Presented by Jamie Nelson, VP of Engineering, ForgeRock and Jonathan Scudder, OpenAM Architect and ForgeRock Co-Founder at ForgeRock Open Identity Summit, June 2013 Learn more about ForgeRock Access Management: https://www.forgerock.com/platform/access-management/ Learn more about ForgeRock Identity Management: https://www.forgerock.com/platform/identity-management/

1. Open Identity SummitOpen Identity Summit
The Young and the
RESTless
Jonathan Scudder
Jamie Nelson

2. Open Identity Summit
Stack Architecture
Resource Oriented
RESTful
API

3. Open Identity Summit
API: How we share data and
functionality with developers
and businesses
 APIs have been around ‘forever’
 Usage and significance has changed dramatically over recent years
 Shift towards external developers and users
 API vs SOA

4. Open Identity Summit
Killer Argument
 Why are we aligning our API’s?
 Is REST a good enough argument by itself?
 Don’t our current API’s do enough?

5. Open Identity Summit
#1 Real Stack

6. Open Identity Summit
#2 Boundary Blur
 ~ 70% of enterprises building private cloud
 ~ 40% of enterprises building public and hybrid cloud.
(Survey by IDC, September 2012)
Mobile Social Cloud Enterprise

7. Open Identity Summit
#3 Integration Power
Create
Read
Update
Delete
Patch
Action
Query
 Granular control, simple interface
 Standard set of operations
(CRUDPAQ), different inputs &
outputs
 Primarily JSON representation
 Attractive non-functional tools and
techniques with HTTP
ROA + REST + JSON

8. Open Identity Summit
CREST example
/json/subrealm/users/?_action=create
$ curl --request POST --header "iplanetDirectoryPro: AQIC5w..."
--header "Content-Type: application/json"
--data '{
"name": "bjensen",
"userpassword": "secret12",
"mail": "bjensen@example.com"
}'
https://openam.example.com:8443/openam/json/users/?_action=create

9. Open Identity Summit
CREST response
{
"name": "bjensen",
"realm": "/",
"uid": [
"bjensen"
],
"mail": [
"bjensen@example.com"
],
"userpassword": [
"{SSHA}0pXpKLPRKCGY7g3YqZygJmKMW6IC2BLJimmlwg=="
],
"dn": [
"uid=bjensen,ou=people,dc=openam,dc=forgerock,dc=org"
],
...

10. Open Identity Summit
API strategy - local

11. Open Identity Summit
API strategy - stack

12. Open Identity Summit
Problem
 To many different complicated UI Frameworks
 Roots from sun
 Big company UI strategy churn
 Developers learning new frameworks
 Customers are locked in
 Simple modifications overly complex
 Leads to heavyweight API just for the UI

13. Open Identity Summit
Complex Frameworks
 Years to learn
 Takes an expert to make changes
 No consistency between API, CLI, over the wire
 Complexity requires an abstraction layer
 Isolates the UI from Command Line and other APIs
 Scripting is impossible

14. Open Identity Summit
ForgeRock User Interfaces
 YUI/Click
 Jato
 JSF/Ice Faces
 JSP Admin
 Java Swing

15. Open Identity Summit
Open Identity Stack UI Model
 Single UI model for all products
 Built on ForgeRock REST (CREST)
 Common UIs for:
 User management
 Registration and Self Service
 Login and Password Reset
 Build on shared services for Authentication

16. Open Identity Summit
ForgeRock UI Model
 jQuery (Needs a little help)
 Backbone.js + Require.js (Modular)
 Handlebars.js (Templating)
 Underscore.js (Utility library)
 Less.js (CSS preprocessor)
 Built on ForgeRock REST and Common Services
 Caters to the web developers of today
 Two different models for ForgeRock UIs

17. Open Identity Summit
Admin and Configuration
 Used primarily by Administrators
 UI not typically customized
 Configuration for product services
 Dynamically rendered based on server JSON
schema
 REST APIs for custom applications
 Adding new services dynamically rendered
 Customers not expected to modify more than CSS

18. Open Identity Summit
End User
 Primarily seen by end users
 Simple HTML Templates
 Read in by Javascript and embedded in the UI
 Rendered with site wide styles/CSS
 Simple syntax for embedding dynamic values
 Separates bus logic from display
 Simple to modify without breaking the UI
 Easy to patch and upgrade

19. Open Identity Summit

20. Open Identity Summit
POST:
http://www.idp.com:8888/openam/json/auth/1/authenticate
QueryString Params:
username:tom
password:11111111
Response:
{
"tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcIr2TG …”
}
Authentication

21. Open Identity Summit

22. Open Identity Summit
POST:
http://www.idp.com:8888/openam/json/user/?_action=create
{
"userName":"tom”,
"email":"tom.petty@forgerock.com",
"givenName":"Tom",
"familyName":"Petty",
"securityQuestion":"1",
"securityAnswer":”damn the torpedoes”,
…
}
Response:
{
"dn":["uid=tom,ou=people,dc=openam,dc=forgerock,dc=org"]
…
}
Registration/Create

23. Open Identity Summit

24. Open Identity Summit
POST:
http://www.idp.com:8888/openam/json/users/?_action=idFromSession
Header: "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcI …”
Response:
{
"id":”tom",
"realm":"/",
"dn":"id=tom,ou=user,dc=openam,dc=forgerock,dc=org”
}
Get UserID from Session

25. Open Identity Summit
GET:
http://www.idp.com:8888/openam/json/users/tom
Header: "tokenId”:"AQIC5wM2LY4Sfcx8hWM5VlE62DUQxqCcI …”
Response:
{
"name":"tom",
"realm":"/",
"uid":["tom"],
"mail":["tom.petty@forgerock.com"],
"sn":["Petty"],
"givenname":["Tom"],
}

Get User Profile

26. Open Identity Summit
Extending End User Pages

27. Open Identity Summit
<div class="column1">
<div class="field">
<label class="light">{{t "common.user.postalCode"}}</label>
<input type="text" name=”city" />
<div class="validation-message"></div>
</div>
</div>
<div class="column2">
<div class="field">
<label class="light">{{t "common.user.city"}}</label>
<input type="text" name=”postalCode" />
<div class="validation-message"></div>
</div>
</div>
Extending End User Pages

28. Open Identity Summit

29. Open Identity Summit
Single Shared Model
ForgeRock Services
ForgeRock REST
ForgeRock UI
Application Scripting

30. Q & AQ & A
Logo of Presenter
Company HERE