NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview

© 2016 ForgeRock. All rights reserved.

Platform Overview


Por

tals

, app

licat

ions

, web

ser

vice

s, A

PI’s

• Authentication & Session• Authorization & Policy• Adaptive Risk• Federation

• User Data Store• Object Store

Acc

ess

Man

agem

ent

Dire

ctor

y Se

rvic

es

Consumers & Customers

Devices & Things

Iden

tity

Gat

eway • API / Mobile Gateway

• App / SSO Gateway

Policy Agents

Standards

REST

Standards

LDAP

REST

Employees, Partners

APIs

Enterprise Apps

Partners

Cloud Apps

Mobile

REST

• Social Registration• Self-Service• Auditing & Reporting• Workflow & Business Logic

Iden

tity

Man

agem

ent

IDM Connectors

REST

ForgeRock Identity Platform


ForgeRock Engineering Strategy• Simple• Scalable• Modular• Commons• Community Participation


The Need For Commons

Core Application Services

REST APIs

Authentication

Logging Configuration

Business Logic and Extensions

User Interface Mobile AppsUI Framework Client SDK

Dev

elop

er S

ervi

ces

HTT

P Se

rvic

es

Database


ForgeRock Commons Projects

Core Application Services

ForgeRock REST

Authentication Framework

Audit Configuration

Commons Scripting

User Interface Mobile AppsForgeRock UI Mobile SDK

API

Des

crip

tor

HTT

P Fr

amew

ork

OpenDJ


CREST and HTTP FrameworkCREST Features• Single cross product REST API• CRUDPAQ (create, read, update, delete, patch, action, query)• One way to manage users, configuration, and services• Versioning

HTTP Framework Features• Lightweight uniform HTTP client and server framework• Used to implement any HTTP service across the stack (CREST,

OAuth2, SCIM, …• APIs for common HTTP functionality• Request Routing


API Descriptor Key Features• CREST API to obtain a descriptor for CREST endpoints and

services• Descriptor allows dynamic generation of documentation, language

bindings• Pre-defined descriptors for common APIs across product• Ability to dynamically create user interface• Core feature of API Management in OpenIG


Audit FrameworkKey Features• Multiple types of audit events• Multiple targets (audit consumers), pluggable• Correlating events within a transaction• Tamper evident• REST API for read and query• Client helpers• Transformation• Client context and device print


Commons UI Framework Key Components• jQuery• Backbone• BootstrapUse Cases• End User Pages• Admin Console• User Registration• Password Reset


The ForgeRock Identity Platform

UMA Provider Mobile App Synchronization Auditing

LDAPv3 REST/JSON

Replication Access Control

Schema Management

Caching

Auditing

Monitoring

Groups

Password Policy

Active Directory Pass-

thru

Reporting

Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2

Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2

Adaptive Risk Stateless/Stateful Registration Aggregated User

ViewMessage

Transformation

API Security Scripting

Built from Open Source Projects:

UMA Resource

Access Management Identity Management Identity Gateway

Directory Services

Com

mon

RES

T AP

I

Com

mon

Use

r Int

erfa

ce

Com

mon

Aud

it/Lo

ggin

g

Com

mon

Scr

iptin

g


Access Management• Authentication• OAuth/OIDC• SAML2• Adaptive/Risk• Device Print• Authorization• Stateful/Stateless Architecture• User-Managed Access• Self-service

1 web app

15 min. download

to install

6 modules

20k+ Authentications

per second


Access Management Architecture

ForgeRock REST (Commons REST)

Protected ResourcesWeb

AgentsJavaEEAgents

Java/C++SDK

User InterfaceEnd User Management

ForgeRock UI Framework

Core Services

Authentication Entitlements Session AuditingOAuth

Core Token Service OIDC Configuration

Scripting Self-Service STSSAML2 Risk

SPIsAuthentication

PluginsPolicy Plugins

User MgmtPlugins

Token ServicePlugins

Federation Plugins

Persistence (OpenDJ)

Application Gateway


Identity Management• Provisioning• Synchronization• Reconciliation• Workflow• Connectors• Password Management• Self-service• Registration

1 web app

15 min. download

to install

3 modules

72k+ registrations

per min.


Identity Management Architecture

Ext

erna

l R

esou

rces

OSGI

Persistence (OrientDB)

ForgeRock UI Framework

ForgeRock REST Router

Business Logic (Javascript, Groovy, Java)

Authentication Filter (JASPI)

Jetty Web Server

ConfigurationManaged Users Sync/Recon System (Connectors)

Scheduler WorkflowAudit/Logs

Policy Audit


Identity Gateway• High Scale Reverse Proxy• API Security• Legacy App Security• IoT Gateway• Credential Replay• OpenAM PEP• Token Translation• OAuth2/OIDC/SAML2• UMA resource server

1 web app

15 min. download

to install

1 module

20k+ requests

processed / sec


Identity Gateway Architecture

Core Processing

Http Framework

HTTP Framework

CookiesHeaders Search Extract Crypto

Routes

OpenID Connect

OAuth2 SAML2 Scripting

Audit

Filters

Handlers


Directory Services• Multiple Database Options• Rapid Deployment• Global Replication• Massive Scale/Performance• Password Management• REST & LDAP APIs• Extensive Security

self-contained

app

5min. download

to install

1 module

1B+ entries


Directory Architecture

ForgeRock REST

Core Server

Replication AuditingLDAPV3 Encryption Monitoring

Password Policy Groups

Schema ManagementREST2LDAP Access Control

Backend ServicesPersistence Connectors LDIF MemoryChange Log

Java SDK/ LDAPv3

Web Application

REST2LDAP

ForgeRock REST


Thanks!

Software

NYC Identity Summit Tech Day: ForgeRock Identity Platform Overview