Upload
forgerock
View
275
Download
7
Embed Size (px)
Citation preview
© 2016 ForgeRock. All rights reserved.
Platform Overview
© 2016 ForgeRock. All rights reserved.
Por
tals
, app
licat
ions
, web
ser
vice
s, A
PI’s
• Authentication & Session• Authorization & Policy• Adaptive Risk• Federation
• User Data Store• Object Store
Acc
ess
Man
agem
ent
Dire
ctor
y Se
rvic
es
Consumers & Customers
Devices & Things
Iden
tity
Gat
eway • API / Mobile Gateway
• App / SSO Gateway
Policy Agents
Standards
REST
Standards
LDAP
REST
Employees, Partners
APIs
Enterprise Apps
Partners
Cloud Apps
Mobile
REST
• Social Registration• Self-Service• Auditing & Reporting• Workflow & Business Logic
Iden
tity
Man
agem
ent
IDM Connectors
REST
ForgeRock Identity Platform
© 2016 ForgeRock. All rights reserved.
ForgeRock Engineering Strategy• Simple• Scalable• Modular• Commons• Community Participation
© 2016 ForgeRock. All rights reserved.
The Need For Commons
Core Application Services
REST APIs
Authentication
Logging Configuration
Business Logic and Extensions
User Interface Mobile AppsUI Framework Client SDK
Dev
elop
er S
ervi
ces
HTT
P Se
rvic
es
Database
© 2016 ForgeRock. All rights reserved.
ForgeRock Commons Projects
Core Application Services
ForgeRock REST
Authentication Framework
Audit Configuration
Commons Scripting
User Interface Mobile AppsForgeRock UI Mobile SDK
API
Des
crip
tor
HTT
P Fr
amew
ork
OpenDJ
© 2016 ForgeRock. All rights reserved.
CREST and HTTP FrameworkCREST Features• Single cross product REST API• CRUDPAQ (create, read, update, delete, patch, action, query)• One way to manage users, configuration, and services• Versioning
HTTP Framework Features• Lightweight uniform HTTP client and server framework• Used to implement any HTTP service across the stack (CREST,
OAuth2, SCIM, …• APIs for common HTTP functionality• Request Routing
© 2016 ForgeRock. All rights reserved.
API Descriptor Key Features• CREST API to obtain a descriptor for CREST endpoints and
services• Descriptor allows dynamic generation of documentation, language
bindings• Pre-defined descriptors for common APIs across product• Ability to dynamically create user interface• Core feature of API Management in OpenIG
© 2016 ForgeRock. All rights reserved.
Audit FrameworkKey Features• Multiple types of audit events• Multiple targets (audit consumers), pluggable• Correlating events within a transaction• Tamper evident• REST API for read and query• Client helpers• Transformation• Client context and device print
© 2016 ForgeRock. All rights reserved.
Commons UI Framework Key Components• jQuery• Backbone• BootstrapUse Cases• End User Pages• Admin Console• User Registration• Password Reset
© 2016 ForgeRock. All rights reserved.
The ForgeRock Identity Platform
UMA Provider Mobile App Synchronization Auditing
LDAPv3 REST/JSON
Replication Access Control
Schema Management
Caching
Auditing
Monitoring
Groups
Password Policy
Active Directory Pass-
thru
Reporting
Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2
Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2
Adaptive Risk Stateless/Stateful Registration Aggregated User
ViewMessage
Transformation
API Security Scripting
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Directory Services
Com
mon
RES
T AP
I
Com
mon
Use
r Int
erfa
ce
Com
mon
Aud
it/Lo
ggin
g
Com
mon
Scr
iptin
g
© 2016 ForgeRock. All rights reserved.
Access Management• Authentication• OAuth/OIDC• SAML2• Adaptive/Risk• Device Print• Authorization• Stateful/Stateless Architecture• User-Managed Access• Self-service
1 web app
15 min. download
to install
6 modules
20k+ Authentications
per second
© 2016 ForgeRock. All rights reserved.
Access Management Architecture
ForgeRock REST (Commons REST)
Protected ResourcesWeb
AgentsJavaEEAgents
Java/C++SDK
User InterfaceEnd User Management
ForgeRock UI Framework
Core Services
Authentication Entitlements Session AuditingOAuth
Core Token Service OIDC Configuration
Scripting Self-Service STSSAML2 Risk
SPIsAuthentication
PluginsPolicy Plugins
User MgmtPlugins
Token ServicePlugins
Federation Plugins
Persistence (OpenDJ)
Application Gateway
© 2016 ForgeRock. All rights reserved.
Identity Management• Provisioning• Synchronization• Reconciliation• Workflow• Connectors• Password Management• Self-service• Registration
1 web app
15 min. download
to install
3 modules
72k+ registrations
per min.
© 2016 ForgeRock. All rights reserved.
Identity Management Architecture
Ext
erna
l R
esou
rces
OSGI
Persistence (OrientDB)
ForgeRock UI Framework
ForgeRock REST Router
Business Logic (Javascript, Groovy, Java)
Authentication Filter (JASPI)
Jetty Web Server
ConfigurationManaged Users Sync/Recon System (Connectors)
Scheduler WorkflowAudit/Logs
Policy Audit
© 2016 ForgeRock. All rights reserved.
Identity Gateway• High Scale Reverse Proxy• API Security• Legacy App Security• IoT Gateway• Credential Replay• OpenAM PEP• Token Translation• OAuth2/OIDC/SAML2• UMA resource server
1 web app
15 min. download
to install
1 module
20k+ requests
processed / sec
© 2016 ForgeRock. All rights reserved.
Identity Gateway Architecture
Core Processing
Http Framework
HTTP Framework
CookiesHeaders Search Extract Crypto
Routes
OpenID Connect
OAuth2 SAML2 Scripting
Audit
Filters
Handlers
© 2016 ForgeRock. All rights reserved.
Directory Services• Multiple Database Options• Rapid Deployment• Global Replication• Massive Scale/Performance• Password Management• REST & LDAP APIs• Extensive Security
self-contained
app
5min. download
to install
1 module
1B+ entries
© 2016 ForgeRock. All rights reserved.
Directory Architecture
ForgeRock REST
Core Server
Replication AuditingLDAPV3 Encryption Monitoring
Password Policy Groups
Schema ManagementREST2LDAP Access Control
Backend ServicesPersistence Connectors LDIF MemoryChange Log
Java SDK/ LDAPv3
Web Application
REST2LDAP
ForgeRock REST
© 2016 ForgeRock. All rights reserved.
Thanks!