IG session queries

siddharth.thole · April 23, 2024, 9:38am

Does ig forms its own session ?. As per the document mention here Sessions :: ForgeRock Identity Gateway. It says that IG can form stateless and stateful session. I have tried using SingleSignOnFilter as per example mention here Authentication :: ForgeRock Identity Gateway. After SSO i only see iplanet cookie in browser, there is no separate ig cookie formed

Appreciate your response

guy.pensa · April 23, 2024, 11:41am

Good morning Siddharth,

Yes, the client may have a unique session with IG.
2.Yes, the SSO filter in its common, though not hardened configuration, will redirect the client to your AM deployment.
A preferred means of using the filter is to redirect, via a route using the reverseproxy handler to AM.

This approach is also covered in the IG training.
Cheers!

siddharth.thole · April 24, 2024, 6:16am

Hi Guy.Pensa

Thanks for the reply.

Can you please elaborate more, i am more concern about the session formed by IG like for example in doc they say IG form the cookie with name IG_SESSIONID. But while using singlesignon filter i dont see this being set on browser. I can see only AM iplanet cookie.

Regards
Siddharth

guy.pensa · April 24, 2024, 5:21pm

Yes, if the remote connection is not brokered by IG, there will be no IG session requirement.
If you set up your SSOFilter using a URL of IG (and a route dedicated to the effort), as the RP in front of AM, you will see the IG session object.

For guidance please see this: Knowledge - ForgeRock BackStage

Cheers!

siddharth.thole · April 25, 2024, 8:52am

Hi Guy.Pensa

Thanks for reply, i am still not clear

I have done setup same as mentioned here (Authentication :: ForgeRock Identity Gateway). So i am accessing the sample app via IG. So i guess IG is acting broker in between, so whether ig cookie will be formed or not ?. For me it is not forming the cookie and if it is expected behavior could you please explain why ?. And when IG would form cookie and set in browser then ?

Regards
Siddharth

guy.pensa · April 25, 2024, 11:36am

Good morning.

Have you looked at the product overview training? It lays out the operations of IG very well.
Additionally, have you seen this: Sessions :: ForgeRock Identity Gateway
Please provide examples of your route configuration files. Also include your admin.json and config.json file.
You may send these to me at guy.pensa@forgerock.com. And I’ll have a quick review when I can.

Cheers.

siddharth.thole · April 26, 2024, 5:46am

Hi Guy.Pensa

I have gone through training however i didnt found much about session. I have gone through that link it gives nice explanation about the session but my concern is something else. I have sent you the required files, please go through it and let me know

Thank you

Regards
Siddharth

guy.pensa · April 26, 2024, 6:02pm

Greetings Siddharth,
Thanks for the email. I will post some guidelines for you here (without exposing any security concerns!)

Have a great weekend!