openig webinar: your swiss army knife for protecting and securing web apps, api's and iot...
TRANSCRIPT
Copyright © 2015 ForgeRock, all rights reserved.
OPENIGYour Swiss Army Knife
Copyright © 2015 ForgeRock, all rights reserved.
Digital Identity Touches Everything& transforms customer experiences
Copyright © 2015 ForgeRock, all rights reserved.
API ECONOMY
Massive shift in how organizations deliver and monetize services…
Copyright © 2015 ForgeRock, all rights reserved.
EMBRACING MOBILE ?
You have or plan to have Mobile Apps ?
• Built on APIs• Access from anywhere• Require strong security
Copyright © 2015 ForgeRock, all rights reserved.
NEED TO IDENTITY ENABLE?
• Legacy apps with no Identity Support?• Web apps without a policy agent - can’t, won’t, don’t
want to?• Repeatable and scalable
Copyright © 2015 ForgeRock, all rights reserved.
WHAT IS OPENIG?
Copyright © 2015 ForgeRock, all rights reserved.
Copyright © 2015 ForgeRock, all rights reserved.
NEW WITH OPENIG 3
• Support for OAuth 2.0 and OpenID Connect• Support for Scripting (Groovy)• Integrated SAMLv2 Federation• Protecting multiple Applications• Stateless Sessions• Easier dynamic configuration
Copyright © 2015 ForgeRock, all rights reserved.
“OpenIG works together with OpenAM to integrate Web applications without the need to modify the target application or the container that it runs in—delivering significant cost-savings.”
Copyright © 2015 ForgeRock, all rights reserved.
OPENIG – USE CASES
Copyright © 2015 ForgeRock, all rights reserved.
TRADITIONAL WAM
Op
enIG Custom App
Legacy
DMZ
Unsupported
■ Complementary component to OpenAM
■ Acts as a Policy Enforcement Point
■ Extend SSO/ Password Replay to any App
■ Federation SP
■ Works with all WAM solutions
Copyright © 2015 ForgeRock, all rights reserved.
PASSWORD CAPTURE AND REPLAY
• When Application:• has a proprietary authentication
system• Cannot be modified• Requires a different
authentication mechanism
Application
Copyright © 2015 ForgeRock, all rights reserved.
FEDERATE AN APPLICATION
• Existing application• Cannot be modified,
proprietary Authentication• Web Based Enterprise SSO
• Multi State Password Replay• Pass headers, variables, replay
any web based traffic statefully
• Reverse Proxy
IdP
Circle of Trust
Application
Copyright © 2015 ForgeRock, all rights reserved.
SOCIAL LOGIN WITH OIDC
• No need to store or manage password
• Works with enabled IdP:• OpenAM• Google• Facebook• …
Application
Copyright © 2015 ForgeRock, all rights reserved.
PROTECT APIS WITH OAUTH 2.0
• Obtain an OAuth 2.0 token from your IdP
• Stick it in the client application
• IG verifies the presence, validity and permissions to access APIs
API
Copyright © 2015 ForgeRock, all rights reserved.
DEMO
Copyright © 2015 ForgeRock, all rights reserved.
ROADMAP
Copyright © 2015 ForgeRock, all rights reserved.
IG 4.0 ROADMAP
• Monitoring, Reporting, Throttling
• Token Exchange using OpenAM
• Calling OpenAM policy decisions
• Common Audit• Management Interface
Copyright © 2015 ForgeRock, all rights reserved.
WHY OPENIG?
• Works with all WAM solutions – not just OpenAM• Performant and scalable• Competitive price vs legacy vendors• Customizable through scripting• Repeatable across systems and business units• Production ready
Copyright © 2015 ForgeRock, all rights reserved.
RSA Conference Asia Pacific & Japan 22 - 24 July, 2015 Singapore
Gartner Catalyst Conference 10 - 13 August, 2015 San Diego, CA
Les Assises30 September - 3 October, 2015Monaco
WHERE IN THE WORLD IS FORGEROCK?
Visit forgerock.com
Copyright © 2015 ForgeRock, all rights reserved.
THANK YOU!
Justin Pirie Senior PMM, [email protected]@justinpirie
Ludovic Poitou OpenIG & DJ PM, [email protected]@LudoMP