By now you have probably read the news about the ForgeRock Identity Platform 5.0 release.
This major platform update comes with many documentation changes and improvements:
- Access Management docs are now arranged to make it much easier for you to find all the details about new features and specific capabilities (User Self Service, OAuth 2.0, SSO, Authorization, and more). Since long-time readers who know where everything was might find this disconcerting at first, we also included a map to the new doc set. Don’t forget to check out Amster, too, which is new, and lets you do configuration as (file-based) artifacts.
- Identity Management is covered with the same titles as the previous platform update, but a lot of new features that make integration easier. (Integrated social identity provider support, better system connector support, additional audit event handlers, HSM support, etc.)
- Directory Services now has a Security Guide covering all the features for protecting your deployment, a new configuration reference, a bunch of smaller doc improvements, and full coverage of new features (LDAP proxy, native JSON syntax, tools improvements, documented HSM support, and so on).
- Identity Gateway docs now include a Deployment Guide aimed at those of you working in DevOps environments. They also cover all the new features, from the developer Studio to SSO filters and everything in between.
- Platform docs make their first appearance in the update. Try the DevOps examples, which point to a more cloud-friendly way of deploying the platform. And if you are new to ForgeRock software, start with the platform guide that maps the functional modules to the documentation that describes them.
Hope you have no trouble finding what you need.
OpenAM’s capabilities have grown significantly in the last few releases, with the result that even the product docs outgrew the old organization. Thanks to Chris Lee, Cristina Herraz, David Goldsmith, and Gene Hirayama, the draft docs are now arranged to make it easier to find just what you are looking for.
Instead of a guide-based doc set, what you see now are topic-oriented categories that bring you right to the features you want to use:
- Try OpenAM (up and running quickly, ready for evaluation)
- Access Management (authentication and single sign-on, authorization, RADIUS)
- Federation (OAuth 2.0, OpenID Connect 1.0, SAML, STS)
- User Services (self-registration, self-serve account and password management, self-serve sharing using UMA)
- Installation and Maintenance (plan, install, set up, upgrade, and maintain access management services)
- Extensibility (REST APIs, Java APIs and SPIs, C SDK)
- Policy Agents (for enforcing policy on web sites and in Java web applications)
Each guide is written so that you find everything about a topic in one place. Are you focused on centralizing access policies for authorization? Read the Authorization Guide. Interested in granting access to account info for modern mobile and web applications using OpenID Connect? See the OpenID Connect 1.0 Guide. Participating in a federation of SAML 2 providers? Check out the SAML 2.0 Guide.
Those of you who knew the old layout intimately are probably going to wonder, “Where did you move my stuff?” In fact, there is a guide for that, too. Having Trouble Finding Something? indicates where your stuff went, with tables of correspondence from each section in the old layout to the topic in the new layout.
Great to see this leap forward towards a topic-based documentation set for OpenAM!
Common Audit is another new feature of the ForgeRock platform.
Common Audit is part of the platform-wide infrastructure: a framework to handle audit events using common audit event handlers that are plugged in to the individual products. The handlers record events, logging them for example into files, relational databases, or syslog. Because handlers are pluggable, new handlers can be added to interoperate with your systems that store and analyze audit data.
Each audit event is identified by a unique transaction ID. The IDs can be communicated across the products and recorded for each local event. The transaction ID is the means to track requests as they traverse the platform.
In the current platform, configuring handlers depends on the product. So there are several places in the docs to read about how to configure Common Audit:
In addition, if you want to get the source code for Common Audit, or are interested in trying out new handlers and developments, you can find it on the ForgeRock Stash server. Right now it is in the forgerock-audit git repository. (To access most code on the ForgeRock Stash server, sign in with your ForgeRock credentials. You can sign up if you have not done so.)
Perhaps you have read yesterday’s news about ForgeRock launching the updated identity platform.
Those of us who spent the last year working on this update are proud of all the new capabilities, from the integration achieved with common components to the depth and breadth of new features across all the products in the platform.
Looking for detailed lists of what’s new? Here are some quick links to each of the products’ release notes:
I’ll drill down on some of those in future posts.
Welcome to Joanne Henry who joined the ForgeRock documentation team today. Good to work with you again, Joanne.
Joanne has experience as a technical writer and team leader for a variety of projects from chips to consumer electronics to medical software to LDAP. In all of these situations, Joanne has managed to deliver useful documentation for users and to improve the way the team works.
Joanne’s now bringing her diligence, clear thinking, and focus to the OpenIG project. Good news for those of you figuring out how to protect your applications and APIs!
This past Thursday ForgeRock released OpenAM 12.0.0, a major update with so many improvements and new features that this post only hits a few highlights. You can download OpenAM 12.0.0 from http://forgerock.com/download-stack/.
OpenAM provides an access management solution handling authentication and authorization for all sorts of applications, no doubt including yours. OpenAM does SSO with delegated authentication to over 20 authn services out of the box, authorization both though centralized policies and also using delegated approaches (OAuth 2.0, etc.), security token brokering and more. OpenAM supports a rich set of standards like SAML, OAuth 2.0, OpenID Connect, GSMA Mobile Connect, not to mention standards for authentication. Of course OpenAM is open source and fully extensible as well. The OpenAM service runs as a web application in a variety of containers such as JBoss, Tomcat, WebLogic and WebSphere. OpenAM policy enforcement agents give you out-of-the box protection for many web sites and web applications, though you can also do your own enforcement using OpenAM’s REST APIs.
As a major release, OpenAM 12.0.0 is leap forward in many areas:
- Default end user pages now use responsive, client-side layout with lots of self-service features (self-registration, password reset, app management, etc.) ready to go.
- Wizards make it a snap to delegate authentication to Facebook, Google, MSN and other online providers.
- Policy administration works through a new wizard-based editor, and both policy administration and policy evaluation have well-defined REST APIs for all operations.
- Security token services now come with a REST API.
- OpenAM supports OAuth 2.0 and OpenID Connect 1.0 more fully than before, with additional support for GSMA Mobile Connect.
- And much more…
To see the whole list of features, start by reading the Release Notes for details. Full documentation is available on docs.forgerock.org.
When you start using OpenAM 12.0.0 and find that you have questions, in addition to the mailing list ForgeRock also now provides an OpenAM Forum. We look forward to hearing from you.
This past Friday ForgeRock released OpenIG 3.1.0, an official minor release for which you can get support from ForgeRock. You can download OpenIG 3.1.0 from http://forgerock.com/download-stack/.
OpenIG is a reverse proxy with session management and credential replay functionality. It runs as a web application in Apache Tomcat or Jetty. By using OpenIG you can provide identity and access management solutions for just about any web application, and you can do it without touching the web application itself. OpenIG supports standards like OAuth 2.0, OpenID Connect 1.0, and SAML 2.0, and of course integrates well with ForgeRock’s software stack. Furthermore, OpenIG is extensible through built-in Groovy support and Java plugin points.
As a minor release, OpenIG 3.1.0 is backward compatible with 3.0.0 so you can try it with your existing configuration.
You can then start to take advantage of new features:
- A JWT session implementation lets you store all state on the client side as long as it fits in a browser cookie whose value is the session data in an encrypted JWT. OpenIG holds the keys for encryption and decryption to prevent anyone else from accessing the session data. By delegating storage of all state data to the user-agent, you can scale out your deployment without having to configure OpenIG’s container to share session data.
- Inline configuration objects and other improvements make OpenIG configuration files easier to read.
- Configuration object decorators make it straightforward to capture requests, responses, and exchange data, to time operations, and to audit OpenIG operations.
- A publish-and-subscribe audit framework and sample monitoring handler returns basic statistics about OpenIG operations.
- Other improvements make console logs easier to read, script parameters easier to set, OAuth 2.0/OpenID Connect filters more performant, and client information easier to discover.
Start with the Release Notes for details. Full documentation is available on docs.forgerock.org. Also check out the articles written by Ludo and Guillaume.
When you have questions, in addition to the mailing list ForgeRock also now provides an OpenIG Forum. Stop by to let us know what you think of OpenIG 3.1.0.