ForgeRock Authentication Node
This guide details the steps required to configure Keyless as a passwordless authentication solution for your ForgeRock instance.
Keyless Authentication Node
This integration relies on the ForgeRock OIDC Node which is available in AM6.0 or greater.
Prerequisites
Make sure you have the following information, provided to you during your onboarding with Keyless.
OpenID Connect Client ID
OpenID Connect Secret
OpenID Discovery URL
Configuration
Create or modify a tree to use the OpenID Connect Node
Enter the following values for each configuration option in the OpenID Connect Node
| Field Name | Value |
|---|---|
Authentication Endpoint URL | To be found in the provided Discovery URL |
Access Token Endpoint URL | To be found in the provided Discovery URL |
User Profile Service URL | To be found in the provided Discovery URL |
OAuth Scope |
|
Redirect URL | Depends on your deployment configuration, typically: |
Social Provider |
|
Auth ID Key |
|
Use Basic Auth |
|
Account Provider |
|
Account Mapper |
|
Account Mapper Configuration |
|
Save Attributes in the Session |
|
Token Issuer | To be found in the provided Discovery URL |
OpenID Connect Validation Type |
|
OpenID Connect Validation Value | To be found in the provided Discovery URL |
Testing
Open a private window in your browser.
Navigate to the login page of the realm that Keyless is configured for.
Enter your username and authenticate with Keyless on your mobile device (make sure to use a user that is enrolled to Keyless)
You should now be logged into the ForgeRock portal.
Last updated