openig webinar: your swiss army knife for protecting and securing web apps, api's and iot...

Copyright © 2015 ForgeRock, all rights reserved.

OPENIGYour Swiss Army Knife

Copyright © 2015 ForgeRock, all rights reserved.

Digital Identity Touches Everything& transforms customer experiences

Copyright © 2015 ForgeRock, all rights reserved.

API ECONOMY

Massive shift in how organizations deliver and monetize services…

Copyright © 2015 ForgeRock, all rights reserved.

EMBRACING MOBILE ?

You have or plan to have Mobile Apps ?

• Built on APIs• Access from anywhere• Require strong security

Copyright © 2015 ForgeRock, all rights reserved.

NEED TO IDENTITY ENABLE?

• Legacy apps with no Identity Support?• Web apps without a policy agent - can’t, won’t, don’t

want to?• Repeatable and scalable

Copyright © 2015 ForgeRock, all rights reserved.

WHAT IS OPENIG?

Copyright © 2015 ForgeRock, all rights reserved.

Copyright © 2015 ForgeRock, all rights reserved.

NEW WITH OPENIG 3

• Support for OAuth 2.0 and OpenID Connect• Support for Scripting (Groovy)• Integrated SAMLv2 Federation• Protecting multiple Applications• Stateless Sessions• Easier dynamic configuration

Copyright © 2015 ForgeRock, all rights reserved.

“OpenIG works together with OpenAM to integrate Web applications without the need to modify the target application or the container that it runs in—delivering significant cost-savings.”

Copyright © 2015 ForgeRock, all rights reserved.

OPENIG – USE CASES

Copyright © 2015 ForgeRock, all rights reserved.

TRADITIONAL WAM

Op

enIG Custom App

Legacy

DMZ

Unsupported

■ Complementary component to OpenAM

■ Acts as a Policy Enforcement Point

■ Extend SSO/ Password Replay to any App

■ Federation SP

■ Works with all WAM solutions

Copyright © 2015 ForgeRock, all rights reserved.

PASSWORD CAPTURE AND REPLAY

• When Application:• has a proprietary authentication

system• Cannot be modified• Requires a different

authentication mechanism

Application

Copyright © 2015 ForgeRock, all rights reserved.

FEDERATE AN APPLICATION

• Existing application• Cannot be modified,

proprietary Authentication• Web Based Enterprise SSO

• Multi State Password Replay• Pass headers, variables, replay

any web based traffic statefully

• Reverse Proxy

IdP

Circle of Trust

Application

Copyright © 2015 ForgeRock, all rights reserved.

SOCIAL LOGIN WITH OIDC

• No need to store or manage password

• Works with enabled IdP:• OpenAM• Google• Facebook• …

Application

Copyright © 2015 ForgeRock, all rights reserved.

PROTECT APIS WITH OAUTH 2.0

• Obtain an OAuth 2.0 token from your IdP

• Stick it in the client application

• IG verifies the presence, validity and permissions to access APIs

API

Copyright © 2015 ForgeRock, all rights reserved.

DEMO

Copyright © 2015 ForgeRock, all rights reserved.

ROADMAP

Copyright © 2015 ForgeRock, all rights reserved.

IG 4.0 ROADMAP

• Monitoring, Reporting, Throttling

• Token Exchange using OpenAM

• Calling OpenAM policy decisions

• Common Audit• Management Interface

Copyright © 2015 ForgeRock, all rights reserved.

WHY OPENIG?

• Works with all WAM solutions – not just OpenAM• Performant and scalable• Competitive price vs legacy vendors• Customizable through scripting• Repeatable across systems and business units• Production ready

Copyright © 2015 ForgeRock, all rights reserved.

RSA Conference Asia Pacific & Japan 22 - 24 July, 2015 Singapore

Gartner Catalyst Conference 10 - 13 August, 2015 San Diego, CA

Les Assises30 September - 3 October, 2015Monaco

WHERE IN THE WORLD IS FORGEROCK?

Visit forgerock.com

Copyright © 2015 ForgeRock, all rights reserved.

THANK YOU!

Justin Pirie  Senior PMM, ForgeRockjustin.pirie@forgerock.com@justinpirie

Ludovic Poitou OpenIG & DJ PM, ForgeRockLudovic.poitou@forgerock.com@LudoMP