This structured course comprises a mix of instructor-led lessons and demonstrations with plenty of lab exercises to ensure an opportunity to fully understand each of the topics covered. It provides students with the necessary skills to plan, install, configure and administer a ForgeRock OpenAM deployment. The main goal of the course is to provide a thorough understanding and hands-on experience with ForgeRock’s OpenAM, so students can control the most important functions of and manage a successful production deployment.
Prerequisites
To ensure that every student can maximize the learning provided from this course it is essential that you have the skills as listed to the standards below, these skills are also required to complete a successful deployment:
- A basic knowledge of Unix commands
- A basic understanding of how LDAP works
- An appreciation of HTTP and web applications
- A basic knowledge of Java would be beneficial, although programming experience is not required
COURSE CONTENT
Introduction
- Understand modern Identity challenges
- Herald the A in IAM
- Describe the terminology of Identity
OpenAM story
- Describe how OpenAM secures assets
- Define key OpenAM deployment terminology
- Start and stop OpenAM
- Navigate the administrator interface
Lab
- Start and Stop OpenAM Server
- Examine the Admin Interface
Web Application Integration
- Understand the different application integration paths for OpenAM
- Describe the different programmatic integration paths
Lab
- Test the installed web server.
- Configure Agent Profile in OpenAM.
- Install the web agent files.
OpenAM Configuration
- Visualize the structure and definition of OpenAM configuration
- Manipulate the service definition and configuration
- Examine realm configuration
Lab
- Explore the OpenAM Command Line Tools
- Export the OpenAM service configuration
- Create a realm in OpenAM
- Create a realm using OpenAM REST API’s
- Configure DNS Alias for a realm
Monitoring and Troubleshooting OpenAM
- Interpret OpenAM operational and debugging data
- Use OpenAM monitoring effectively
- React to different OpenAM issues and failures
Lab
- Configure audit logging and review log files
- Configure debug logging and review debug files
- Monitoring OpenAM
Integrate an External Identity Repository
- Configure the different identity repositories in OpenAM
- Map an OpenAM realm to an identity repository
Lab
- Install OpenDJ Directory Server
- Configure OpenDJ identity repository
- Configure a Web Agent to use a realm
- Retrieve user profile information using REST API
Configure User Self-Service
- Configure user self-service using the XUI
- Configure user self-service using the classic UI
Lab
- Configure user self-service using the XUI
- Configure user self-service using the classic UI
Customize the OpenAM End User Pages
- Theme the XUI end user interface for a realm
- Customize the XUI layout
- Localize the XUI
- Customize the classic UI end user pages
Lab
- Customize the XUI end user interface for a realm
- Customize the XUI layout
- Customize the classic UI end user pages
Authentication Lifecycle
- Describe the authentication architecture of OpenAM
- Unravel the authentication process
Lab
- Observe the Authentication flow through HTTP headers
- Authenticate using Gmail account
Authentication Administration
- Configure and test the relationship between an authentication module and chain
- Configure account lockout
- Configure an authentication chain with the adaptive risk module
- Use the Scripted authentication module to extend authentication
- Configure a two-step verification authentication service
Lab
- Configure and test the relationship between an authentication module and chain
- Configure account lockout
- Configure an authentication chain with the adaptive risk module
- Use Scripted Authentication Module to extend authentication
- Configure a two-step verification authentication service
Sessions
- Appreciate the configuration options of Stateful and Stateless sessions
- Comprehend the distributed session architecture
- Examine your internal session
Lab
- Obtain cookie information using REST API’s
- Retrieve Session information using REST API
CDSSO and Restricted Tokens
- Explain the SSO obstacles of multiple domains
- Investigate the security vulnerability of domain cookies
Lab
- Set Up Cross Domain SSO
- Set Up Restricted Tokens
Configure Basic Authorization
- Illustrate key features of the policy framework
- Enumerate and define the policy components
Lab
- Configure an authorization policy
- Configure not enforced URLs
- Configure policies that allow parameters
- Configure Authentication to a Realm Condition
- Examine other conditions
Authorization Policy Evaluation
- Chart the flow of policy evaluation
- Examine alternative policy evaluation
- Design Effective Policies
Lab
- Protect access to resources based on groups
- Use the default policy condition script to test an environmental condition
Authorization Configuration
- Configuring the Policy Configuration Service
- Create policies
- Defining authorization policies
- Protecting REST endpoints
- Delegating Administration
- Using the ssoadm command to configure policies
- Verifying Authorization using the REST interface
Lab
- Configure a policy using ssoadm
- Configure a custom policy service
- Evaluate access through REST
Federation Architecture
- Contrast and compare different federation technologies
- Understand how federation enables ubiquitous cloud identity
- Describe the federation use cases
Configure SAML2 Federation
- Describe the basic principles of the Security Assertion Markup Language (SAML) v2.0
- Configure SAML v2.0 SSO federation using integrated mode within OpenAM
- Create a Fedlet that integrates with a Service Provider applications for lightweight deployment
- Configure SAML v2.0 Single Sign-On (SSO) federation using standalone mode within OpenAM
Lab
- Examine a SAML v2.0 request, response and assertion
- Configure SAML v2.0 SSO federation using integrated mode
- Create a Fedlet that integrates with a Service Provider application
- Configure SAML v2.0 SSO federation using standalone mode
OAuth2 and OpenID Connect
- Describe how to establish OAuth 2.0 federation
- Describe how to leverage the OAuth 2.0 handshake to ensure authentication through OpenID Connect
- Configure OpenAM as an OAuth 2.0 and OpenID Connect 1.0 provider
Lab
- Configure social authentication using Google
- Configure OpenAM as an OAuth2 authorization server and client
- Observe the flow of OpenID Connect and the Contents of an OpenID Connect Token
- Run the Relying Party Examples to test OpenID Connect
- Implement OAuth 2.0 Device Flow in OpenAM
Prepare a Development and Test Environment
- Plan, perform and perceive the installation
Lab
- Prepare your target server for OpenAM deployment
- Deploy and configure OpenAM on Tomcat
Production Deployment
- Describe the challenges of a production deployment
- Review common deployment scenarios for OpenAM
Lab
- Setup high availability and session failover
- Install OpenIG
- Install the J2EE agent
- Introduce SSL to the OpenAM container using self-signed certificates