ForgeRock Platform Release - Summer 2016

© 2016 ForgeRock. All rights reserved.

Webinar: Summer 2016 Platform Release

John Barco, VP Global Product Marketing


Platform Release Goals

•  Frictionless Identity •  Identity Relationships •  Microservices Security •  Unified Platform •  Ease of Use


ForgeRock Identity Platform

•  Simple •  Scalable •  Modular •  Common platform •  Open source community

participation


Built as Modular Components

UMA Provider Mobile App Synchronization Auditing

LDAPv3 REST/JSON

Replication Access Control

Schema Management

Caching

Auditing

Monitoring

Groups

Password Policy

AD Password Pass-thru

Reporting

Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2

Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2

Adaptive Risk Stateless/Stateful Registration Aggregated View Message Transformation

API Security Microservices

Built from Open Source Projects:

UMA Resource

Access Management Identity Management Identity Gateway

Directory Services

Com

mon

RES

T AP

I

Com

mon

Use

r Int

erfa

ce

Com

mon

Aud

it/Lo

ggin

g

Com

mon

Scr

iptin

g


Platform Modules

Authoriza*on Federa*on

Iden*ty Workflow Self Service

Authen*ca*on

Iden*ty Synchroniza*on

Adap*ve Risk

Directory Services

User Managed Access

Iden*ty Gateway

Common

Services


Platform Common Services Update


New Audit Framework • Common audit event framework

captures activity of users, devices, things with unique ID label

• New ELK and JMS handlers •  Also CSV, DB, and syslog •  Export to third party services

Splunk, ArcSight, FireEye, Palo Alto Networks …

Dashboard: User Access Audit


Access Management Update


Access Management •  Authentication

•  Single sign-on •  Social sign-on •  Strong authentication •  Mobile MFA

•  Adaptive Risk •  Federation •  Authorization •  User-Managed Access •  Self-Service

1 web app

15 min. download

to install

6 modules

20k+ Authentications

per second


Stateful Session Management

Session

SA

ML2

OA

uth2

OpenAM Server

Session

SA

ML2

OA

uth2

OpenAM Server

FAMRecord FAMRecord

OpenDJ OpenDJ

Session

SA

ML2

OA

uth2

OpenAM Server

FAMRecord

OpenDJ

•  Session failover uses the Core Token Service (CTS) to persist sessions

•  CTS is based on OpenDJ and can be embedded or external

•  External CTS gives flexibility and control over the topology


New Stateless Session Management

•  Stateless = state information is encoded in JWT token

•  High-performance support for microservices or distributed cloud environment - 100K/sec token validation

•  Client can obtain token from any server; Client can validate token on any server

11

OpenAM Server

OpenAM Server

OpenAM Server

AWS1 AWS2 AWS3

Microservices Client App

OAuth2, OIDC Tokens

PROPRIETARY AND CONFIDENTIAL


Define Risk Profile of user or

device

•  Context builds intelligence into policies to protect resources at the time of access and during session

•  Scriptable conditions can examine environmental conditions and also call external services to augment the authorization process

Scripted conditions flag

changes Evaluate context

during AuthN/ AuthZ

Create policies with risk /contextual parameters

Risk is remediated

Session resets, forces action

Context-Based AuthN & AuthZ


Advanced Authentication For modern and legacy systems

•  20+ out-of-box modules including Google, Facebook, MS

•  AuthN methods can be chained together for enforcing different levels or strength of security

•  Scripted AuthN modules extend functionality on client side and server side using Groovy and JavaScript

Create New Authentication Chain

SAML2 Authentication

Adaptive Risk / Device ID

ForgeRock Mobile Authenticator

Save Device Profile


Adaptive Risk Enables better user experience

•  The Adaptive Risk module assesses the risk based on pre-configured parameters

• Over 30 parameters, including IP address, IP history, cookie value, login history, geo-location, etc.

• Can be used in authentication chain or for step-up re-authentication

94

Risk Score


New Passwordless Authentication • New update of ForgeRock

Authenticator Mobile App for iOS and Android

• Vastly improves the user experience while reducing friction during the user authentication process

• Customize app look and feel or use source code to build your own

Swipe, Fingerprint Scan,

Custom


New Passwordless Authentication


Identity Management Update


Identity Management

•  Workflow-driven provisioning •  Synchronization and

reconciliation •  Cloud / Enterprise

connectors •  Self-service

•  Password management +

1 web app

15 min. download

to install

3 modules

72k+ registrations

per min.


New Object Model Visualization •  Identity Management

architecture is REST-based with flexible object model

•  Visually representing objects and the relationships enables easier access to rich data

•  User, device, thing relationships are complex – a visual model helps simplify admin tasks – reduces risks

PROPRIETARY AND CONFIDENTIAL


Identity Gateway Update


Identity Gateway •  Mobile security •  API security •  Legacy app security •  IoT gateway •  Credential replay •  Federated service provider •  Token translation service •  UMA resource server

1 web app

15 min. download

to install

1 module

20k+ requests

processed / sec


Protect REST Endpoints and APIs New Throttling Filter •  Control the rate of requests that

clients can make to a Web API based on IP address or request route

•  Set multiple limits for different scenarios like allowing an IP or Client to make a maximum number of calls per second, per minute, per hour per day or even per week

Identity Gateway Throttling Filter


New Preview Cloud Foundry Service Broker

•  Lightweight, simple way for ForgeRock solutions to protect RESTful microservices running in Cloud Foundry

•  Open source code for the service broker preview is accessible through GitHub (https://github.com/ForgeRock/forgerock-service-broker-cloudfoundry)


Resources: Downloads / Docs / Support


Resources: ForgeRock.org community site


Resources: ForgeRock.com

ForgeRock Platform Release - Summer 2016

Technology