ForgeRock Authentication Node
This guide details the steps required to configure Keyless as a passwordless authentication solution for your ForgeRock instance.
Keyless Authentication Node
This integration relies on the ForgeRock OIDC Node which is available in AM6.0 or greater.
Prerequisites
Make sure you have the following information, provided to you during your onboarding with Keyless.
OpenID Connect Client ID
OpenID Connect Secret
OpenID Discovery URL
Configuration
Create or modify a tree to use the OpenID Connect Node
Enter the following values for each configuration option in the OpenID Connect Node
Authentication Endpoint URL
To be found in the provided Discovery URL
Access Token Endpoint URL
To be found in the provided Discovery URL
User Profile Service URL
To be found in the provided Discovery URL
OAuth Scope
openid email profile
Redirect URL
Depends on your deployment configuration, typically: https://your-fr-host-domain/openam/?realm=THE_REALM&service=THE_TREE
Social Provider
Keyless
Auth ID Key
sub
Use Basic Auth
enabled
Account Provider
org.forgerock.openam.authentication.modules.common.mapping.DefaultAccountProvider
Account Mapper
org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper
Account Mapper Configuration
email to uid
Save Attributes in the Session
enabled
Token Issuer
To be found in the provided Discovery URL
OpenID Connect Validation Type
JWK URL
OpenID Connect Validation Value
To be found in the provided Discovery URL
Testing
Open a private window in your browser.
Navigate to the login page of the realm that Keyless is configured for.
Enter your username and authenticate with Keyless on your mobile device (make sure to use a user that is enrolled to Keyless)
You should now be logged into the ForgeRock portal.
Last updated