If you have multiple sites and applications in your company, probably you need to provide seamless authentication to all of them. So when user logged in at one of your sites once, he does not need to enter his credentials on other sites. So, OpenAM can help you to solve all this issues. Key features of OpenAM are:

  • Authentication - OpenAM ships with more than 20 authentication modules, which you can use to customize your authentication process. Also, you can customize sequence of authentication modules, to provide multi-factor or adaptive authentication.
  • Authorization - OpenAM can also manage authorization, so you can restrict access to desired resources according to different authorization policies.
  • Identity Provider - OpenAM can act as an Identity Provider, using SAML, OAuth 2.0 or OpenID Connect 1. So, your clients can develop their own applications or websites and authenticate via OpenAM like they authenticate via Facebook or Google.
  • Single Sign On - after single authentication, user gets access to all resources protected by OpenAM. So, there is no need to authenticate at other services.
  • High Performance and Clusterization - To enable high availability for large-scale and mission-critical deployments, OpenAM provides both system failover and session failover. These two key features help to ensure that no single point of failure exists in the deployment, and that the OpenAM service is always available to end-users. Redundant OpenAM servers, policy agents, and load balancers prevent a single point of failure. Session failover ensures the user’s session continues uninterrupted, and no user data is lost.
  • Extensibility - OpenAM allows to extend just any functionality, from authentication modules to user data source. Besides, it supports UI customization to create separate end-user pages with personal branding.
  • Developer SDK - OpenAM ships with Java SDK, which allows to interact with authorization API, authentication API, manage accounts and so on…
  • Security - As OpenAM is open source, it allows community and clients test it for possible vulnerabilities, and do PEN tests.

OpenDJ is an LDAPv3 compliant directory service, which has been developed for the Java platform, providing a high performance, highly available, and secure store for the identities managed by your organization. Its easy installation process, combined with the power of the Java platform makes OpenDJ the simplest, fastest directory to deploy and manage.

  • High Perfomance. Lots of features are important, but performance is almost always near the top of the list. It needs to be extremely fast, outperforming all other servers wherever possible.
  • Vertical Scalability OpenJD is capable of handling billions of entries in a single instance on appropriately-sized hardware. It is able to make effective use of multi-CPU, multi-core machines with hundreds of gigabytes of memory.
  • Horizontal Scalability OpenDJ supports Multi Master replication to support horizontal scalability to provide fast read and write access of large amounts of data.
  • Supportability OpenDJ is easy to support and maintain. Administration is almost intuitive, and provides various of powerful tools to manage and monitor OpenDJ instances.
  • Synchronization OpenDJ supports data synchronization between instances, including not only total data synchronization but also partial synchronization (with fractional, filtered, and subtree capabilities)

The Open Identity Gateway (OpenIG) is a high-performance reverse proxy server with specialized session management and credential replay functionality.

OpenIG is an independent policy enforcement point that reduces the proliferation of passwords and ensures consistent, secure access across multiple web apps and APIs. OpenIG can leverage any standards-compliant identity provider to integrate into your current architecture. Single sign-on and sign-off improves the user experience and will vastly improve adoption rates and consumption of services provided.

  • Extend SSO to any Application
  • Federate Enabling Applications
  • Implement Standards Based Policy Enforcement

How it Works

OpenIG is essentially a Java-based reverse proxy which runs as a web application. All HTTP traffic to each protected application is routed through OpenIG, enabling close inspection, transformation and filtering of each request. You can create new filters and handlers to modify the HTTP requests on their way through OpenIG, providing the ability to recognize login pages, submit login forms, transform or filter content, and even function as a Federation endpoint for the application. All these features are possible without making any changes to the application’s deployment container or the application itself.

OpenIG works together with OpenAM to integrate Web applications without the need to modify the target application or the container that it runs in.

  • Support for identity standards (OAuth 2.0, OpenID Connect, SAML 2.0)
  • Application and API gateway concept
  • Prepackaged SAML 2.0-based federation
  • Password capture and replay
  • Works with any identity provider, including OpenAM
  • Single Sign-On and Single Log-Out

OpenIDM is an open standards based Identity Management, Provisioning and Compliance solution. Enables you to consolidate multiple identity sources for policy and workflow-based management. OpenIDM can consume, transform and feed data to external sources so that you maintain control over the identities of users, devices and other objects.

Experience shows that the most important features of an identity management product are: high flexibility in Business Process handling and compliance with open standards and interfaces. A highly flexible user interface combined with a very robust workflow engine make OpenIDM ready for any Identity Management project.

OpenIDM provides a modern UI experience that allows you to manage your data without writing a single line of code. The standard RESTful interfaces also offer ultimate flexibility so that you can customize and develop the product to fit the requirements of your deployment.

The Open Identity Connector Framework (OpenICF) project provides interoperability between identity, compliance and risk management solutions. An OpenICF Connector enables provisioning software, such as OpenIDM, to manage the identities that are maintained by a specific identity provider.

OpenICF connectors provide a consistent layer between identity applications and target resources, and expose a set of operations for the complete lifecycle of an identity. The connectors provide a way to decouple applications from the target resources to which data is provisioned.

OpenICF focuses on provisioning and identity management, but also provides general purpose capabilities, including authentication, create, read, update, delete, search, scripting, and synchronization operations. Connector bundles rely on the OpenICF Framework, but applications remain completely separate from the connector bundles. This enables you to change and update connectors without changing your application or its dependencies.

Many connectors have been built within the OpenICF framework, and are maintained and supported by ForgeRock and by the OpenICF community. However, you can also develop your own OpenICF connector, to address a requirement that is not covered by one of the existing connectors. In addition, OpenICF provides two scripted connector toolkits, that enable you to write your own connectors based on Groovy or PowerShell scripts.

Version 1.5 of the OpenICF framework can use OpenIDM, Sun Identity Manager, and Oracle Waveset connectors (version 1.1) and can use ConnID connectors up to version 1.4.