ForgeRock Access Management Customization and APIs

Intro to customization with AM and identify the major functional areas where customization & extending of AM is possible. The course environment & application are discussed as the context wherein customizations are completed.

Lesson One- Using Extension (Customization) Points

Deliver an overview of AM extension points where customizations are accomplished. Discuss the major components of the AM architecture & related APIs via which AM services can be accessed-

• Intro to Java APIs, REST API, and REST API versioning
• Intro to customizing authentication
• Intro to customizing authorization and policy evaluation
• Explain use cases related to OAuth 2.0 and UMA
• Explain use cases related to SAML2
• Explain the course environment architecture
• Comprehend the course ContactList application functionality & its role in this course
• Handle (starting, stopping) the AM & Directory Services servers
• Explain development tools & scripts provided with the course environment

Execute custom authentication services by utilizing authentication trees and nodes provided by AM. Learn to develop a custom authentication node & use the node in an authentication tree to deliver authentication services for the ContactList application. Analyze customization of authentication with client-side & server-side scripts. Cover migration of authentication modules & chains to authentication nodes & trees.

Lesson One- Introducing Authentication Trees and Nodes

Learn to develop an authentication tree consisting of several authentication nodes, delivered with AM without any customization, as the evidence of concept use case for the course ContactList application. Test the tree execution within a web browser and utilize command-line REST API requests to inspect the HTTP request-response & data information exchanged between the client web browser & AM-

• Examine the concept of authentication trees and nodes
• Develop a basic authentication tree
• Attach existing authentication nodes to an authentication tree
• Execute a choice collector authentication node
• Designate the user choice to a session property
• Arrange the Session Property Whitelist Service for the realm
• Experiment the authentication tree in a web browser & with the REST API
• Operate a REST API function to view the authenticated user’s session data
• Compare tree & chain authentication methods

Lesson Two- Customizing with Authentication Trees & Nodes

Demonstrate the AM authentication node API to develop a custom authentication node for utilization in authentication trees. Execute a custom authentication node to substitute the functionality of the choice collector, & to set session property nodes utilized in the initial authentication tree-

• Develop a custom authentication node project utilizing the Maven archetype from the command line
• Develop a custom authentication node project utilizing the Maven archetype within NetBeans
• Note the configuration interface for a custom authentication node
• Control updates to the authentication node configuration interface
• Compose the business logic for a custom authentication node
• Deploy a custom authentication node
• Adjust an existing authentication tree to add the custom authentication node
• Test the custom authentication node utilizing a web browser interface or its REST API

Lesson Three- Developing Scripts with Scripting APIs

Learn to execute client-side & server-side scripts in the context of an authentication tree. Analyze how client-side scripts can be run by utilizing a custom authentication node. Process client-side data with a server-side script designed for usage in a Scripted Decision node in an authentication tree-

• Analyze client-side scripting with authentication nodes
• Deploy a custom authentication node that drives specific client-side scripts
• Have a client-side script with the custom authentication node in an authentication tree
• Build a script for usage by a Scripted Decision node in an authentication tree to operate the client-side data & return an authentication decision
• Receive & process data from the client-side script in a server-side script along with a Scripted Decision node
• Comprehend client-side scripting with authentication trees by analyzing source code
• Configure the scripting engine properties & manage the APIs open to server-side scripts
• Experiment the script-based authentication with authentication trees & nodes

Lesson Four- Migrating Authentication Modules to Authentication Trees & Nodes

Investigate the source code of a custom authentication module & chain implemented for AM versions prior to version 5.0 and the course application. Investigate how it is migrated in this course to develop custom authentication trees to meet the ContactList application requirements. Explore the usage case with a client-side & server-side scripted module in a chain that is migrated for usage with a custom authentication node (for the client-side script), & the standard Scripted Decision node (for the server-side scripts) to be executed in authentication trees-

• Migrate a server-side authentication script to be utilized in a Scripted Decision node of an authentication tree
• Change the server-side script to obtain client-side data in the authentication tree context
• Create the server-side authentication script outcome values for usage in the authentication tree
• Migrate a client-side authentication script to be utilized by a custom authentication node
• Compose the client-side logic to transmit client data to the custom authentication node in the context of an authentication tree

Develop and test a set of policies executing the security constraints to allow users to access REST endpoints delivered by the course ContactList application.

Lesson One- Customizing Authorization

Learn to write & test a custom policy condition script (utilizing JavaScript) which queries the maintenance mode state of the ContactList application-

• Review the major elements of the AM policy API
• Discuss the concept of resource types & policy sets (formerly applications)
• Explain the concept of application types
• Illustrate the policy structure
• Review the significant groups of built-in policy conditions & their important members
• Discuss where an EntitlementCondition & a script condition can be used
• Implement, build, & deploy an EntitlementCondition
• Implement, create, & deploy a scripted condition
• Examine the execution flow of the scripted condition
• Consult the variables available to the scripted condition
• Utilize a scripted condition via the administration interface and the REST API
• Create a custom policy condition for the ContactList application
• Alter the policy condition to return information about the maintenance mode
• Finish the policy set

Change the sample ContactList application’s authentication mechanism to utilize the AM authentication tree service instead of its proprietary REST service.

Lesson One- Utilizing the REST API

Learn to access AM services via the REST API by utilizing the REST API Explorer in the administration interface & in the ContactList application written in AngularJS. Allow the CORS functionality in AM-

• Explore AM services available via the REST API
• Explain the ForgeRock Common REST API
• Review the significant characteristics of the REST API
• Consult the verbs available in the REST API
• Review the status codes repaid by the REST API
• Explain filtering, paging, sorting, & pretty printing
• Describe the REST API versioning
• Approach the REST API from the administration interface by utilizing a web browser
• Utilize the REST API from jQuery
• Utilize the REST API from AngularJS
• Explain and enable CORS
• List the configuration options for the CORSFilter
• Arrange the CORSFilter in AM
• Alter the ContactList application to use AM for authentication
• Examine the client-side & server-side components of the ContactList application
• Adjust an AngularJS module in ContactList that utilizes AM authentication services

Lesson Two- Authenticating with REST

Utilizes the REST API to perform authentication with AM services executed as authentication trees-

• Utilize the REST API to authenticate a user (sign in)
• Compare the simplified (username/password) & full authentication APIs
• Discuss application callback types
• Utilize the simplified and full authentication API
• Explain advanced authentication options (realm, session upgrade
• authentication attributes,)
• Utilize the REST API to log out
• Validate tokens & manage sessions
• Explain the session REST API
• Discuss the identity management REST API
• Read user attributes
• Develop a realm
• Modify the ContactList application to utilize AM for all authentication functions
• Finish the AngularJS service interfacing AM to include all authentication functions
• Alter the login service to use the testSelectRole authentication tree in AM

Lesson Three- Working with RESTful User Self-Service API

Explore how to execute a password-reset function with the REST API-

• Review the features of the self-service API
• Illustrate the flow of password reset
• Allow the password reset functionality
• Conduct a password reset through the REST API
• Discuss the flow of user self-registration
• Allow the user self-registration functionality
• Conduct user self-registration
• Explain the concept of a user dashboard
• List dashboard applications via the REST API
• Execute password reset in the ContactList application
• Configure AM to utilize a local email server
• Emulate password reset utilizing the command line
• Attach password reset functionality to the ContactList application

Lesson Four- Authorizing with REST

Learn to execute authorization in applications by utilizing the REST API-

• Explain how to protect URL-based resources
• Describe how to protect non-URL-based resources
• List the major elements of the policy management API
• Discuss the entities of the policy service
• Explain the policy evaluation REST API
• Describe the concept of policy sets
• Appeal policy evaluation for a set of resources
• Demonstrate how policy evaluation can be utilized to determine which user interface features to show in a JavaScript client
• Adjust the ContactList application to use AM for authorization
• Create & test policy sets tailored to the ContactList application
• Extend the backend of ContactList to utilize the authorization REST API
• Extend the front end of ContactList to utilize the authorization REST API

Comprehend how to federate a client application with AM utilizing the OAuth 2.0/OpenID Connect protocol.

Lesson One- Implementing OAuth Custom Scopes

Execute a Custom OAuth 2.0 Scope Validator-

• Describe the benefits of OAuth 2.0
• List the significant elements of OAuth 2.0
• Describe the authorization code flow
• Explain the OAuth 2.0-related HTTP services available in AM
• Describe the benefits of OpenID Connect
• List the major elements of OpenID Connect
• Demonstrate the authorization code flow extended with OpenID Connect
• Explain the TokenInfo endpoint
• Explain the UserInfo endpoint
• Discuss the OpenID Connect HTTP services
• Describe how scope validation is implemented in AM
• Execute and register a custom scope validation implementation
• Explain the default OpenID Connect script
• Develop a custom OpenID Connect script
• Adjust the ContactList application to use OAuth 2.0/ OpenID Connect for authentication and authorization
• Configure OAuth 2.0 & OpenID Connect in AM
• Develop a customized scope validator and token response
• Modify the ContactList example application to utilize OpenID Connect for authentication
• Adjust ContactList to behave as an OAuth 2.0 resource server

Intro to the UMA architecture and the UMA flows, & use UMA to add sharing functionality to an OAuth 2.0-secured application. Execute an UMA-compatible resource server and implement an UMA client.

Lesson One- Customizing with UMA

Execute contact group sharing by using UMA-

• Describe the benefits & list the elements of UMA
• Describe the various tokens & tickets used in UMA
• Illustrate the UMA protocol flow
• Allow and configure an UMA Provider in AM
• Configure UMA stores
• Utilize the UMA discovery endpoint
• Handle resources on the UMA administration page
• Comprehend the UMA REST API
• Explain the resource set and user label endpoints
• Discuss the policy endpoint
• Describe the permission request, requesting party token, and pending request endpoints
• Understand UMA customization points
• Register UMA filters
• Implement resource sharing in the example application

A- To attend the training session you should have an operational Desktops or Laptops with required specification along with good internet connection to access the labs.

A- We would always recommend you to attend the live session to practice & clarify the doubts instantly and get more value from your investment. However, due to some contingency if you have to skip the class Radiant Techlearning would help you with the recorded session of that particular day.  However, those recorded sessions are not meant only for personal consumption and NOT for distribution or any commercial use.

A- Radiant Techlearning has a data center containing the Virtual Training environment for the purpose of participant’s hand-on-practice. 

Participants can easily access these labs over Cloud with the help of remote desktop connection. 

Radiant virtual labs provide you the flexibility to learn from anywhere in the world and in any time zone.

A- The learners will be enthralled as we engage them in real world and industry Oriented projects during the training program. These projects will improve your skills and knowledge and you will gain better experience. These real time projects, they will help you a lot in your future tasks and assignments.