Weitere ähnliche Inhalte
Ähnlich wie ForgeRock Platform Release - Summer 2016 (20)
Kürzlich hochgeladen (20)
ForgeRock Platform Release - Summer 2016
- 1. © 2016 ForgeRock. All rights reserved.
Webinar: Summer 2016
Platform Release
John Barco, VP Global Product Marketing
- 2. © 2016 ForgeRock. All rights reserved.
Platform Release Goals
• Frictionless Identity
• Identity Relationships
• Microservices Security
• Unified Platform
• Ease of Use
- 3. © 2016 ForgeRock. All rights reserved.
ForgeRock Identity Platform
• Simple
• Scalable
• Modular
• Common platform
• Open source community
participation
- 4. © 2016 ForgeRock. All rights reserved.
Built as Modular Components
UMA Provider
Mobile App
Synchronization
Auditing
LDAPv3
REST/JSON
Replication
Access Control
Schema
Management
Caching
Auditing
Monitoring
Groups
Password Policy
AD Password Pass-
thru
Reporting
Authentication
Authorization
Provisioning
User Self-Service
Authentication
OIDC / OAuth2
Federation / SSO
User Self-Service
Workflow Engine
Reconciliation
Password Replay
SAML2
Adaptive Risk
Stateless/Stateful
Registration
Aggregated View
Message
Transformation
API Security
Microservices
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Directory Services
CommonRESTAPI
CommonUserInterface
CommonAudit/Logging
CommonScripting
- 5. © 2016 ForgeRock. All rights reserved.
Platform Modules
Authoriza*on
Federa*on
Iden*ty
Workflow
Self
Service
Authen*ca*on
Iden*ty
Synchroniza*on
Adap*ve
Risk
Directory
Services
User
Managed
Access
Iden*ty
Gateway
Common
Services
- 7. © 2016 ForgeRock. All rights reserved.
New Audit Framework
• Common audit event framework
captures activity of users,
devices, things with unique ID
label
• New ELK and JMS handlers
• Also CSV, DB, and syslog
• Export to third party services
Splunk, ArcSight, FireEye, Palo
Alto Networks …
Dashboard: User Access Audit
- 9. © 2016 ForgeRock. All rights reserved.
Access Management
• Authentication
• Single sign-on
• Social sign-on
• Strong authentication
• Mobile MFA
• Adaptive Risk
• Federation
• Authorization
• User-Managed Access
• Self-Service
1
web app
15
min. download
to install
6
modules
20k+
Authentications
per second
- 10. © 2016 ForgeRock. All rights reserved.
Stateful Session ManagementSession
SAML2
OAuth2
OpenAM
Server
Session
SAML2
OAuth2
OpenAM
Server
FAMRecord FAMRecord
OpenDJ OpenDJ
Session
SAML2
OAuth2
OpenAM
Server
FAMRecord
OpenDJ
• Session failover uses the
Core Token Service (CTS)
to persist sessions
• CTS is based on OpenDJ
and can be embedded or
external
• External CTS gives flexibility
and control over the
topology
- 11. © 2016 ForgeRock. All rights reserved.
New Stateless Session Management
• Stateless = state information
is encoded in JWT token
• High-performance support for
microservices or distributed
cloud environment - 100K/
sec token validation
• Client can obtain token from
any server; Client can
validate token on any server
11
OpenAM
Server
OpenAM
Server
OpenAM
Server
AWS1 AWS2 AWS3
Microservices
Client App
OAuth2, OIDC Tokens
PROPRIETARY AND CONFIDENTIAL
- 12. © 2016 ForgeRock. All rights reserved.
Define Risk
Profile of user or
device
• Context builds intelligence into
policies to protect resources at
the time of access and during
session
• Scriptable conditions can
examine environmental
conditions and also call
external services to augment
the authorization process
Scripted
conditions flag
changes
Evaluate context
during AuthN/
AuthZ
Create policies
with risk /
contextual
parameters
Risk is
remediated
Session resets,
forces action
Context-Based AuthN & AuthZ
- 13. © 2016 ForgeRock. All rights reserved.
Advanced Authentication
For modern and legacy systems
• 20+ out-of-box modules including
Google, Facebook, MS
• AuthN methods can be chained
together for enforcing different
levels or strength of security
• Scripted AuthN modules extend
functionality on client side and
server side using Groovy and
JavaScript
Create New Authentication Chain
SAML2 Authentication
Adaptive Risk / Device ID
ForgeRock Mobile Authenticator
Save Device Profile
- 14. © 2016 ForgeRock. All rights reserved.
Adaptive Risk
Enables better user experience
• The Adaptive Risk module
assesses the risk based on pre-
configured parameters
• Over 30 parameters, including
IP address, IP history, cookie
value, login history, geo-
location, etc.
• Can be used in authentication
chain or for step-up re-
authentication
94
Risk Score
- 15. © 2016 ForgeRock. All rights reserved.
New Passwordless Authentication
• New update of ForgeRock
Authenticator Mobile App for iOS
and Android
• Vastly improves the user
experience while reducing
friction during the user
authentication process
• Customize app look and feel or
use source code to build your
own
Swipe,
Fingerprint Scan,
Custom
- 18. © 2016 ForgeRock. All rights reserved.
Identity Management
• Workflow-driven provisioning
• Synchronization and
reconciliation
• Cloud / Enterprise
connectors
• Self-service
• Password management +
1
web app
15
min. download
to install
3
modules
72k+
registrations
per min.
- 19. © 2016 ForgeRock. All rights reserved.
New Object Model Visualization
• Identity Management
architecture is REST-based
with flexible object model
• Visually representing objects
and the relationships enables
easier access to rich data
• User, device, thing
relationships are complex – a
visual model helps simplify
admin tasks – reduces risks
PROPRIETARY AND CONFIDENTIAL
- 21. © 2016 ForgeRock. All rights reserved.
Identity Gateway
• Mobile security
• API security
• Legacy app security
• IoT gateway
• Credential replay
• Federated service provider
• Token translation service
• UMA resource server
1
web app
15
min. download
to install
1
module
20k+
requests
processed / sec
- 22. © 2016 ForgeRock. All rights reserved.
Protect REST Endpoints and APIs
New Throttling Filter
• Control the rate of requests that
clients can make to a Web API
based on IP address or request
route
• Set multiple limits for different
scenarios like allowing an IP or
Client to make a maximum
number of calls per second, per
minute, per hour per day or
even per week
Identity Gateway Throttling Filter
- 23. © 2016 ForgeRock. All rights reserved.
New Preview
Cloud Foundry Service Broker
• Lightweight, simple way for
ForgeRock solutions to protect
RESTful microservices running in
Cloud Foundry
• Open source code for the service
broker preview is accessible
through GitHub (https://github.com/
ForgeRock/forgerock-service-broker-cloudfoundry)