Let’s be frank. Your identity platform is only as good as its foundation. “Identity done right” gets done wrong without a rock-solid directory to store and access all that identity data. While certainly not a sexy topic… directory is your plumbing making it a critical aspect regardless of its appeal. Good news for you however, either way you look at it our Directory Services, built from the OpenDJ project, is the gold standard: decades of telco experience led us to develop a high-performance, web-scale directory, delivering throughput in the tens-of-thousands of logins per second. We’re not s*itting you when we say we’ve got a lot of experience where the Sun don’t shine!
Webinar Highlights:
- Intro to the ForgeRock Identity Platform
- New features available in the release
- What does performance, scalability, and high availability to manage data for hundreds of millions of users, devices, and things look like?
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
Finally, OpenDJ 3 includes a large number of new features and improvements.
The most significant ones are outline here, but for the complete details, you will need to check the release notes.
Certificate Matching Rules… Certificates are based from X.500 standards, the historical parent of LDAP. Both standards use ASN.1 notation and BER encoding, but in different ways. In LDAPv3, the certificates are treated as Opaque Byte Strings. The only thing possible is adding, reading, and comparing certificates as whole. The Certificate Matching Rules define a way to express filters and queries on specific fields within certificates. For example, finding the users who have a certificate with a specific alias, those whose certificates are expiring soon or have expired...
PKCS5S2 is secure password storage scheme similar to the PBKDF2 scheme introduced in OpenDJ 2.6. It is compatible with the algorithm used by Atlassian Crowd and allow migration of passwords stored and used in that product.
The ”cn=Changelog” suffix is governed by the same global ACIs as all other public name spaces. However, the suffix can contain very sensitive data, including password changes. We’ve addde a privilege to restrict the access to it, in a similar way that there is a ”config read” privilege.
REST to LDAP has been enhanced. Most important change is the ability to change passwords now.
Finally, across all our products, we’ve added a common auditing capability, with common features and a common output format. This allows to track operations and transactions across the entire ForgeRock Identity Platform, to simplify management and log processing for all products.