OpenIG is a reverse proxy with session management and credential replay functionality. It runs as a web application in Apache Tomcat or Jetty. By using OpenIG you can provide identity and access management solutions for just about any web application, and you can do it without touching the web application itself. OpenIG supports standards like OAuth 2.0, OpenID Connect 1.0, and SAML 2.0, and of course integrates well with ForgeRock’s software stack. Furthermore, OpenIG is extensible through built-in Groovy support and Java plugin points.
As a minor release, OpenIG 3.1.0 is backward compatible with 3.0.0 so you can try it with your existing configuration.
You can then start to take advantage of new features:
- A JWT session implementation lets you store all state on the client side as long as it fits in a browser cookie whose value is the session data in an encrypted JWT. OpenIG holds the keys for encryption and decryption to prevent anyone else from accessing the session data. By delegating storage of all state data to the user-agent, you can scale out your deployment without having to configure OpenIG’s container to share session data.
- Inline configuration objects and other improvements make OpenIG configuration files easier to read.
- Configuration object decorators make it straightforward to capture requests, responses, and exchange data, to time operations, and to audit OpenIG operations.
- A publish-and-subscribe audit framework and sample monitoring handler returns basic statistics about OpenIG operations.
- Other improvements make console logs easier to read, script parameters easier to set, OAuth 2.0/OpenID Connect filters more performant, and client information easier to discover.