ForgeRock® Access Management Core Concepts (AM-400)

This structured course comprises a mix of instructor-led lessons and demonstrations with plenty of lab exercises to ensure opportunities to fully understand each of the topics covered. It provides students with a strong foundation for the design, installation, configuration, and administration of ForgeRock Access Management (AM).
The key objectives of the course are to present core concepts and key features of ForgeRock Access Management, and to provide hands-on experience that enables students to implement a complete access management solution based on real-life use cases.
Note that Revision A of this course is built on version 5.0 of ForgeRock Access Management.
Target Audiences
The course is aimed at those responsible for overseeing various aspects of a successful deployment of ForgeRock Access Management. This includes, but is not limited to, those with the following roles:
  • System Integrators
  • System Consultants
  • System Architects
  • System Developers
  • System Administrators
Upon completion of this course, you should be able to:
  • Protect a web site with ForgeRock Access Management and a policy agent, add separation of admins and users and add user self-service
  • Extend protection utilizing richer authentication capabilities
  • Control and extend access to web resources depending upon predetermined criteria
  • Extend services to mobile applications and low-level devices, share resources and perform social authentication using OAuth 2.0 (OAuth2)-based protocols
  • Define the areas that must be considered when going to production with a complete ForgeRock Access Management-based solution
  • Communicate identity information across federated identities using SAML v2.0 (SAML2)
To succeed fully in this course, students should have a working familiarity with:
  • Unix OS environment command-line administration
  • Unix OS networking, security and directory fundamentals
  • Java web services and application platform administration
  • Java, JSON, and XML application configuration
  • Internet protocols such as HTTP, TCP/IP
5 days
Show details
Course Contents
Chapter 1: Basic Configuration
Lesson 1: Implementing Basic Authentication with AM
  • Describe how AM allows you to manage basic authentication through the use of sessions and cookies
  • Implement basic authentication with AM
  • Discuss the need and use of realms
  • Implement separation of admin and users using realms
Lesson 2: Protecting a Website
  • List and describe AM authentication clients
  • Describe Policy Agent main functionality
  • Implement Policy Enforcement using Policy Agents
Lesson 3: Empowering Users
  • Describe the main capabilities of User Self-Service
  • Configure User Self-Service self-registration basic flow
Chapter 2: Extending Authentication
Lesson 1: Extending Authentication Functionality
  • Describe the authentication mechanisms of AM
  • Identify realm-level authentication settings
  • Create a LDAP authentication module
  • Create a chain containing the LDAP module
Lesson 2: Retrieving User Information
  • Describe the use of an Identity Data Store
  • Explain the distinction between Identity Data Store and Credentials store
  • Implement user specific features on the website
  • Retrieve user profile information using REST
Lesson 3: Increasing Authentication Security
  • Discuss the need to increase authentication security
  • Implement account lockout
  • Configure adaptive risk authentication
  • Create an adaptive risk chain
  • Demonstrate push notification configuration
Chapter 3: Controlling Access
Lesson 1: Controlling Access
  • Describe how AM manages entitlements through authorization
  • Define Policy components
  • Explain how AM evaluates policies
  • Implement access control policies on a website
Lesson 2: Extending Entitlements
  • Define Session Upgrade
  • Describe authentication Step Up flow
  • Implement step up authentication
Chapter 4: Extending Services using OAuth2-based Protocols
Lesson 1: Integrating Low-level Devices with OAuth2
  • Explain why OAuth 2.0 (OAuth2) protocol can be used to integrate various devices
  • Discuss OAuth2 players and their roles
  • Describe OAuth2 access token, refresh token and authorization code
  • List OAuth2 grants
  • Configure AM as an OAuth2 authorization server and demonstrate OAuth2 device flow
Lesson 2: Integrating Mobile Applications with OpenID Connect
  • Explain how OpenID Connect 1.0 (OIDC) leverages OAuth 2.0 handshake to provide authentication and data sharing
  • Configure AM as an OpenID Connect provider and demonstrate OpenID connect Authorization Grant profile
Lesson 3: Sharing Resources with User-Managed Access (UMA)
  • Describe how UMA enriches OAuth 2.0 to allow resource sharing
  • Implement AM as an UMA authorization server and demonstrate resource sharing
Lesson 4: Implementing Social Authentication
  • Explain the mechanism allowing AM to delegate authentication to social media
  • Configure social authentication using Google
Chapter 5: Preparing for Production
Lesson 1: Customizing AM End User Pages
  • Describe the user interface areas that can be customized
  • Update the user interface default theme
Lesson 2: Hardening AM Security
  • Highlight the areas where security needs hardening
  • Adjust default settings
  • Set up administration privileges
Lesson 3: Administering AM
  • Introduce the administration tools available
  • Install Amster
  • Export configuration with Amster
  • Identify tools to troubleshoot issues
  • Record debugging information
  • Explain audit logging service
  • Describe how to monitor AM
  • Discuss the areas that may need tuning
Lesson 4: Installing and Upgrading AM
  • Plan an AM installation
  • Install a single instance of AM using the wizard
  • Describe the bootstrap process
  • Upgrade an AM instance using the wizard
Lesson 5: Clustering AM
  • Discuss approaches to providing High Availability
  • Explain how to scale a deployment
  • Add a server to a cluster using stateful tokens
  • Modify the cluster to use stateless tokens
Lesson 6: Introducing Dev Ops
  • Describe primary containerization concepts and tools
  • Explain support for containerization in AM 5
  • Observe parallel instantiation with Docker
Chapter 6: Federating across Entities using SAML2
Lesson 1: Configuring SAML2 Federation
  • Discuss Federation entities and flows
  • Explain the Login flow from the IDP point of view
  • Examine SSO between SP and IdP across SPs
Lesson 2: Delegating Authentication using SAML2
  • Describe Metadata content and use
  • Explain the Login flow from the SP point of view
  • Implement AM as a SAML2 service provider