Protect session management api of forgerock openAM

Hi experts,
How to secure the exposed APIs of openAM , specifically I want to secure unauthorized requests on session management-related APIs that are accessed from ForgeRock default openAM API Explorer one. Pls advice.

Thanks

Hi Shaye,
The security guide recommends to limit exposure on the Internet to necessary endpoints only. In particular service endpoints should be only accessible from an internal network.
Therefore the recommendation is to white list endpoints that you want to expose on the Internet.
https://backstage.forgerock.com/docs/am/7.2/security-guide/preface.html
Also, you should disable the API Explorer:
https://backstage.forgerock.com/docs/am/7.2/security-guide/single-page.html#securing-admin-console

1 Like

Also a helpful resource: https://backstage.forgerock.com/knowledge/kb/article/a15432242 in addition to the link Gery provided

2 Likes