Downloaded 252 times
Uploaded byForgeRock
THE FORGEROCK PLATFORM BIG PICTURE
The document discusses the Forgerock Identity Stack showcased at the IRM Summit 2014, emphasizing its components for contextual-based access management, identity federation, and integration with cloud and enterprise applications. It outlines key features such as a unified IAM solution, user management services, RESTful APIs, and a modular architecture designed for scalability and ease of use. Additionally, it highlights the importance of community participation and flexible data management across various user and application environments.
More Related Content
![[오픈소스컨설팅] 서비스 메쉬(Service mesh)](https://cdn.slidesharecdn.com/ss_thumbnails/opensourceconsultingservicemesh-210531074807-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to THE FORGEROCK PLATFORM BIG PICTURE
THE FORGEROCK PLATFORM BIG PICTURE
- 1. Open Identity Stack IRM Summit 2014
- 2. Relationships IRM Summit2014 2 Evolution To IRM Employees Consumers Employees & Partners Things Perimeter Perimeter Federation Perimeter-less Federation Cloud / SaaS Perimeter-less Federation Cloud SaaS Mobility Attributes Context Stateless
- 3. ForgeRock Products Unified,Scalable, Open Source IAM Solutions FORGEROCK.COM | CONFIDENTIAL IRM Summit 2014 3 Contextual-Based Access Management Hybrid Cloud and Enterprise Identity Management Internet Scale Directory Services Identity-Aware Application Gateway
- 4. IRM Summit 20144 ForgeRock Stack Portals, applications, web services, API’s • Registration & Self-Service • Auditing & Compliance • Workflow & Reporting • Native connectors • REST API • Authentication & session • Authorization & policy • Entitlements • Federation • REST API • Identity Store • Directory Proxy • REST API Partners • Reverse Proxy • App / Mobile Gateway Legacy Apps ICF • Identity Connector Framework Administration Identity Identity Data Management Access • Provisioning • SSO Cloud Apps Consumers & Customers Enterprise Apps Devices & Things • Federation Data Centers • HA • Replication CloudConnect OpenIG
- 5. Leading Stack Vendors Acquisition Architecture – Employee Scale – Massive TCO Access Manager IRM Summit 2014 5 Identity Federation Identity Manager Mobile Security Suite Directory Server Entitlements Server Enterprise SSO Identity Governance Adaptive Access Web Services Security Mobile Apps Enterprise Apps Things
- 6. IRM Summit 20146 ForgeRock Vision Simple Scalable Modular Embeddable Common REST framework Common UI model Community participation
- 7. Integrated Stack Components ■ ForgeRock REST (CREST) ■ ForgeRock HTTP Framework ■ AuthN and AuthZ Filters ■ ForgeRock UI ■ OpenID Connect, OAuth, SAML2 ■ API Descriptors ■ Scripting IRM Summit 2014 7
- 8. User Universal Gateway SScrcirpiptintingg User XXAACCMMLL FFeeddeeraratiotionn Service Management Management Secure Token Secure Token Service OpenID Connect CCoonnfigfiguuraratiotionn User Mgmt Plugins Token Service Plugins IRM Summit 2014 8 OpenAM PProrotetecctetedd R Reessoouurcrceess Web Services Agents FFoorgrgeeRRoockc kR REESSTT ( C(Coommmmoonns sR REESSTT) ) Web Agents Web Agents JavaEE Agents JavaEE Agents Web Services Agents UUsseer rI nInteterfrafaccee EEnndd U Useser r FFoorgrgeeRRoockck U UI IF Frarammeewwoorkrk CCoorere S Seervrviciceess OpenID CCoorere T Tookekenn S Seervrivciece Connect OOAAutuhth AAutuhtehnetnictiactaiotino n EEnntittlietlemmeenntsts SSeesssisoionn AAuudditit S SPPIsIs Authentication Authentication Plugins Plugins Policy Plugins Policy Plugins User Mgmt Plugins Token Service Plugins Federation Plugins Federation Plugins Persistence (OpenDJ) Universal Gateway MMaannaaggeemmeennt t
- 9. System (Connectors) Managed Users SSynync/cR/Reecoconn System AAuuddit/itL/Looggss Scanner IRM Summit 2014 9 OpenIDM O OSSGGII FFoorgrgeeRRoockc kU UI IF Frarammeewwoorkrk Persistence (OrientDB) JeJetttyt yW Weebb S Seervrever r AAuuththeenntictiacatiotionn F Filtielter r( J(AJASSPPI)I) FFoorgrgeeRRoocckk R REESSTT R Roouuteterr BBuusisnineesss sL Looggici c( J(aJavavascsrcirpipt,t ,G Grorooovyv)y) Managed CCoonnfigfiguuraratiotionn Users (Connectors) Task SSchcheedduuleler r Task Scanner PPoolicliycy AAuudditit
- 10. Schema Password PolicyGGrorouuppss Schema WWeebb A Apppplilcicaatitoionn FFoorgrgeeRRoockc kR REESSTT RREESSTT2L2DLDAAPP JaJavava S SDDKK/ /L LDDAAPPv3v3 Access Control RREESSTT2L2DLDAAPP Management Access Management IRM Summit 2014 10 OpenDJ UUsseer rI nInteterfrafaccee MMaannaaggeemmeennt t EEnndd U Useser r FFoorgrgeeRRoockc kU UI IF Frarammeewwoorkrk FFoorgrgeeRRoockc kR REESSTT CCoorere S Seervrveer r Password Policy Control CCaachchiningg LLDDAAPPVV33 RRepelpicliactaiotino n MMoonnitoitorirningg AAuudditiintingg BBaacckkeenndd S Seervrviciceess CChahnagneg eL oLgog PPeresrissitsetnecnece CCoonnnneectcotorsrs LLDDIFIF MMeemmooryry
- 11. AAuudditit Search ExtractCCryrpyptoto IRM Summit 2014 11 OpenIG HHTTTTPP F Frarammeewwoorkrk CCoorere P Prorocceessssiningg FFiltieltersrs HHaannddlelersrs HHeaedaedresrs CCooookikeiess Search Extract OpenID HHtttptp F Frarammeewwoorkrk RRoouutetess OpenID Connect OOAAutuht2h2 Connect SSAAMMLL22 SScrcirpiptintingg
- 12. OpenIDM Architecture OOSSGGII PPoolicliycy AAuudditit System (Connectors) Managed Users SSynync/cR/Reecoconn System IRM Summit 2014 12 FFoorgrgeeRRoockc kU UI IF Frarammeewwoorkrk Persistence (OrientDB) JeJetttyt yW Weebb S Seervrever r AAuuththeenntictiacatiotionn F Filtielter r( J(AJASSPPI)I) FFoorgrgeeRRoocckk R REESSTT R Roouuteterr BBuusisnineesss sL Looggici c( J(aJavavascsrcirpipt,t ,G Grorooovyv,y ,J aJavava) ) Managed CCoonnfigfiguuraratiotionn Users (Connectors) AAuuddit/itL/Looggss SSchcheedduuleler r WWoorkrfklofloww
- 13. OpenIDM Architecture …architecting a next generation stack
- 14. RESTful API forInternet Scale Create, Read, Update, Delete ... FFoorgrgeeRRoocckk R REESSTT R Roouuteterr Addressable (URI/URL) system/ldap/account Resource Route to resources
- 15. Consistent Internal &External Access UI, console, cli, .. JeJetttyt yW Weebb S Seervrever r FFoorgrgeeRRoocckk R REESSTT R Roouuteterr Automatic HTTP Mapping BBuusisnineesss sL Looggici c( J(aJavavascsrcirpipt,t ,G Grorooovyv,y ,J aJavava) ) GET → read PUT → update, ... Java or scripting calls openidm.read() openidm.update(), ...
- 16. Modular, Pluggable OSG F Fo or gr ge eR R o oc kc kU UI IF Fr ar am m e ew wo or kr k OSGII JeJetttyt yW Weebb S Seervrever r AAuuththeenntictiacatiotionn F Filtielter r( J(AJASSPPI)I) FFoorgrgeeRRoocckk R REESSTT R Roouuteterr BBuusisnineesss sL Looggici c( J(aJavavascsrcirpipt,t ,G Grorooovyv,y ,J aJavava) ) System (Connectors) CCoonnfigfiguuraratiotionn System (Connectors) Modules Service registration config/schedule/x system/google/account
- 17. Common Enforcement Point OSG F Fo or g rge eR R o oc kc kU UI IF Fr ar am m e ew wo or kr k OSGII JeJetttyt yW Weebb S Seervrever r AAuuththeenntictiacatiotionn F Filtielter r( J(AJASSPPI)I) FFoorgrgeeRRoocckk R REESSTT R Roouuteterr PPoolicliycy AAuudditit BBuusisnineesss sL Looggici c( J(aJavavascsrcirpipt,t ,G Grorooovyv,y ,J aJavava) ) Common authentication framework Cross cutting filters, authorization, enforcement, ...
- 18. Core Modules OSG OSGII FFoorgrgeeRRoockc kU UI IF Frarammeewwoorkrk PPoolicliycy AAuudditit System (Connectors) Managed Users, Roles... SSynync/cR/Reecoconn System Persistence (OrientDB) JeJetttyt yW Weebb S Seervrever r AAuuththeenntictiacatiotionn F Filtielter r( J(AJASSPPI)I) FFoorgrgeeRRoocckk R REESSTT R Roouuteterr BBuusisnineesss sL Looggici c( J(aJavavascsrcirpipt,t ,G Grorooovyv,y ,J aJavava) ) Managed CCoonnfigfiguuraratiotionn Users, Roles... (Connectors) AAuuddit/itL/Looggss SSchcheedduuleler r WWoorkrfklofloww
- 19. Flexible Data Model OSG OSGII FFoorgrgeeRRoockc kU UI IF Frarammeewwoorkrk Managed Users, Roles... Persistence (OrientDB) JeJetttyt yW Weebb S Seervrever r AAuuththeenntictiacatiotionn F Filtielter r( J(AJASSPPI)I) FFoorgrgeeRRoocckk R REESSTT R Roouuteterr PPoolicliycy AAuudditit BBuusisnineesss sL Looggici c( J(aJavavascsrcirpipt,t ,G Grorooovyv,y ,J aJavava) ) Managed Users, Roles... Really, Managed OObbjjeecctt PUT managed/phone/x { “sim” : “...”, “IMEI” : “...”, … } Facilities work on different types
- 20. Developer-focused Consistent Easyto use Modern IRM Summit 2014 20 API Strategy Conscious, proactive design
- 21. Developer-focused Consistent Easyto use Modern IRM Summit 2014 21 API Strategy Conscious, proactive design JSON REST ROA
- 22. Resource API IRMSummit 2014 22 API Strategy Resource API OpenIDM Resource API OpenAM OpenDJ Common UI / other clients Resource consumer
- 23. IRM Summit 201423 CREST API
- 24. CREST Framework IRMSummit COPYRIGHT 2013 2014 FORGEROCK AS 24 ROA Framework / CREST API Router Services or other non-re source oriented arch itecture Reso urce Normalization Non-Json Resource Jso nResource
- 25. AuthN and AuthZFilters IRM Summit 2014 25
- 26. Open Identity StackUI Model ■ “Single-Page Web App” style ■ Single UI model for all products ■ Built on ForgeRock REST (CREST) ■ Common UIs for: IRM Summit 2014 26 – User management – Registration and Self Service – Login and Password Reset ■ Build on shared services for Authentication
- 27. ForgeRock UI LibraryStack jQuery (General utlity) + jQuery UI (Widgets) Backbone.js + Require.js (Modular MVC Architecture) Handlebars.js (Templating) Underscore.js (General utility) Less.js (CSS preprocessor) Built on ForgeRock REST and Common Services Caters to the web developers of today IRM Summit 2014 27
- 28. IRM Summit 201428 Demo ■ OpenAM as the IDP ■ OpenDJ as the User and Config Store ■ OpenIDM provisioning to DJ ■ Commons – ForgeRock REST in OpenAM, OpenIDM, OpenDJ – Filters protecting OpenIDM – ForgeRock UI in OpenIDM and OpenAM
- 29. Questions ? IRMSummit 2014 29
Editor's Notes
- #3 Identity and Access Management (IAM) services were traditionally built for a company’s internal use, to assist with manual on and off boarding, and establishing access privileges to company data and systems behind the firewall. Today though, a company must implement a dynamic IAM solution that serves employees, customers, partners and devices, regardless of location. This is the evolution of IAM to IRM: Identity Relationship Management.
- #4 What we sell: 4 key products built from our commercial open source identity services Commercialized as off the shelf products sold under commercial license and subscription license Open AM – Access management, federation, fine-grained entitlements, adaptive authentication, risk-based authentication, etc. all the elements of access management are in this one product, in one Java WAR file. You get access to everything or use as much as you need and adopt the rest as you need it. This is a major differentiator. Not built via acquisition like most access managers. Each of the products in typical access management software stands alone, using unrelated APIs, UIs, documentation, etc. These offerings are clunky and massive. They are not designed to work together. OpenDJ – directory server Built for massive scale We support traditional ways of communicating with the directory server, like LDAP. But we also support native REST calls to it. Newer developers can use REST because they typically don’t know LDAP Built to scale to 100s of millions of transactions. 100% Java commercial open source product can be embedded for failover, replications, or directory services that you want to embed into your cloud or enterprise app OpenIDM – identity management Lightweight, hihgly scalable identity management system Modular oSGi architecture. You can just deploy the unique services you want. You don’t have to deploy the monolithic whole thing. You can just deploy for ex registration or workflow or other minute services You can use common languages like Java or Groovy to build biz logic for how to work with a resource. You no longer need to know a proprietary scripting language to deploy it Customization-friendly. With REST API allowing you to build workflows and Uis to build out your deployment ForgeRock Bridge SPE (Service Provider Edition) – allows cloud service providers to provide enterprises with an on-premise white box app that makes it simple to integrate on-premise identity infrastructure with the cloud infrastructure You can drop the equivalent of a software appliance into your environment, configure it in minutes, and have it immediately synching all the identity data from your local identity stores with your cloud identity stores so you can provision new users immediately, do password synchronization, federation for access, deprovisioning and compliance, and have one way of doing all of this. Business value of what ForgeRock does – how we leverage our platform to enable key solutions and Identity relationship management.
- #8 BE SURE TO REPLACE “LEGAL INFORMATION” IN THE BOTTOM RIGHT WITH “FORGEROCK CONFIDENTIAL” IF DOC IS INTERNAL OR NDA
- #23 BE SURE TO REPLACE “LEGAL INFORMATION” IN THE BOTTOM RIGHT WITH “FORGEROCK CONFIDENTIAL” IF DOC IS INTERNAL OR NDA
- #24 BE SURE TO REPLACE “LEGAL INFORMATION” IN THE BOTTOM RIGHT WITH “FORGEROCK CONFIDENTIAL” IF DOC IS INTERNAL OR NDA
- #25 BE SURE TO REPLACE “LEGAL INFORMATION” IN THE BOTTOM RIGHT WITH “FORGEROCK CONFIDENTIAL” IF DOC IS INTERNAL OR NDA
- #26 BE SURE TO REPLACE “LEGAL INFORMATION” IN THE BOTTOM RIGHT WITH “FORGEROCK CONFIDENTIAL” IF DOC IS INTERNAL OR NDA
- #27 BE SURE TO REPLACE “LEGAL INFORMATION” IN THE BOTTOM RIGHT WITH “FORGEROCK CONFIDENTIAL” IF DOC IS INTERNAL OR NDA
- #28 BE SURE TO REPLACE “LEGAL INFORMATION” IN THE BOTTOM RIGHT WITH “FORGEROCK CONFIDENTIAL” IF DOC IS INTERNAL OR NDA
- #29 BE SURE TO REPLACE “LEGAL INFORMATION” IN THE BOTTOM RIGHT WITH “FORGEROCK CONFIDENTIAL” IF DOC IS INTERNAL OR NDA
- #30 BE SURE TO REPLACE “LEGAL INFORMATION” IN THE BOTTOM RIGHT WITH “FORGEROCK CONFIDENTIAL” IF DOC IS INTERNAL OR NDA