You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: openam-documentation/openam-doc-source/src/main/asciidoc/admin-guide/chap-agents.adoc
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@
12
12
information: "Portions copyright [year] [name of copyright owner]".
13
13
14
14
Copyright 2017 ForgeRock AS.
15
-
Portions Copyright 2024 3A Systems LLC.
15
+
Portions Copyright 2024-2025 3A Systems LLC.
16
16
////
17
17
18
18
:figure-caption!:
@@ -30,7 +30,7 @@ Policy agents can have local configurations where they are installed. Typically,
30
30
[#gateway-or-policy-agent]
31
31
=== OpenIG or Policy Agent?
32
32
33
-
OpenAM supports both link:http://openig.forgerock.org/[OpenIG, window=\_blank] and also a variety of policy agents. OpenIG and the policy agents can both enforce policy, redirecting users to authenticate when necessary, and controlling access to protected resources. OpenIG runs as a self-contained reverse proxy located between the users and the protected applications. Policy agents are installed into the servers where applications run, intercepting requests in that context.
33
+
OpenAM supports both link:https://github.com/OpenIdentityPlatform/OpenIG[OpenIG, window=\_blank] and also a variety of policy agents. OpenIG and the policy agents can both enforce policy, redirecting users to authenticate when necessary, and controlling access to protected resources. OpenIG runs as a self-contained reverse proxy located between the users and the protected applications. Policy agents are installed into the servers where applications run, intercepting requests in that context.
34
34
35
35
Use OpenIG to protect access to applications not suited for a policy agent. Not all web servers and Java EE applications have policy agents. Not all operating systems work with policy agents.
36
36
@@ -1612,7 +1612,7 @@ This section covers version 2.2 policy agent properties. Version 2.2 agents stor
1612
1612
1613
1613
[WARNING]
1614
1614
====
1615
-
ForgeRock no longer supports 2.2 policy agents. Documentation exists only for legacy systems. Do not use 2.2 policy agents for new deployments.
1615
+
Open Identity Platform Community no longer supports 2.2 policy agents. Documentation exists only for legacy systems. Do not use 2.2 policy agents for new deployments.
1616
1616
====
1617
1617
After creating the agent profile, you access agent properties in the OpenAM console under Realms > __Realm Name__ > Agents > 2.2 Agents > __Agent Name__. Properties include:
Copy file name to clipboardExpand all lines: openam-documentation/openam-doc-source/src/main/asciidoc/admin-guide/chap-audit-logging.adoc
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@
12
12
information: "Portions copyright [year] [name of copyright owner]".
13
13
14
14
Copyright 2017 ForgeRock AS.
15
-
Portions Copyright 2024 3A Systems LLC.
15
+
Portions Copyright 2024-2025 3A Systems LLC.
16
16
////
17
17
18
18
:figure-caption!:
@@ -29,7 +29,7 @@ Audit logs gather operational information about events occurring within an OpenA
29
29
30
30
This chapter describes the new, common REST-based Audit Logging Service available in OpenAM 13.5.2-15. OpenAM 13.5.2-15 also supports a legacy Logging Service, based on a Java SDK and available in OpenAM versions prior to OpenAM 13.5.2-15. The legacy Logging Service will be deprecated in a future release of OpenAM.
31
31
32
-
The Audit Logging Service uses a structured message format that adheres to a consistent and documented log structure common across the ForgeRock stack, including OpenAM, OpenIDM, OpenDJ, and OpenIG.
32
+
The Audit Logging Service uses a structured message format that adheres to a consistent and documented log structure common across the Open Identity Platform stack, including OpenAM, OpenIDM, OpenDJ, and OpenIG.
33
33
34
34
[IMPORTANT]
35
35
====
@@ -39,7 +39,7 @@ By default, OpenDJ 3.0 does not have audit logging enabled; thus, administrators
39
39
[#about-audit-logs]
40
40
=== About the Audit Logging Service
41
41
42
-
OpenAM writes log messages generated from audit events triggered by its instances, policy agents, the `ssoadm` tool, and connected ForgeRock stack implementations.
42
+
OpenAM writes log messages generated from audit events triggered by its instances, policy agents, the `ssoadm` tool, and connected Open Identity Platform stack implementations.
43
43
44
44
OpenAM's Audit Logging Service provides a versatile and rich feature set as follows:
45
45
@@ -483,7 +483,7 @@ Default: 1800 (seconds)
483
483
484
484
OpenAM supports audit logging to Elasticsearch 5.0. When you store OpenAM's audit logs in an Elasticsearch data store, you can use Kibana to perform data discovery and visualization on your logs.
485
485
486
-
You can experiment with an Elasticsearch audit handler without enabling any Elasticsearch security features. However, for a more secure deployment, ForgeRock recommends that you use Elasticsearch Shield to require authentication to Elasticshield. Depending on your network topology, you might also want to configure SSL for Elasticsearch Shield.
486
+
You can experiment with an Elasticsearch audit handler without enabling any Elasticsearch security features. However, for a more secure deployment, Open Identity Platform Community recommends that you use Elasticsearch Shield to require authentication to Elasticshield. Depending on your network topology, you might also want to configure SSL for Elasticsearch Shield.
487
487
488
488
Before configuring the Elasticsearch audit event handler, you must configure an Elasticsearch index with OpenAM's audit schema:
489
489
@@ -797,7 +797,7 @@ The purpose of this feature is to allow customers to perform two kinds of filter
=== Configuring the Trust Transaction Header System Property
799
799
800
-
OpenAM supports the propagation of the transaction ID across the ForgeRock platform, such as from OpenDJ or OpenIDM to OpenAM, using the HTTP header `X-ForgeRock-TransactionId`. The `X-ForgeRock-TransactionId` header is automatically set in all outgoing HTTP calls from one ForgeRock product to another. Customers can also set this header themselves from their own applications or scripts calling into the ForgeRock platform.
800
+
OpenAM supports the propagation of the transaction ID across the Open Identity Platform, such as from OpenDJ or OpenIDM to OpenAM, using the HTTP header `X-ForgeRock-TransactionId`. The `X-ForgeRock-TransactionId` header is automatically set in all outgoing HTTP calls from one ForgeRock product to another. Customers can also set this header themselves from their own applications or scripts calling into the ForgeRock platform.
801
801
802
802
You can set a new property `org.forgerock.http.TrustTransactionHeader` to `true`, which will trust any incoming `X-ForgeRock-TransactionId` headers. By default, the `org.forgerock.http.TrustTransactionHeader` is set to `false`, so that a malicious actor cannot flood the system with requests using the same transaction ID header to hide their tracks.
0 commit comments