Visão Geral

Este Curso ForgeRock Access Management fornece os principais recursos e capacidades do versátil e poderoso ForgeRock Access Management (AM). Ele fornece a você o conhecimento e a confiança para gerenciar seu próprio ambiente.

Objetivo

Após concluir este Curso ForgeRock Access Management, você será capaz de:

• Comece com um site desprotegido e termine com uma solução de gerenciamento de acesso totalmente funcional, onde cada usuário que tenta acessar o site é redirecionado para AM para autenticação
• Melhore a segurança do gerenciamento de acesso em AM com autenticação multifator (MFA), análise de risco baseada em contexto e verificação contínua de risco
• Implementar protocolos baseados em OAuth 2.0 (OAuth2); nomeadamente, OAuth2 e OpenID Connect 1.0 (OIDC), para permitir que dispositivos de baixo nível e aplicações móveis façam solicitações que acedam a recursos pertencentes a um assinante
• Demonstre a federação entre entidades usando SAML2 com AM
• Instalar uma nova instância AM configurada com armazenamentos de dados externos do servidor de diretório como base para um cluster AM

Publico Alvo

• Administradores de gerenciamento de acesso ForgeRock
• Integradores de sistemas
• Consultores de Sistema
• Arquitetos de Sistema
• Desenvolvedores de sistema

Pre-Requisitos

• Conhecimento do ForgeRock Access Management Essentials
• Conhecimento de comandos UNIX/Linux
• Uma compreensão de HTTP e aplicativos da web
• Uma compreensão básica de como funcionam os servidores de diretório
• Uma compreensão básica de REST
• Um conhecimento básico de ambientes baseados em Java seria benéfico, mas nenhuma experiência em programação é necessária

Materiais

Conteúdo Programatico

Exploring Authentication Mechanisms

1. Introduce AM authentication
2. Understand realms
3. Describe authentication life cycle
4. Explain sessions
5. Examine session cookies
6. Prepare the lab environment
7. Examine an initial AM installation
8. Configure a realm and examine AM default authentication
9. Experiment with session cookies
10. Describe the authentication mechanisms of AM
11. Create and manage trees
12. Explore tree nodes
13. Create a login tree
14. Test the login tree

Protecting a Website With IG

1. Present AM edge clients
2. Describe IG functionality as an edge client
3. Review the ForgeRock Entertainment Company (FEC) website protected by IG
4. Integrate the FEC website with AM
5. Observe the IG token cookie
6. (Optional) Review IG configuration
7. Authenticate identities with AM
8. Integrate identities in AM with an identity store
9. Create an authentication tree with an LDAP Decision node
10. Integrate an identity store with AM

Controlling Access

1. Describe entitlements with AM authorization
2. Define AM policy components
3. Define policy environment conditions and response attributes
4. Describe the process of policy evaluation
5. Implement access control on a website

Increasing Authentication Security

1. Describe MFA
2. Register a device
3. Include recovery codes
4. Examine OATH authentication
5. Implement Time-based One-time Password (TOTP) authentication
6. (Optional) Implement HMAC-based One-time Password (HOTP) authentication
7. Examine Push notification authentication
8. (Optional) Implement Push notification authentication
9. Implement passwordless WebAuthn
10. (Optional) Implement passwordless WebAuthn
11. Examine HOTP authentication using email or SMS
12. (Optional) Implement HOTP authentication using email or SMS

Modifying a User’s Authentication Experience Based on Context

1. Introduce context-based risk analysis
2. Describe device profile nodes
3. Determine the risk based on the context
4. Implement a browser context change script
5. Lock and unlock accounts
6. Implement account lockout

Checking Risk Continuously

1. Introduce continuous contextual authorization
2. Describe step-up authentication
3. Implement step-up authentication flow
4. Describe transactional authorization
5. Implement transactional authorization
6. Prevent users from bypassing the default tree

Integrating Applications With OAuth2

1. Discuss OAuth2 concepts
2. Describe OAuth2 tokens and codes
3. Describe refresh tokens, macaroons, and token modification
4. Request OAuth2 access tokens with OAuth2 grant types
5. Explain OAuth2 scopes and consent
6. Configure OAuth2 in AM
7. Configure AM as an OAuth2 provider
8. Configure AM with an OAuth2 client
9. Test the OAuth2 Device Code grant type flow

Integrating Applications With OIDC

1. Introduce OIDC
2. Describe OIDC tokens
3. Explain OIDC scopes and claims
4. List OIDC grant types
5. Create and use an OIDC script
6. Create an OIDC claims script
7. Register an OIDC client and configure the OAuth2 Provider settings
8. Test the OIDC Authorization Code grant type flow

Authenticating OAuth2 Clients and using mTLS in OAuth2 for PoP

1. Examine OAuth2 client authentication
2. Examine OAuth2 client authentication using JSON Web Token (JWT) profiles
3. Examine OAuth2 client authentication using mTLS
4. Authenticate an OAuth2 client using mTLS
5. Examine certificate-bound proof-of-possession (PoP) when mTLS is configured
6. Obtain a certificate-bound access token

Transforming OAuth2 Tokens

1. Describe OAuth2 token exchange
2. Explain token exchange types and purpose for exchange
3. Describe token scopes and claims
4. Implement a token exchange impersonation pattern
5. Implement a token exchange delegation pattern
6. Configure token exchange in AM
7. Configure AM for token exchange
8. Test token exchange flows

Implementing Social Authentication

1. Delegate registration and authentication to social media providers
2. Implement social registration and authentication with Google

Implementing SSO Using SAML2

1. Discuss SAML2 entities and profiles
2. Explain the SAML2 flow from the identity provider (IdP) point of view
3. Examine SSO across service providers (SPs)
4. Configure AM as an IdP and integrate with third-party SPs
5. Examine SSO between SP and IdP and across SPs

Delegating Authentication Using SAML2

1. Explain the SSO flow from the SP point of view
2. Describe the metadata content and purpose
3. Configure AM as a SAML2 SP and integrate with a third-party IdP

Installing and Upgrading AM

1. Plan deployment configurations
2. Prepare before installing AM
3. Deploy AM
4. Outline tasks and methods to install AM
5. Install AM with the web wizard
6. Install AM and manage configuration with Amster
7. Describe the AM bootstrap process
8. Install an AM instance with the web wizard
9. Install Amster
10. Upgrade an AM instance
11. Upgrade AM with the web wizard
12. (Optional) Upgrade AM with the configuration tool

Hardening AM Security

1. Harden AM security
2. Adjust Default Settings
3. Harden AM security
4. Describe secrets, certificates, and keys
5. Describe keystores and secret stores
6. Manage the AM keystore
7. Configure and manage secret stores
8. Configure an HSM secret store to sign OIDC ID token
9. Audit logging
10. Debug and monitoring tools

Clustering AM

1. Explore high availability solutions
2. Scale AM deployments
3. Describe AM cluster concepts
4. Create an AM cluster
5. Identify tuning tips for AM clusters
6. Prepare the initial AM cluster
7. Install another AM server in the cluster
8. Test AM cluster failover scenarios
9. (Optional) Modify the cluster to use client-based sessions

Deploying the Identity Platform to the Cloud

1. Describe the Identity Platform
2. Prepare Your Deployment Environment
3. Deploy and access the Identity Platform
4. Access an authenticate your GCP account
5. Prepare to deploy the Identity Platform
6. Deploy the Identity Platform with the Cloud Development Kit (CDK)
7. Remove the Identity Platform deployment