ForgeRock® Access Management Core Concepts
ForgeRock® Access Management Core Concepts
AM-400
Course Description
Revision A
Description
This structured course comprises a mix of instructor-led lessons and demonstrations with plenty of lab exercises to ensure opportunities to fully understand each of the topics covered. It provides students with a strong foundation for the design, installation, configuration, and administration of ForgeRock Access Management (AM).
The key objectives of the course are to present core concepts and key features of ForgeRock Access Management, and to provide hands-on experience that enables students to implement a complete access management solution based on real-life use cases.
Note that Revision A of this course is built on version 5.0 of ForgeRock Access Management.
Target Audiences
The course is aimed at those responsible for overseeing various aspects of a successful deployment of ForgeRock Access Management. This includes, but is not limited to, those with the following roles:
- System Integrators
- System Consultants
- System Architects
- System Developers
- System Administrators
Objectives
Upon completion of this course, you should be able to:
- Protect a web site with ForgeRock Access Management and a policy agent, add separation of admins and users and add user self-service
- Extend protection utilizing richer authentication capabilities
- Control and extend access to web resources depending upon predetermined criteria
- Extend services to mobile applications and low-level devices, share resources and perform social authentication using OAuth 2.0 (OAuth2)-based protocols
- Define the areas that must be considered when going to production with a complete ForgeRock Access Management-based solution
- Communicate identity information across federated identities using SAML v2.0 (SAML2)
Prerequisites
To succeed fully in this course, students should have a working familiarity with:
- Unix OS environment command-line administration
- Unix OS networking, security and directory fundamentals
- Java web services and application platform administration
- Java, JSON, and XML application configuration
- Internet protocols such as HTTP, TCP/IP
Duration
5 days
Course Contents
Chapter 1:Basic Configuration
Lesson 1: Implementing Basic Authentication with AM
Describe how AM allows you to manage basic authentication through the use of sessions and cookies
Implement basic authentication with AM
Discuss the need and use of realms
Implement separation of admin and users using realms
Lesson 2: Protecting a Website
List and describe AM authentication clients
Describe Policy Agent main functionality
Implement Policy Enforcement using Policy Agents
Lesson 3: Empowering Users
Describe the main capabilities of User Self-Service
Configure User Self-Service self-registration basic flow
Chapter 2:Extending Authentication
Lesson 1: Extending Authentication Functionality
Describe the authentication mechanisms of AM
Identify realm-level authentication settings
Create a LDAP authentication module
Create a chain containing the LDAP module
Lesson 2: Retrieving User Information
Describe the use of an Identity Data Store
Explain the distinction between Identity Data Store and Credentials store
Implement user specific features on the website
Retrieve user profile information using REST
Lesson 3: Increasing Authentication Security
Discuss the need to increase authentication security
Implement account lockout
Configure adaptive risk authentication
Create an adaptive risk chain
Demonstrate push notification configuration
Chapter 3:Controlling Access
Lesson 1: Controlling Access
Describe how AM manages entitlements through authorization
Define Policy components
Explain how AM evaluates policies
Implement access control policies on a website
Lesson 2: Extending Entitlements
Define Session Upgrade
Describe authentication Step Up flow
Implement step up authentication
Chapter 4:Extending Services using OAuth2-based Protocols
Lesson 1: Integrating Low-level Devices with OAuth2
Explain why OAuth 2.0 (OAuth2) protocol can be used to integrate various devices
Discuss OAuth2 players and their roles
Describe OAuth2 access token, refresh token and authorization code
List OAuth2 grants
Configure AM as an OAuth2 authorization server and demonstrate OAuth2 device flow
Lesson 2: Integrating Mobile Applications with OpenID Connect
Explain how OpenID Connect 1.0 (OIDC) leverages OAuth 2.0 handshake to provide authentication and data sharing
Configure AM as an OpenID Connect provider and demonstrate OpenID connect Authorization Grant profile
Lesson 3: Sharing Resources with User-Managed Access (UMA)
Describe how UMA enriches OAuth 2.0 to allow resource sharing
Implement AM as an UMA authorization server and demonstrate resource sharing
Lesson 4: Implementing Social Authentication
Explain the mechanism allowing AM to delegate authentication to social media
Configure social authentication using Google
Chapter 5:Preparing for Production
Lesson 1: Customizing AM End User Pages
Describe the user interface areas that can be customized
Update the user interface default theme
Lesson 2: Hardening AM Security
Highlight the areas where security needs hardening
Adjust default settings
Set up administration privileges
Lesson 3: Administering AM
Introduce the administration tools available
Install Amster
Export configuration with Amster
Identify tools to troubleshoot issues
Record debugging information
Explain audit logging service
Describe how to monitor AM
Discuss the areas that may need tuning
Lesson 4: Installing and Upgrading AM
Plan an AM installation
Install a single instance of AM using the wizard
Describe the bootstrap process
Upgrade an AM instance using the wizard
Lesson 5: Clustering AM
Discuss approaches to providing High Availability
Explain how to scale a deployment
Add a server to a cluster using stateful tokens
Modify the cluster to use stateless tokens
Lesson 6: Introducing Dev Ops
Describe primary containerization concepts and tools
Explain support for containerization in AM 5
Observe parallel instantiation with Docker
Chapter 6:Federating across Entities using SAML2
Lesson 1: Configuring SAML2 Federation
Discuss Federation entities and flows
Explain the Login flow from the IDP point of view
Examine SSO between SP and IdP across SPs
Lesson 2: Delegating Authentication using SAML2
Describe Metadata content and use
Explain the Login flow from the SP point of view
Implement AM as a SAML2 service provider
1
ForgeRock, Inc., 201 Mission St., Suite 2900, San Francisco, CA 94105