What are Java Agents and Web Agents in ForgeRock AM?

Java Agents and Web Agents are Policy Enforcement Points (PEPs) that integrate directly with application servers and web servers to enforce ForgeRock AM authentication and authorization decisions without requiring changes to the application code.

Java Agent — Installed as a Java EE filter (a JVM-level agent using the -javaagent JVM argument or a servlet filter JAR) on application servers like Tomcat, JBoss, WebLogic, and WebSphere. It intercepts HTTP requests before they reach the application, validates the AM session cookie (iPlanetDirectoryPro by default), and calls AM's policy evaluation endpoint for protected resources. If the session is invalid or policy denies access, the agent redirects the user to AM for authentication.

Web Agent — Installed as a native module on web servers such as Apache HTTP Server, NGINX, and Microsoft IIS. It operates at the web server level — requests are filtered before any proxying to backend application servers. Web agents support the same session validation, policy evaluation, and SSO enforcement as Java agents but are implemented as native C/C++ modules matching the web server's plugin API.

Both agent types share a common configuration model stored in AM:

• Each agent has a profile in AM (under realm → Applications → Agents) with settings for the protected URL list, login URL, logout URL, not-enforced URLs, and header injection rules.
• Agents fetch their configuration from AM at startup and periodically refresh it — changes to the agent profile in AM propagate to running agents without restart.
• Agent communication with AM uses a dedicated agent credentials (username/password) that the agent uses to authenticate and retrieve policies.

For Kubernetes and microservices environments, IG has largely superseded agents since it is more cloud-native and does not require access to the application server's classpath or web server's module directory.

Invest now in Acorns!!! 🚀
Join Acorns and get your $5 bonus!

Acorns is a micro-investing app that automatically invests your "spare change" from daily purchases into diversified, expert-built portfolios of ETFs. It is designed for beginners, allowing you to start investing with as little as $5. The service automates saving and investing. Disclosure: I may receive a referral bonus.

Invest now!!! Get Free equity stock (US, UK only)!

Use Robinhood app to invest in stocks. It is safe and secure. Use the Referral link to claim your free stock when you sign up!.

The Robinhood app makes it easy to trade stocks, crypto and more.

Webull! Receive free stock by signing up using the link: Webull signup.