Incredible Edible Identity

IRM Summit 2014

Incredible Edible Identity

Jamie Nelson

Jonathan Scudder

Jake Feasel

2IRM Summit 2014

Evolution To IRM

Employees

Consumers

Employees &Partners

Things

PerimeterPerimeter Federation

Perimeter-lessFederation

Cloud / SaaS

Perimeter-lessFederation

CloudSaaS

Mobility

AttributesContext

Stateless

Relationships

3IRM Summit 2014

ForgeRock Products

Context-Based Access Management

Cloud-Focused Identity

Administration

Internet Scale

Directory Services

Unifying Enterprise and Cloud Identity Infrastructure

No Touch SSO to enterprise, legacy, and custom apps

Hands-free protection of

mobile apps and APIs

Identity Relationship Management PlatformOnly Unified Platform – Only Customer-Scale Platform -- Supports any

application, device, or “thing”

FORGEROCK.COM | CONFIDENTIAL

SecureMobileSecureConnectCloudConnect

4IRM Summit 2014

ForgeRock Deployment

Por

tals

, ap

plic

atio

ns,

web

ser

vice

s, A

PI’s

• Registration & Self-Service• Auditing & Compliance• Workflow & Reporting• Native connectors• REST API

• Authentication & session• Authorization & policy• Entitlements• Federation• REST API

• Identity Store• Directory Proxy• REST API

Partners

• Reverse Proxy • App Gateway Legacy Apps

ICF

• IdentityConnector

FrameworkIden

tity

A

dm

inis

trat

ion

Acc

ess

Man

agem

ent

Iden

tity

Dat

a

• Provisioning• SSO

Cloud Apps

Consumers & Customers

Enterprise Apps

Devices & Things

• Federation

Data Centers

• HA • Replication

CloudCONNECT

SecureConnect

5IRM Summit 2014

Niche Vendor

Access Management

Provisioning

Services

Directo

ry Service

sSaaS

Bridging

Application Gateway

Mobile Enablement

Great At One Problem Space Pick One

FORGEROCK.COM | CONFIDENTIAL

6IRM Summit 2014

Niche Deployment

Por

tals

, ap

plic

atio

ns,

web

ser

vice

s, A

PI’s

• Registration & Self-Service• Auditing & Compliance• Workflow & Reporting• Native connectors• REST API

• Authentication & session• Authorization & policy• Entitlements• Federation• REST API

• Identity Store• Directory Proxy• REST API

Partners

• Reverse Proxy • App Gateway Legacy Apps

• IdentityConnector

FrameworkIden

tity

A

dm

inis

trat

ion

Acc

ess

Man

agem

ent

Iden

tity

Dat

a

• Provisioning• SSO

Cloud Apps


Enterprise Apps

Devices & Things

• Federation

Data Centers

• HA • Replication

7IRM Summit 2014

Leading Stack VendorsAcquisition Architecture – Employee Scale – Massive TCO

Access Manager

Identity Federation

Identity Manager

Mobile Security Suite

Directory Server

Entitlements Server

Enterprise SSO

Identity Governance

Adaptive Access

Web Services Security

Enterprise AppsMobile Apps Things

8IRM Summit 2014

Stack Vendor’s Deployment

Por

tals

, ap

plic

atio

ns,

web

ser

vice

s, A

PI’s

Professional Services

Partners

Legacy Apps

Iden

tity

A

dm

inis

trat

ion

Acc

ess

Man

agem

ent

Iden

tity

Dat

a

Cloud Apps


Enterprise Apps

Devices & Things

Data Centers

9IRM Summit 2014

Integrated Stack Components

■ Simple, Integrated, Modular, High Scale

■ ForgeRock REST (CREST)

■ Authn and Authz Filters

■ ForgeRock UI

■ OpenID Connect, OAuth, SAML2

10IRM Summit 2014

OpenAM

ForgeRock REST (Commons REST)ForgeRock REST (Commons REST)

Protected ResourcesProtected Resources

WebAgentsWeb

AgentsJavaEEAgentsJavaEEAgents

Web ServicesAgents

Web ServicesAgents

User InterfaceUser Interface

End User End User

ForgeRock UI FrameworkForgeRock UI Framework

Core ServicesCore Services

Authentication Authentication EntitlementsEntitlements Session Session AuditAuditOAuthOAuth

Core Token Service Core Token Service OpenID Connect OpenID

Connect Configuration Configuration

PolicyPolicy User Management

User Management

Secure Token Service

Secure Token ServiceXACMLXACML Federation Federation

SPIs SPIs

Authentication Plugins

Authentication Plugins

Policy PluginsPolicy Plugins

User MgmtPlugins

User MgmtPlugins

Token ServicePlugins

Token ServicePlugins

Federation Plugins

Federation Plugins

Persistence (OpenDJ)

Universal GatewayUniversal Gateway

Management Management

11IRM Summit 2014

OpenIDM OSGI OSGI

Persistence (OrientDB)


ForgeRock REST RouterForgeRock REST Router

Business Logic (Javascript, Groovy, Java)Business Logic (Javascript, Groovy, Java)

Authentication Filter (JASPI)Authentication Filter (JASPI)

Jetty Web ServerJetty Web Server

ConfigurationConfigurationManaged Users

Managed Users Sync/ReconSync/Recon System

(Connectors)System

(Connectors)

SchedulerScheduler Task Scanner

Task ScannerAudit/LogsAudit/Logs

PolicyPolicy AuditAudit

12IRM Summit 2014

OpenDJUser InterfaceUser Interface

End User End User Management Management


ForgeRock REST ForgeRock REST

Core ServerCore Server

Replication Replication AuditingAuditingLDAPV3 LDAPV3 Caching Caching Monitoring Monitoring

Password Policy

Password Policy GroupsGroups Schema

ManagementSchema

ManagementREST2LDAPREST2LDAP Access Control Access Control

Backend ServicesBackend Services

PersistencePersistence ConnectorsConnectors LDIFLDIF MemoryMemoryChange LogChange Log

Java SDK/ LDAPv3 Java SDK/ LDAPv3

Web ApplicationWeb Application

REST2LDAPREST2LDAP

ForgeRock REST ForgeRock REST

13IRM Summit 2014

CloudConnect OSGI OSGIConfiguration WizardConfiguration Wizard

OpenIDMOpenIDM

Business Logic (Javascript, Groovy, Java)Business Logic (Javascript, Groovy, Java)

Authentication JASPI (AD and IWA)Authentication JASPI (AD and IWA)

Jetty Web ServerJetty Web Server

Salesforce and LDAPSalesforce and LDAPOAuthOAuth FederationFederation


Reporting and ReconReporting and Recon

14IRM Summit 2014

SecureConnect

Core ProcessingCore Processing

Http ConnectorHttp Connector

HTTP ListenerHTTP Listener

ChainsChainsFiltersFilters FunctionsFunctions HandlersHandlers

ScriptingScripting AuditAudit

15IRM Summit 2014

API Strategy

Conscious, proactive designDeveloper-focused Consistent

Easy to useModern

16IRM Summit 2014

API Strategy

Conscious, proactive designDeveloper-focused Consistent

Easy to useModern

JSONREST

ROA

17IRM Summit 2014

API Strategy

18IRM Summit 2014

CREST API

19IRM Summit 2014

CREST Framework

20IRM Summit 2014

AuthN and AuthZ Filters

21IRM Summit 2014

Open Identity Stack UI Model

■ “Single-Page Web App” style

■ Single UI model for all products

■ Built on ForgeRock REST (CREST)

■ Common UIs for: – User management– Registration and Self Service– Login and Password Reset

■ Build on shared services for Authentication

22IRM Summit 2014

ForgeRock UI Library Stack

jQuery (General utlity) + jQuery UI (Widgets)

Backbone.js + Require.js (Modular MVC Architecture)

Handlebars.js (Templating)

Underscore.js (General utility)

Less.js (CSS preprocessor)

Built on ForgeRock REST and Common Services

Caters to the web developers of today

23IRM Summit 2014

Demo■ OpenAM as the IDP

■ OpenDJ as the User and Config Store

■ OpenIDM provisioning to DJ

■ Commons– ForgeRock REST in OpenAM, OpenIDM, OpenDJ– Filters protecting OpenIDM– ForgeRock UI in OpenIDM and OpenAM

24IRM Summit 2014

Questions ?

Software

Incredible Edible Identity