Downloaded 1,377 times
Uploaded byForgeRock
OpenAM - An Introduction
The document outlines the agenda for the OpenAM for Beginners EMEA Summit 2013, covering topics such as the Forgerock stack, authentication, authorization, and federation. It highlights OpenAM's key functionalities, including single sign-on, centralized policy-based authentication, and support for various federation standards. The content is structured around classic user scenarios and the evolution of OpenAM versions over the years.
In this document
Powered by AI
Presentation introduces OpenAM at EMEA Summit 2013 and outlines the agenda including ForgeRock stack overview, OpenAM overview, and topics like authentication, authorization, and federation.
Overview of the ForgeRock Stack and its foundational pillars related to Identity and Access Management (IAM).
Five classic user scenarios demonstrating OpenAM usage, including application access without ForgeRock, authentication centralization, central authorization, federation, and identity management.
Overview of OpenAM features, vision, scope, and its historical developments from 2008 to 2013 including transition from OpenSSO to OpenAM as an AAA+Federation solution.
Key functionalities of OpenAM such as single sign-on, centralized policy-based authentication and authorization, policy enforcement, and user event tracking.
Detailed discussion on authentication processes including user identity verification, available authentication methods, credential types, and common use cases.
Explanation of authorization principles and processes, emphasizing the need for policies defining effective access rights.
In-depth look at federation processes, goals, standard protocols, terminology, and how OpenAM facilitates federation via multi-protocol support.
Introduction to Forgerock University, possibly indicating training or educational resources related to the ForgeRock suite.
More Related Content
Similar to OpenAM - An Introduction
![[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...](https://cdn.slidesharecdn.com/ss_thumbnails/ai-buildingaisystemsthatusersandcompanieslove-251124030845-038f7732-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...](https://cdn.slidesharecdn.com/ss_thumbnails/fs-themodernstackbuildingwebaiapplicationswithserverless-251124030844-388cf04f-thumbnail.jpg?width=640&height=640&fit=bounds)
![Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]](https://cdn.slidesharecdn.com/ss_thumbnails/agenticcommunityseries-day3-cfd-251120170304-ddef8112-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...](https://cdn.slidesharecdn.com/ss_thumbnails/fs-phpinaiagethelaravelway-251125012602-ef9d330e-thumbnail.jpg?width=640&height=640&fit=bounds)
![[DevFest Strasbourg 2025] - NodeJs Can do that !!](https://cdn.slidesharecdn.com/ss_thumbnails/devfeststrasbourg2025-nodejscandothat-251127142731-da65b6fd-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...](https://cdn.slidesharecdn.com/ss_thumbnails/fs-digitalaccessibilitywhydevelopersneedtoknowandcarein2025-251127011019-0674441d-thumbnail.jpg?width=640&height=640&fit=bounds)
![[BDD 2025 - Artificial Intelligence] AI for the Underdogs: Innovation for Sma...](https://cdn.slidesharecdn.com/ss_thumbnails/ai-aifortheunderdogsinnovationforsmallbusinesses-251124030839-72a599a4-thumbnail.jpg?width=640&height=640&fit=bounds)
OpenAM - An Introduction
- 1. OpenAM for Beginners EMEASummit 2013
- 2. Agenda ■ ForgeRock Stack overview ■ OpenAMOverview ■ Authentication ■ Authorization ■ Federation 2
- 3.
- 4.
- 5. Classic scenario I Userwants to use an application... which does not require any of ForgeRock's products, but ... Application User 5
- 6. Classic scenario II Centralizationof Authentication … and ... Application OpenDJ User 6
- 7. Classic scenario III CentralAuthorization OpenAM OpenDJ Application User 7
- 8.
- 9. Classic scenario V IdentityManagement OpenAM Application HR DB OpenIDM OpenDJ User 9
- 10.
- 11. OpenAM Vision andScope External Parties PaaS Governments SaaS Authenti cate Perform ance JAAS SOAP & REST WSTrust High Availabi lity SSO Partners Outsourcing OpenAM OpenAM SAML External Parties XACML Entitle ments Suppliers OAuth In-house developed applications Federat e Cloud Commercial applications Authentication methods PKI RADIUS Directory Services 3rd party Data Bases Active Directory SecurID 11
- 12. OpenAM Evolution 2008 2009 2010 2011 OpenAM 9.0 2012 OpenAM 9.5 2013 OpenAM 10.0 OpenAM 10.1 OpenAM 11.0 One singleproduct for AAA+Federation OpenSSO Build 7 OpenSSO Build 8 OpenSSO Build 6 OpenSSO Ent 8.0 Some Patch development but no new functionalities Open Source Closed Source 12
- 13. OpenAM Key Functionality Provides single sign-on to web resources and create a sign on once, access everywhere environment Centralized policy based authentication and authorization Enables policy enforcement Tracks all user authentication related events Extends access beyond organizational boundaries Authentication Authorization Single Sign-On Federation Entitlements Web Services Security Auditing/Logging Adaptive AuthN
- 14. Key: Single SignOn 14
- 15.
- 16. Key: Partner Interactionand Integration 16
- 17.
- 18.
- 19. Authentication: Who areyou? 19
- 20.
- 21. Authentication: Where does therequest come from? ■ Common use case: User requests access to a web page ■ Other Use Cases: Applications can request authentication programatically through REST or SOAP web services and OpenAM SDK 21
- 22. Authentication: Which Credentials? ■ OpenAMworks with most authentication methods without customization ■ 21 out of the box Authentication modules ■ Custom modules can be created easily 22
- 23.
- 24.
- 25. Authorization ■ Authentication is notenough ■ Authorization determines: – WHO can do – what ACTIONS – with what RESOURCES – under which CONDITIONS? ■ Uses Policies to define those rights 25
- 26.
- 27.
- 28. Federation ■ Federation is theprocess of linking identities across heterogeneous Access Management products ■ It is a trust relationship whereby a Service Provider (SP) trusts that an Identity Provider (IDP) has successfully authenticated a user ■ It is Standard Based 28
- 29. The Goals ofFederation ■ Federation enables Single Sign On and Single Logout between partners ■ Federation allows rapid integration – during company acquisitions – between heterogeneous systems ■ Federation allows basic Identity Data Sharing ■ Helps to keep multiple internet accounts under control 29
- 30. Federation Standard Protocols OpenID Connect OAUTH1.0 REST/JSON OAUTH 2.0 Liberty IDFF 1.1/1.2 Shibboleth 1.0/1.1 SAML 1.0 SAML 1.x Shibboleth 2 (SAML2) SAML 2.0 OpenAM ADFS2 WSFederation 1.0 SOAP 2002 WSFederation 1.1 ADFS Today 30
- 31.
- 32. OpenAM Federation ■ OpenAM providesfirst class federation support ■ Federation Protocol support – SAML2, WS-Federation, ID-FF, OAuth2 ■ Federated Web Services ■ Multi-Protocol Hub – Allows OpenAM to act as a broker between different federation protocols ■ Plug-in points allow for easy customization ■ Fedlet for applications that do not support standard protocols 32
- 33.
Editor's Notes
- #32 IN this slide the notes – and the instructor – will insist on some basic and unified concept, where one chosen server is used to keep the federated information and issue tokens following user authentication. Relying parties (service provider/resource servers) can consume those tokens to give access to some resources. Trust relationship must exist between the “Assertion provider” and the relying parties; relying parties are ot directly linked/trusting each other; we usually speak of assertion for saml2 (for WS-federation, the assertion is wrapped in what then becomes a token) and token for oauth2;