5. 5IRM Summit 2014
Classic scenario I
User wants to use an application...
User
Application
which does not require any of ForgeRock's
products, but ...
10. Provides single sign-on to web resources and create a
sign on once, access everywhere environment
Centralized policy based authentication and
authorization
Enables policy enforcement
Tracks all user authentication related events
Extends access beyond organizational boundaries
OpenAM Key Functionality
Authentication
Authorization
Single Sign-On
Federation
Entitlements
Web Services Security
Auditing/Logging
Adaptive AuthN
18. 18IRM Summit 2014
■ Common use case: User requests access to a web page
■ Other Use Cases: Applications can request authentication
programatically through REST or SOAP web services and
OpenAM SDK
Where does the request come from?
19. 19IRM Summit 2014
■ OpenAM works with most authentication methods without
customization
■ 21 out of the box Authentication modules
■ Custom modules can be created easily
Which Credentials?
20. 20IRM Summit 2014
Active Directory
Adaptive Risk
Anonymous
Certificate
Data Store
Device Print
Federation
HOTP
HTTP Basic
JDBC
LDAP
Membership
MSISDN
OATH
OAuth 2.0
RADIUS
SAE
SecurID
Windows
Desktop SSO
Windows NT
WSSAuth
FR-420 OpenAM 11
Authentication Modules
23. 23IRM Summit 2014
Authorization
■ Authentication is not enough
■ Authorization determines:
– WHO can do
– what ACTIONS
– with what RESOURCES
– under which CONDITIONS?
■ Uses Policies to define those rights
26. 26IRM Summit 2014
Federation
■ Federation is the process of linking identities across
heterogeneous Access Management products
■ It is a trust relationship whereby a Service Provider
(SP) trusts that an Identity Provider (IDP) has
successfully authenticated a user
■ It is Standard Based
27. 27IRM Summit 2014
Goals of Federation
■ Federation enables Single Sign On and Single
Logout between partners
■ Federation allows rapid integration
– during company acquisitions
– between heterogeneous systems
■ Federation allows basic Identity Data Sharing
■ Helps to keep multiple internet accounts under
control
30. 30IRM Summit 2014
OpenAM Federation
■ OpenAM provides first class federation support
■ Federation Protocol support
– SAML2, WS-Federation, ID-FF, OAuth2
■ Federated Web Services
■ Multi-Protocol Hub
– Allows OpenAM to act as a broker between different federation protocols
■ Plug-in points allow for easy customization
■ Fedlet for applications that do not support standard protocols