-registration basic flow

Chapter 2:Extending Authentication

Lesson 1: Extending Authentication Functionality

Describe the authentication mechanisms of AM

Identify realm-level authentication settings

Create a LDAP authentication module

Create a chain containing the LDAP module

Lesson 2: Retrieving User Information

Describe the use of an Identity Data Store

Explain the distinction between Identity Data Store and Credentials store

Implement user specific features on the website

Retrieve user profile information using REST

Lesson 3: Increasing Authentication Security

Discuss the need to increase authentication security

Implement account lockout

Configure adaptive risk authentication

Create an adaptive risk chain

Demonstrate push notification configuration

Chapter 3:Controlling Access

Lesson 1: Controlling Access

Describe how AM manages entitlements through authorization

Define Policy components

Explain how AM evaluates policies

Implement access control policies on a website

Lesson 2: Extending Entitlements

Define Session Upgrade

Describe authentication Step Up flow

Implement step up authentication

Chapter 4:Extending Services using OAuth2-based Protocols

Lesson 1: Integrating Low-level Devices with OAuth2

Explain why OAuth 2.0 (OAuth2) protocol can be used to integrate various devices

Discuss OAuth2 players and their roles

Describe OAuth2 access token, refresh token and authorization code

List OAuth2 grants

Configure AM as an OAuth2 authorization server and demonstrate OAuth2 device flow

Lesson 2: Integrating Mobile Applications with OpenID Connect

Explain how OpenID Connect 1.0 (OIDC) leverages OAuth 2.0 handshake to provide authentication and data sharing

Configure AM as an OpenID Connect provider and demonstrate OpenID connect Authorization Grant profile

Lesson 3: Sharing Resources with User-Managed Access (UMA)

Describe how UMA enriches OAuth 2.0 to allow resource sharing

Implement AM as an UMA authorization server and demonstrate resource sharing

Lesson 4: Implementing Social Authentication

Explain the mechanism allowing AM to delegate authentication to social media

Configure social authentication using Google

Chapter 5:Preparing for Production

Lesson 1: Customizing AM End User Pages

Describe the user interface areas that can be customized

Update the user interface default theme

Lesson 2: Hardening AM Security

Highlight the areas where security needs hardening

Adjust default settings

Set up administration privileges

Lesson 3: Administering AM

Introduce the administration tools available

Install Amster

Export configuration with Amster

Identify tools to troubleshoot issues

Record debugging information

Explain audit logging service

Describe how to monitor AM

Discuss the areas that may need tuning

Lesson 4: Installing and Upgrading AM

Plan an AM installation

Install a single instance of AM using the wizard

Describe the bootstrap process

Upgrade an AM instance using the wizard

Lesson 5: Clustering AM

Discuss approaches to providing High Availability

Explain how to scale a deployment

Add a server to a cluster using stateful tokens

Modify the cluster to use stateless tokens

Lesson 6: Introducing Dev Ops

Describe primary containerization concepts and tools

Explain support for containerization in AM 5

Observe parallel instantiation with Docker

Chapter 6:Federating across Entities using SAML2

Lesson 1: Configuring SAML2 Federation

Discuss Federation entities and flows

Explain the Login flow from the IDP point of view

Examine SSO between SP and IdP across SPs

Lesson 2: Delegating Authentication using SAML2

Describe Metadata content and use

Explain the Login flow from the SP point of view

Implement AM as a SAML2 service provider

1

ForgeRock, Inc., 201 Mission St., Suite 2900, San Francisco, CA 94105