© 2016 ForgeRock. All rights reserved.
© 2016 ForgeRock. All rights reserved.
Joachim AndresDirector, Product Management
The Future is Now: What’s New in ForgeRock Identity Gateway
Michelle FallonSenior Product Marketing Manager
© 2016 ForgeRock. All rights reserved.
Disclaimer
The presentation represents ForgeRock’s current view of its product development cycle and future directions. It is intended for information purposes only, and should not be interpreted as a commitment on the part of ForgeRock. ForgeRock makes no warranties, expressed or implied, on future functionality and timeline.
© 2016 ForgeRock. All rights reserved.
2010 Founded
10 Offices worldwide with headquarters in San Francisco
400+ Employees
600+ Enterprise Customers
50% Americas / 50% International commercial revenues
30+ Countries
ForgeRockThe leading, next-generation,
identity security software platform, driving digital business.
© 2016 ForgeRock. All rights reserved.
Users, Devices, Things, and Services
Identity
Identity
Identity
Identity
Identity
Identity
Identity
Identity
Identity
Identity
Identity
Identity
© 2016 ForgeRock. All rights reserved.
Everyone And
Every Thing
Identity For
Customer Identity Relationship Management
© 2016 ForgeRock. All rights reserved.
ForgeRock Identity Platform
UMA Provider Mobile App Synchronization Auditing
LDAPv3 REST/JSON
Replication Access Control
Schema Management
Caching
Auditing
Monitoring
Groups
Password Policy
Active Directory Pass-thru
Reporting
Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2
Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2
Adaptive Risk Stateless/Stateful Registration Aggregated User View
Message Transformation
API Security Scripting
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Directory Services
Com
mon
RES
T AP
I
Com
mon
Use
r Int
erfa
ce
Com
mon
Aud
it/Lo
ggin
g
Com
mon
Scr
iptin
g
© 2016 ForgeRock. All rights reserved.
Identity Gateway Use Cases
Iden
tity
Gat
eway
Any App
API
DMZ
RESTEnd Point
Mobile
M2M API
IoT
• Non-intrusive integration of applications with IAM
• API & microservices security• Simple integration with legacy
apps for SSO & AuthZ• Agentless WAM deployments• Acting as Federation service
provider / relying party
© 2016 ForgeRock. All rights reserved.
SupportingServiceHow Does it Work?
• Reverse proxy acts as “message translator” between client apps or APIs and servers that can’t talk to each other natively
• Checks the identity of HTTP traffic as it passes through, stopping those without permissions and letting the rest pass
ClientApp
Server Side
Iden
tity
Gat
eway
1. Request2. Transformed
Request
4. Transformed Response
3. Response
IdentityServices
© 2016 ForgeRock. All rights reserved.
IG 5.0: What’s New ?
• Identity Gateway Studio• User interface to construct configuration artifacts• For evaluators and developers
• DevOps• DevOps guide incl. tutorial to deploy Identity Gateway via Docker• Sample Dockerfiles• Immutable and mutable (dev, eval) mode
© 2016 ForgeRock. All rights reserved.
IG 5.0: What’s New ? (cont.)
• Improve agentless access management deployments• OpenAM SSO authentication filter• Step-Up authentication with PolicyEnforcementFilter (via advices)
• Contextual Authorization• Send client IP and User-Agent into policy evaluation process
• Audit handlers for JSON and JMS• API Descriptors
© 2016 ForgeRock. All rights reserved.
Demo: Identity Gateway Studio
WebApplication
API
http://internal.example.com:8081/home
Healthcheck
Throttling
Authentication
Authorization
Context
http://ig.example.com/home
Identity Gateway
Message Capture
Access Management
OpenID Connect Provider
Authorization Provider
Microservice
© 2016 ForgeRock. All rights reserved.
The ForgeRock Identity Gateway bridges your applications to the
modern digital identity world.