Download - ForgeRock Platform Release - Summer 2016
© 2016 ForgeRock. All rights reserved.
Webinar: Summer 2016 Platform Release
John Barco, VP Global Product Marketing
© 2016 ForgeRock. All rights reserved.
Platform Release Goals
• Frictionless Identity • Identity Relationships • Microservices Security • Unified Platform • Ease of Use
© 2016 ForgeRock. All rights reserved.
ForgeRock Identity Platform
• Simple • Scalable • Modular • Common platform • Open source community
participation
© 2016 ForgeRock. All rights reserved.
Built as Modular Components
UMA Provider Mobile App Synchronization Auditing
LDAPv3 REST/JSON
Replication Access Control
Schema Management
Caching
Auditing
Monitoring
Groups
Password Policy
AD Password Pass-thru
Reporting
Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2
Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2
Adaptive Risk Stateless/Stateful Registration Aggregated View Message Transformation
API Security Microservices
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Directory Services
Com
mon
RES
T AP
I
Com
mon
Use
r Int
erfa
ce
Com
mon
Aud
it/Lo
ggin
g
Com
mon
Scr
iptin
g
© 2016 ForgeRock. All rights reserved.
Platform Modules
Authoriza*on Federa*on
Iden*ty Workflow Self Service
Authen*ca*on
Iden*ty Synchroniza*on
Adap*ve Risk
Directory Services
User Managed Access
Iden*ty Gateway
Common
Services
© 2016 ForgeRock. All rights reserved.
Platform Common Services Update
© 2016 ForgeRock. All rights reserved.
New Audit Framework • Common audit event framework
captures activity of users, devices, things with unique ID label
• New ELK and JMS handlers • Also CSV, DB, and syslog • Export to third party services
Splunk, ArcSight, FireEye, Palo Alto Networks …
Dashboard: User Access Audit
© 2016 ForgeRock. All rights reserved.
Access Management Update
© 2016 ForgeRock. All rights reserved.
Access Management • Authentication
• Single sign-on • Social sign-on • Strong authentication • Mobile MFA
• Adaptive Risk • Federation • Authorization • User-Managed Access • Self-Service
1 web app
15 min. download
to install
6 modules
20k+ Authentications
per second
© 2016 ForgeRock. All rights reserved.
Stateful Session Management
Session
SA
ML2
OA
uth2
OpenAM Server
Session
SA
ML2
OA
uth2
OpenAM Server
FAMRecord FAMRecord
OpenDJ OpenDJ
Session
SA
ML2
OA
uth2
OpenAM Server
FAMRecord
OpenDJ
• Session failover uses the Core Token Service (CTS) to persist sessions
• CTS is based on OpenDJ and can be embedded or external
• External CTS gives flexibility and control over the topology
© 2016 ForgeRock. All rights reserved.
New Stateless Session Management
• Stateless = state information is encoded in JWT token
• High-performance support for microservices or distributed cloud environment - 100K/sec token validation
• Client can obtain token from any server; Client can validate token on any server
11
OpenAM Server
OpenAM Server
OpenAM Server
AWS1 AWS2 AWS3
Microservices Client App
OAuth2, OIDC Tokens
PROPRIETARY AND CONFIDENTIAL
© 2016 ForgeRock. All rights reserved.
Define Risk Profile of user or
device
• Context builds intelligence into policies to protect resources at the time of access and during session
• Scriptable conditions can examine environmental conditions and also call external services to augment the authorization process
Scripted conditions flag
changes Evaluate context
during AuthN/ AuthZ
Create policies with risk /contextual parameters
Risk is remediated
Session resets, forces action
Context-Based AuthN & AuthZ
© 2016 ForgeRock. All rights reserved.
Advanced Authentication For modern and legacy systems
• 20+ out-of-box modules including Google, Facebook, MS
• AuthN methods can be chained together for enforcing different levels or strength of security
• Scripted AuthN modules extend functionality on client side and server side using Groovy and JavaScript
Create New Authentication Chain
SAML2 Authentication
Adaptive Risk / Device ID
ForgeRock Mobile Authenticator
Save Device Profile
© 2016 ForgeRock. All rights reserved.
Adaptive Risk Enables better user experience
• The Adaptive Risk module assesses the risk based on pre-configured parameters
• Over 30 parameters, including IP address, IP history, cookie value, login history, geo-location, etc.
• Can be used in authentication chain or for step-up re-authentication
94
Risk Score
© 2016 ForgeRock. All rights reserved.
New Passwordless Authentication • New update of ForgeRock
Authenticator Mobile App for iOS and Android
• Vastly improves the user experience while reducing friction during the user authentication process
• Customize app look and feel or use source code to build your own
Swipe, Fingerprint Scan,
Custom
© 2016 ForgeRock. All rights reserved.
New Passwordless Authentication
© 2016 ForgeRock. All rights reserved.
Identity Management Update
© 2016 ForgeRock. All rights reserved.
Identity Management
• Workflow-driven provisioning • Synchronization and
reconciliation • Cloud / Enterprise
connectors • Self-service
• Password management +
1 web app
15 min. download
to install
3 modules
72k+ registrations
per min.
© 2016 ForgeRock. All rights reserved.
New Object Model Visualization • Identity Management
architecture is REST-based with flexible object model
• Visually representing objects and the relationships enables easier access to rich data
• User, device, thing relationships are complex – a visual model helps simplify admin tasks – reduces risks
PROPRIETARY AND CONFIDENTIAL
© 2016 ForgeRock. All rights reserved.
Identity Gateway Update
© 2016 ForgeRock. All rights reserved.
Identity Gateway • Mobile security • API security • Legacy app security • IoT gateway • Credential replay • Federated service provider • Token translation service • UMA resource server
1 web app
15 min. download
to install
1 module
20k+ requests
processed / sec
© 2016 ForgeRock. All rights reserved.
Protect REST Endpoints and APIs New Throttling Filter • Control the rate of requests that
clients can make to a Web API based on IP address or request route
• Set multiple limits for different scenarios like allowing an IP or Client to make a maximum number of calls per second, per minute, per hour per day or even per week
Identity Gateway Throttling Filter
© 2016 ForgeRock. All rights reserved.
New Preview Cloud Foundry Service Broker
• Lightweight, simple way for ForgeRock solutions to protect RESTful microservices running in Cloud Foundry
• Open source code for the service broker preview is accessible through GitHub (https://github.com/ForgeRock/forgerock-service-broker-cloudfoundry)
© 2016 ForgeRock. All rights reserved.
Resources: Downloads / Docs / Support
© 2016 ForgeRock. All rights reserved.
Resources: ForgeRock.org community site
© 2016 ForgeRock. All rights reserved.
Resources: ForgeRock.com