Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Future is Now: What’s New in ForgeRock Directory Services

687 views

Published on

In this webinar, learn how ForgeRock Directory Services can manage millions of identities faster and more securely than ever, making it an ideal choice for high scale customer identity scenarios. In addition to helping address privacy regulations like GDPR with comprehensive encryption options, new out-of-the-box server hardening capabilities make it easy to ensure deployments are secure.

Published in: Technology
  • Be the first to comment

The Future is Now: What’s New in ForgeRock Directory Services

  1. 1. © 2017 ForgeRock. All rights reserved. Ludovic Poitou Director, Product Management The Future is Now: What’s New in ForgeRock Directory Services Michelle Fallon Senior Product Marketing Manager
  2. 2. © 2017 ForgeRock. All rights reserved. Disclaimer The presentation represents ForgeRock’s current view of its product development cycle and future directions. It is intended for information purposes only, and should not be interpreted as a commitment on the part of ForgeRock. ForgeRock makes no warranties, expressed or implied, on future functionality and timeline.
  3. 3. © 2017 ForgeRock. All rights reserved. 2010 Founded 10 Offices worldwide with headquarters in San Francisco 400+ Employees 600+ Enterprise Customers 50% Americas / 50% International commercial revenues 30+ Countries ForgeRock The leading, next-generation, identity security software platform, driving digital business.
  4. 4. © 2017 ForgeRock. All rights reserved. Digital Transformation
  5. 5. © 2017 ForgeRock. All rights reserved. Everyone And Every Thing Identity For Customer Identity Relationship Management
  6. 6. © 2017 ForgeRock. All rights reserved. ForgeRock Identity Platform UMA Provider Mobile App Synchronization Auditing LDAPv3 REST/JSON Replication Access Control Schema Management Caching Auditing Monitoring Groups Password Policy Active 
 Directory Pass-thru Reporting Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2 Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2 Adaptive Risk Stateless/Stateful Registration Aggregated User View Message Transformation API Security Scripting Built from Open Source Projects: UMA Resource Access Management Identity Management Identity Gateway Directory Services CommonRESTAPI CommonUserInterface CommonAudit/Logging CommonScripting
  7. 7. © 2017 ForgeRock. All rights reserved. Directory Services •  Specialized identity store •  Rapid deployment •  Global replication •  Massive scale/performance •  Extensive security •  Password management •  REST & LDAP APIs 1 self-contained app 5 min. download to install 1 module 1B+ entries
  8. 8. © 2017 ForgeRock. All rights reserved. Directory Services Scalability
  9. 9. © 2017 ForgeRock. All rights reserved. Directory Proxy Server Access Layer Directory Service Layer LDAP | REST dc=Tenant1,dc=com dc=Tenant2,dc=com
  10. 10. © 2017 ForgeRock. All rights reserved. ForgeRock Directory Service 5.0 •  Two Modules : Directory Server & Directory Proxy Server •  Single download •  Role selected at Installation •  setup  [directory-­‐server]  –port  1389  … •  setup  proxy-­‐server  –port  1389  … •  New Setup tool, no more GUI
  11. 11. © 2017 ForgeRock. All rights reserved. Directory Proxy Server •  Introduces a “Proxy Backend” •  Remote services can be discovered: •  List of DS •  List of Replication Servers •  Automatically handles replica DS •  Also retrieves replica group to prioritize local servers •  Load-balancing: Affinity, Least requests •  Failover with primary/secondary services •  Uses “Proxy AuthZ control” between Proxy and DS
  12. 12. © 2017 ForgeRock. All rights reserved. Supporting JSON •  Added support for JSON Syntax myA;r:  {  "_id":"bjensen",  "_rev":"123",  "name":  {  "first":  "Babs",  "surname":   "Jensen"  },  "age":  25,  "roles":  [  "sales",  "admin"  ]  } •  JSON Validation configurable •  Added JSON Matching Rules ldapsearch  …  "(myA;r=age  lt  30  and  name/first  sw  ’b')" •  Can be indexed •  Can be customized for finer indexing and matching
  13. 13. © 2017 ForgeRock. All rights reserved. Indexing JSON Attributes $  dsconfig  -­‐h  localhost  -­‐p  4444  -­‐D  "cn=Directory  Manager"  -­‐w  secret12  -­‐X  –n set-­‐backend-­‐index-­‐prop  -­‐-­‐backend-­‐name  userRoot -­‐-­‐index-­‐name  myA;r  -­‐-­‐set  index-­‐type:equality $  dsconfig  -­‐h  localhost  -­‐p  4444  -­‐D  "cn=Directory  Manager"  -­‐w  secret12  -­‐X  -­‐n   create-­‐schema-­‐provider  -­‐-­‐provider-­‐name  "Json  Schema"   -­‐-­‐type  json-­‐schema  -­‐-­‐set  enabled:true -­‐-­‐set  case-­‐sensi_ve-­‐strings:false  -­‐-­‐set  ignore-­‐white-­‐space:true -­‐-­‐set  matching-­‐rule-­‐name:caseIgnoreJsonQueryMatch -­‐-­‐set  matching-­‐rule-­‐oid:1.3.6.1.4.1.36733.2.1.4.1 -­‐-­‐set  indexed-­‐field:_id  -­‐-­‐set  "indexed-­‐field:name/**"  
  14. 14. © 2017 ForgeRock. All rights reserved. REST 2 LDAP •  Sub-Resources •  Sub-Types •  Versioning •  Multi-Tenant Support •  Integration of Attributes with JSON syntax •  OAuth2 protected •  Exposes API Descriptors (OpenAPI)
  15. 15. © 2017 ForgeRock. All rights reserved. DevOps •  Support and document use of HSM •  HSM support through the JVM and PKCS11 •  Now documented •  Easier automated deployments in the Cloud •  Simplification of KeyStore(s) and TrustStore(s) •  Possible to use expressions in config.ldif •  ds-­‐cfg-­‐listen-­‐port:  ${env['OPENDJ_PORT']} •  ds-­‐cfg-­‐listen-­‐port:  ${readProper_es(config.proper_es)['port']} •  But not through dsconfig •  Support running in Docker containers •  Template images in Beta
  16. 16. © 2017 ForgeRock. All rights reserved. More Security •  New Security Guide •  New option to install for production use •  More secure default settings •  Password Policy •  Cipher Suites
  17. 17. © 2017 ForgeRock. All rights reserved. LDAP Based KeyStore •  Extension to Keytool and OpenDJ directory schema •  Centralizes public key, private management •  Everything is encrypted •  And can be replicated for availability
  18. 18. © 2017 ForgeRock. All rights reserved. Directory Service 5.0 Summary •  One Download •  Two Modules: Directory Server & Directory Proxy Server •  First phase towards Elastic Horizontal Scalability, for the Cloud •  Consolidated Backend Story. JE is here to stay. •  JSON Support in the data •  Secure REST and LDAP access •  More security out of the box
  19. 19. © 2017 ForgeRock. All rights reserved. Thank You

×