Distributed Authentication in ForgeRock OpenAM

Let me start with a word of caution. I made a screen-cast to demonstrate the Distributed Authentication in ForgeRock OpenAM and you’ll find the same embedded on this post. Some of my actions in there are questionable and should never be attempted even in a development environment, such as setting a URL in the OpenAM Administration Console to redirect to after a Successful Authentication. This video demonstration is solely intended to give a hint on the positioning of Distributed Authentication UI in OpenAM Deployment Topology, but several other things like Network/Firewall configuration, Post Authentication Processing that goes hand in hand with the Distributed Authentication in OpenAM was beyond the scope of this short screen-cast. I really hope you get an idea on what the Distributed Authentication in OpenAM is expected to achieve.

The following illustration might give you an idea on what’s demonstrated in the video. We have a client network who cannot (or who is not supposed to) access the OpenAM Server in a different Network directly (say for Security reasons). So in a Demilitarized Zone (DMZ) or Perimeter Network, we have a Server that offers a Distributed Authentication UI to the clients from the ‘untrusted network’. That way, the clients get to see the UI of OpenAM by access the Server in DMZ, who would in turn talk to the OpenAM Server through a trusted channel. As one can imagine, Network Configuration like Firewall plays an important role in a deployment scenario, but sadly that’s all beyond the scope in our mini demonstration.

DistributedAuthUI
So if you have ~10 minutes to spare, watch it

Enjoy!

Thanks: ForgeRock Documentation on OpenAM

This blog post was first published @ www.fedji.com, included here with permission.

3 Comments

Comments are closed.

  1. Isn’t the DAS discontinued in OpenAM 13? What’s the recommended replacement?

  2. Rajesh R 3 years ago

    @bertrand-carliersolucom-fr Yes, DAS is discontinued in OpenAM 13. We recommend ForgeRock OpenIG as a replacement for DAS. You can get that information from the ForgeRock OpenAM 13.0.0-Snapshot Release Notes (Page no. 10)

    http://openam.forgerock.org/doc/OpenAM-13.0.0-SNAPSHOT-Release-Notes.pdf

  3. Rajesh R 3 years ago

    @bertrand-carliersolucom-fr I’ve made several video demonstrations on ForgeRock OpenIG. One that explains the interaction between ForgeRock OpenIG and OpenAM can be found at the link as mentioned below:

    http://www.fedji.com/blogs/forgerock/forgerock-openig-getting-credentials-from-forgerock-openam/

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?