What’s Inside: Businesses Directory History Kenosha Events ...
The Future is Now: What’s New in ForgeRock Directory Services
-
Upload
forgerock -
Category
Technology
-
view
188 -
download
0
Transcript of The Future is Now: What’s New in ForgeRock Directory Services
![Page 1: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/1.jpg)
© 2017 ForgeRock. All rights reserved.
Ludovic Poitou Director, Product Management
The Future is Now: What’s New in ForgeRock Directory Services
Michelle Fallon Senior Product Marketing Manager
![Page 2: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/2.jpg)
© 2017 ForgeRock. All rights reserved.
Disclaimer
The presentation represents ForgeRock’s current view of its product development cycle and future directions. It is intended for information purposes only, and should not be interpreted as a commitment on the part of ForgeRock. ForgeRock makes no warranties, expressed or implied, on future functionality and timeline.
![Page 3: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/3.jpg)
© 2017 ForgeRock. All rights reserved.
2010 Founded
10 Offices worldwide with headquarters in San Francisco
400+ Employees
600+ Enterprise Customers
50% Americas / 50% International commercial revenues
30+ Countries
ForgeRock The leading, next-generation,
identity security software platform, driving digital business.
![Page 4: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/4.jpg)
© 2017 ForgeRock. All rights reserved.
Digital Transformation
![Page 5: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/5.jpg)
© 2017 ForgeRock. All rights reserved.
Everyone And
Every Thing
Identity For
Customer Identity Relationship Management
![Page 6: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/6.jpg)
© 2017 ForgeRock. All rights reserved.
ForgeRock Identity Platform
UMA Provider Mobile App Synchronization Auditing
LDAPv3 REST/JSON
Replication Access Control
Schema Management
Caching
Auditing
Monitoring
Groups
Password Policy
Active Directory Pass-thru
Reporting
Authentication Authorization Provisioning User Self-Service Authentication OIDC / OAuth2
Federation / SSO User Self-Service Workflow Engine Reconciliation Password Replay SAML2
Adaptive Risk Stateless/Stateful Registration Aggregated User View
Message Transformation
API Security Scripting
Built from Open Source Projects:
UMA Resource
Access Management Identity Management Identity Gateway
Directory Services
Com
mon
RES
T AP
I
Com
mon
Use
r Int
erfa
ce
Com
mon
Aud
it/Lo
ggin
g
Com
mon
Scr
iptin
g
![Page 7: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/7.jpg)
© 2017 ForgeRock. All rights reserved.
Directory Services
• Specialized identity store • Rapid deployment • Global replication • Massive scale/performance • Extensive security • Password management • REST & LDAP APIs
1 self-contained
app
5 min. download
to install
1 module
1B+ entries
![Page 8: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/8.jpg)
© 2017 ForgeRock. All rights reserved.
Directory Services Scalability
![Page 9: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/9.jpg)
© 2017 ForgeRock. All rights reserved.
Directory Proxy Server
Access Layer
Directory Service Layer
LDAP | REST
dc=Tenant1,dc=com dc=Tenant2,dc=com
![Page 10: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/10.jpg)
© 2017 ForgeRock. All rights reserved.
ForgeRock Directory Service 5.0
• Two Modules : Directory Server & Directory Proxy Server • Single download • Role selected at Installation
• setup [directory-‐server] –port 1389 … • setup proxy-‐server –port 1389 …
• New Setup tool, no more GUI
![Page 11: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/11.jpg)
© 2017 ForgeRock. All rights reserved.
Directory Proxy Server
• Introduces a “Proxy Backend” • Remote services can be discovered:
• List of DS • List of Replication Servers
• Automatically handles replica DS • Also retrieves replica group to prioritize local servers
• Load-balancing: Affinity, Least requests • Failover with primary/secondary services • Uses “Proxy AuthZ control” between Proxy and DS
![Page 12: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/12.jpg)
© 2017 ForgeRock. All rights reserved.
Supporting JSON
• Added support for JSON Syntax myA;r: { "_id":"bjensen", "_rev":"123", "name": { "first": "Babs", "surname": "Jensen" }, "age": 25, "roles": [ "sales", "admin" ] }
• JSON Validation configurable • Added JSON Matching Rules
ldapsearch … "(myA;r=age lt 30 and name/first sw ’b')"
• Can be indexed • Can be customized for finer indexing and matching
![Page 13: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/13.jpg)
© 2017 ForgeRock. All rights reserved.
Indexing JSON Attributes $ dsconfig -‐h localhost -‐p 4444 -‐D "cn=Directory Manager" -‐w secret12 -‐X –n set-‐backend-‐index-‐prop -‐-‐backend-‐name userRoot -‐-‐index-‐name myA;r -‐-‐set index-‐type:equality $ dsconfig -‐h localhost -‐p 4444 -‐D "cn=Directory Manager" -‐w secret12 -‐X -‐n create-‐schema-‐provider -‐-‐provider-‐name "Json Schema" -‐-‐type json-‐schema -‐-‐set enabled:true -‐-‐set case-‐sensi_ve-‐strings:false -‐-‐set ignore-‐white-‐space:true -‐-‐set matching-‐rule-‐name:caseIgnoreJsonQueryMatch -‐-‐set matching-‐rule-‐oid:1.3.6.1.4.1.36733.2.1.4.1 -‐-‐set indexed-‐field:_id -‐-‐set "indexed-‐field:name/**"
![Page 14: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/14.jpg)
© 2017 ForgeRock. All rights reserved.
REST 2 LDAP
• Sub-Resources • Sub-Types • Versioning • Multi-Tenant Support • Integration of Attributes with
JSON syntax • OAuth2 protected • Exposes API Descriptors
(OpenAPI)
![Page 15: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/15.jpg)
© 2017 ForgeRock. All rights reserved.
DevOps
• Support and document use of HSM • HSM support through the JVM and PKCS11 • Now documented
• Easier automated deployments in the Cloud • Simplification of KeyStore(s) and TrustStore(s) • Possible to use expressions in config.ldif
• ds-‐cfg-‐listen-‐port: ${env['OPENDJ_PORT']} • ds-‐cfg-‐listen-‐port: ${readProper_es(config.proper_es)['port']} • But not through dsconfig
• Support running in Docker containers • Template images in Beta
![Page 16: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/16.jpg)
© 2017 ForgeRock. All rights reserved.
More Security
• New Security Guide • New option to install for
production use • More secure default settings
• Password Policy • Cipher Suites
![Page 17: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/17.jpg)
© 2017 ForgeRock. All rights reserved.
LDAP Based KeyStore
• Extension to Keytool and OpenDJ directory schema
• Centralizes public key, private management
• Everything is encrypted • And can be replicated for
availability
![Page 18: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/18.jpg)
© 2017 ForgeRock. All rights reserved.
Directory Service 5.0 Summary
• One Download • Two Modules: Directory Server & Directory Proxy Server • First phase towards Elastic Horizontal Scalability, for the Cloud • Consolidated Backend Story. JE is here to stay. • JSON Support in the data • Secure REST and LDAP access • More security out of the box
![Page 19: The Future is Now: What’s New in ForgeRock Directory Services](https://reader031.fdocuments.in/reader031/viewer/2022030312/58edc8861a28ab340c8b46e7/html5/thumbnails/19.jpg)
© 2017 ForgeRock. All rights reserved.
Thank You