Source: medium.com
How to lockout a user and delete all their active tokens in ForgeRock AMCategory: Business, github
Customers often ask “We have a business security requirement where we want to not only lock a given user out of the system but also find and delete all SSO tokens they have created using the AM API. How do we do that?” In order to achieve this we’ll be making using of the following AM endpoints: This endpoint is used to generate an SSO token following successful traversal of an AM Tree (or Chain). This endpoint can take a number of parameters like realm, service (Tree or Chain name), authentication level, etc to tailor the login experience as required.
In the script the authNTarget and authNAdmin functions are used to generate test user sessions and generate an admin session respectively.
This function looks like this: This endpoint can be used to list all active sessions for a given user using a HTTP GET with a queryFilter parameter and also revoke sessions using the logoutByHandle action.
In the script the authNTarget and authNAdmin functions are used to generate test user sessions and generate an admin session respectively.
This function looks like this: This endpoint can be used to list all active sessions for a given user using a HTTP GET with a queryFilter parameter and also revoke sessions using the logoutByHandle action.
Related Articles
Community Partners
DevOps Careers