Forgerock IAM

The aim of this lab is to showcase the key features and capabilities of the versatile and powerful ForgeRock® Access Management (AM). It provides the student with the knowledge and confidence to manage their own environment. It is accepted that this course is not able to demonstrate all the features and capabilities of AM.

Course modules:

Module-1: Installing and Upgrading AM

• Deploying Forgerock IAM
• Install AM with the web wizard
• Install AM and manage configuration with Amster
• Install an AM instance with the web wizard
• Install Amster
• Upgrade an AM instance
• Upgrade AM with the web wizard
• Examine an initial AM installation

 

Module-2: Exploring Authentication Mechanisms

• Configure a realm and examine AM default authentication
• Experiment with session cookies
• Create and manage trees
• Explore tree nodes
• Create a login tree
• Test the login tree

Module-3: Protecting a Website With IG

• Present AM edge clients
• Review the FEC website protected by IG
• Integrate the FEC website with AM
• Observe the IG token cookie
• Authenticate identities with AM
• Integrate identities in AM with an identity store
• Create an authentication tree with an LDAP Decision node
• Integrate an identity store with AM
• Implement access control on a website

 

Module-4: Increasing Authentication Security

• Describe MFA
• Register a device
• Include recovery codes
• Examine OATH authentication
• Implement TOTP authentication
• Implement Push notification authentication
• Implement password less Web Authn

Module-5: Modifying a User’s Authentication Experience Based on Context

• Implement a browser context change script
• Lock and unlock accounts
• Implement account lockout

Module-6: Checking Risk Continuously

• Implement step-up authentication flow
• Implement transactional authorization
• Prevent users from bypassing the default tree

Module-7: Integrating Applications With OAuth2

• Configure OAuth2 in AM
• Configure AM as an OAuth2 provider
• Configure AM with an OAuth2 client
• Test the OAuth2 Device Code grant type flow

Module-8: Integrating Applications With OIDC

• Create and use an OIDC script
• Create an OIDC claims script
• Register an OIDC client and configure the OAuth2 Provider settings
• Test the OIDC Authorization Code grant type flow

Module-9: Authenticating OAuth2 Clients and using mTLS in OAuth2 for PoP

• Authenticate an OAuth2 client using mTLS
• Examine certificate-bound PoP when mTLS is configured
• Obtain a certificate-bound access token

Module-10: Transforming OAuth2 Tokens

• Implement a token exchange impersonation pattern
• Implement a token exchange delegation pattern
• Configure token exchange in AM
• Configure AM for token exchange
• Test token exchange flows

Module-11: Implementing Social Authentication

• Implement social registration and authentication with Google

Module-12: Implementing SSO Using SAML2

• Configure AM as an IdP and integrate with third-party SPs
• Examine SSO between an SP and IdP and across SPs

Module-13: Delegating Authentication Using SAML2

• Configure AM as a SAML2 SP and integrate with a third-party IdP

Module-14: Hardening AM Security

• Harden AM security
• Manage the AM keystore, aliases, and passwords
• Configure and manage secret stores
• Configure an HSM secret store to sign OIDC ID token

Module-15: Clustering AM

• Create an AM cluster
• Prepare the initial AM cluster
• Install another AM server in the cluster
• Test AM cluster failover scenarios