Visão Geral

Este Curso ForgeRock Access Management - Customization and APIs fornece uma introdução técnica prática às APIs ForgeRock Access Management (AM) e casos de uso de personalização. Você examinará os pontos de extensão AM e adquirirá as habilidades necessárias para estender e integrar uma implantação AM em um contexto do mundo real.

Objetivo

Após concluir este Curso ForgeRock Access Management - Customization and APIs, você será capaz de:

• Liste os pontos de extensão do AM
• Liste quais componentes personalizáveis ​​são afetados em casos de uso comuns de AM
• Entenda os conceitos básicos de script
• Use a interface de administração para procurar, editar e configurar scripts
• Descrever como o AM realiza a autenticação
• Revise os nós de autenticação e as árvores de autenticação
• Projetar e implementar um nó de autenticação personalizado
• Descrever como funciona a autenticação com script
• Explore como os scripts do lado do cliente são usados ​​com nós e árvores de autenticação
• Descrever como a autenticação com script do lado do servidor opera com nós e árvores de autenticação
• Use a interface de administração para criar e testar árvores de autenticação contendo nós com script
• Discuta os conceitos políticos em AM
• Implementar uma EntitlementCondition ou uma condição com script
• Descrever a API REST comum do ForgeRock (REST comum)
• Habilitar compartilhamento de recursos entre origens (CORS) em AM
• Autenticar usuários por meio da API REST
• Gerencie identidades e domínios por meio da API REST
• implementar a redefinição de senha e o autorregistro do usuário usando a API REST
• Consulte a lista de aplicativos de painel por meio da API REST
• Use o mecanismo de política para proteger recursos não baseados em URL
• Descrever as APIs REST de gerenciamento e avaliação de políticas
• Descrever o OAuth 2.0 e o OpenID Connect, incluindo como usar seus endpoints HTTP
• Demonstre a validação do escopo e personalize o comportamento padrão
• Explicar os conceitos básicos de acesso gerenciado pelo usuário (UMA)
• Configure AM como um servidor de autorização UMA
• Gerenciar conjuntos de recursos UMA
• Demonstrar como personalizar o fluxo de trabalho UMA

Publico Alvo

• Desenvolvedores de aplicativos, adaptando aplicativos clientes para usar recursos AM
• Desenvolvedores de software, ampliando e integrando serviços AM para suas organizações
• Consultores de Sistema
• Arquitetos de Sistema

Pre-Requisitos

• Conhecimento de gerenciamento de acesso ForgeRock
• Conhecimentos e habilidades básicas usando o sistema operacional Linux
• O conhecimento de JSON, JavaScript, AngularJS, REST, Java, Groovy e XML é importante para dominar a compreensão do material e dos exemplos
• O conhecimento básico de LDAP pode ser útil para entender o código e alguns exemplos

Materiais

Conteúdo Programatico

Using Extension (Customization) Points

1. Introduce Java APIs, REST API, and REST API versioning
2. Introduce customizing authentication
3. Introduce customizing authorization and policy evaluation
4. Describe use cases related to OAuth 2.0 and UMA
5. Describe use cases related to SAML2
6. Describe the course environment architecture
7. Understand the course ContactList application functionality and its role in this course
8. Manage (starting, stopping) the AM and Directory Services servers
9. Describe development tools and scripts provided with the course environment

Introducing Authentication Trees and Nodes

1. Review the concept of authentication trees and nodes
2. Create a basic authentication tree
3. Add existing authentication nodes to an authentication tree
4. Implement a choice collector authentication node
5. Assign the user choice to a session property
6. Configure the Session Property Whitelist Service for the realm
7. Test the authentication tree in a web browser and with the REST API
8. Run a REST API function to view the authenticated user’s session data
9. Compare tree and chain authentication methods

Customizing with Authentication Trees and Nodes

1. Create a custom authentication node project using the Maven archetype from the command line
2. Create a custom authentication node project using the Maven archetype within NetBeans
3. Write the configuration interface for a custom authentication node
4. Manage updates to the authentication node configuration interface
5. Write the business logic for a custom authentication node
6. Deploy a custom authentication node
7. Modify an existing authentication tree to add the custom authentication node
8. Test the custom authentication node using a web browser interface or its REST API

Developing Scripts with Scripting APIs

1. Explore client-side scripting with authentication nodes
2. Deploy a custom authentication node that runs specific client-side scripts
3. Include a client-side script with the custom authentication node in an authentication tree
4. Create a script for use by a Scripted Decision node in an authentication tree to process the client-side data and return an authentication decision
5. Receive and process data from the client-side script in a server-side script with a Scripted Decision node
6. Understand client-side scripting with authentication trees by examining source code
7. Configure the scripting engine properties and manage the APIs available to server-side scripts
8. Test the script-based authentication with authentication trees and nodes

Migrating Authentication Modules to Authentication Trees and Nodes

1. Migrate a server-side authentication script to be used in a Scripted Decision node of an authentication tree
2. Modify the server-side script to receive client-side data in the authentication tree context
3. Design the server-side authentication script outcome values for use in the authentication tree
4. Migrate a client-side authentication (module-based) script to be used by a custom authentication node
5. Write the client-side logic to send client data to the custom authentication node in the context of an authentication tree

Customizing Authorization

1. Review the main elements of the AM policy API
2. Discuss the concept of resource types and policy sets (formerly applications)
3. Describe the concept of application types
4. Illustrate the policy structure
5. Review the main groups of built-in policy conditions and their important members
6. Discuss where an EntitlementCondition and a script condition can be used
7. Implement, build, and deploy an EntitlementCondition
8. Implement, create, and deploy a scripted condition
9. Review the execution flow of the scripted condition
10. Discuss the variables available to the scripted condition
11. Use a scripted condition through the administration interface and the REST API
12. Develop a custom policy condition for the ContactList application
13. Modify the policy condition to return information about the maintenance mode
14. Complete the policy set

Using the REST API

1. Explore AM services available through the REST API
2. Describe the ForgeRock Common REST API
3. Review the main characteristics of the REST API
4. Discuss the verbs available in the REST API
5. Review the status codes returned by the REST API
6. Describe filtering, paging, sorting, and pretty printing
7. Explain the REST API versioning
8. Access the REST API from the administration interface by using a web browser
9. Use the REST API from jQuery
10. Use the REST API from AngularJS
11. Describe and enable CORS
12. List the configuration options for the CORSFilter
13. Configure the CORSFilter in AM
14. Modify the ContactList application to use AM for authentication
15. Examine the client-side and server-side components of the ContactList application
16. Modify an AngularJS module in ContactList that uses AM authentication services

Authentication with REST

1. Use the REST API to authenticate a user (sign in)
2. Compare the simplified (username/password) and full authentication APIs
3. Discuss application callback types
4. Use the simplified and full authentication API
5. Describe advanced authentication options (realm, authentication attributes, session upgrade)
6. Use the REST API to log out
7. Validate tokens and manage sessions
8. Describe the session REST API
9. Discuss the identity management REST API
10. Read user attributes
11. Create a realm
12. Modify the ContactList application to use AM for all authentication functions
13. Complete the AngularJS service interfacing AM to cover all authentication functions
14. Modify the login service to use the testSelectRole authentication tree in AM

Working with RESTful User Self-Service API

1. Review the characteristics of the self-service API
2. Illustrate the flow of password reset
3. Enable the password reset functionality
4. Perform a password reset through the REST API
5. Discuss the flow of user self-registration
6. Enable the user self-registration functionality
7. Perform user self-registration
8. Describe the concept of a user dashboard
9. List dashboard applications through the REST API
10. Implement password reset in the ContactList application
11. Configure AM to use a local email server
12. Emulate password reset using the command line
13. Add password reset functionality to the ContactList application

Authorizing with REST

1. Describe how to protect URL-based resources
2. Explain how to protect non-URL-based resources
3. List the main elements of the policy management API
4. Discuss the entities of the policy service
5. Describe the policy evaluation REST API
6. Explain the concept of policy sets
7. Request policy evaluation for a set of resources
8. Demonstrate how policy evaluation can be used to determine which user interface components to show in a JavaScript client
9. Modify the ContactList application to use AM for authorization
10. Create and test policy sets tailored to the ContactList application
11. Extend the backend of ContactList to use the authorization REST API
12. Extend the front end of ContactList to use the authorization REST API

Implementing OAuth Custom Scopes

1. Explain the benefits of OAuth 2.0
2. List the main elements of OAuth 2.0
3. Illustrate the authorization code flow
4. Describe the OAuth 2.0-related HTTP services available in AM
5. Explain the benefits of OpenID Connect
6. List the main elements of OpenID Connect
7. Illustrate the authorization code flow extended with OpenID Connect
8. Describe the TokenInfo endpoint
9. Describe the UserInfo endpoint
10. Discuss the OpenID Connect HTTP services
11. Explain how scope validation is implemented in AM
12. Implement and register a custom scope validation implementation
13. Describe the default OpenID Connect script
14. Create a custom OpenID Connect script
15. Modify the ContactList application to use OAuth 2.0/ OpenID Connect for authentication and authorization
16. Configure OAuth 2.0 and OpenID Connect in AM
17. Create a customized scope validator and token response
18. Modify the ContactList example application to use OpenID Connect for authentication
19. Modify ContactList to behave as an OAuth 2.0 resource server

Customizing with UMA

1. Explain the benefits and list the elements of UMA
2. Describe the various tokens and tickets used in UMA
3. Illustrate the UMA protocol flow
4. Enable and configure an UMA Provider in AM
5. Configure UMA stores
6. Use the UMA discovery endpoint
7. Manage resources on the UMA administration page
8. Understand the UMA REST API
9. Describe the resource set and user label endpoints
10. Discuss the policy endpoint
11. Explain the permission request, requesting party token, and pending request endpoints
12. Understand UMA customization points
13. Register UMA filters
14. Implement resource sharing in the example application