ForgeRock® Identity Gateway Core Concepts

Chapter 1: Integrating a web site and a legacy application with IG

Describe the role and use cases where IG fits within a ForgeRock Identity Platform solution, basic concepts of IG, and how to perform a basic installation and configuration of IG.

Lesson 1: Introducing ForgeRock Identity Gateway

• Provide an overview of IG
• Discuss IG use cases
• Present IG features

Lesson 2: Fronting a website with IG

• Show how IG acts as a reverse proxy
• Discuss proxying WebSocket traffic
• Describe installation requirements and install IG
• Use IG Studio to protect a website
• Examine IG configuration structure

Lesson 3: Routing and processing requests and responses

• Understand how IG routes requests depending on external conditions
• Describe how Handlers direct requests and responses within a route
• Explain how filters process requests and responses
• Implement password replay

Lesson 4: Understanding IG Object Model and Logging

• Understand the IG object model
• Examine request, response, context and session
• Use a CaptureDecorator to perform logging
• Configure the FileAttributesFilter

Chapter 2: Configuring Agentless Single Sign-On

Demonstrate how to integrate single sign-on in an IG solution by delegating authentication to either an AM solution, including cross-domain, an OIDC provider, or a SAML2 Identity provider.

Lesson 1: Implementing authentication with the SingleSignOnFilter

• Use Freeform technology preview to protect a website
• Configure an AM Service
• Describe the use of the SingleSignOnFilter
• Retrieve information from AM using the UserProfileFilter and SessionInfoFilter

Lesson 2: Configuring CDSSO for the legacy application

• Describe and implement a CrossDomainSingleSignOnFilter

Lesson 3: Performing SSO with IG as an OpenID Connect relying party

• Describe and implement an OAuth2ClientFilter

Lesson 4: Providing SSO with IG as a SAML2 Service Provider

• Describe and implement a SAML2FederationHandler
• Describe and implement a DispatchHandler

Chapter 3: Controlling access with IG as Policy Enforcement Point

Use IG as a policy enforcement point to protect a given web application, where AM is the policy decision point, using policies and policies with advice to provide authentication step-up and transactional authorization.

Lesson 1: Implementing authorization with a PolicyEnforcementFilter

• Describe and implement a PolicyEnforcementFilter

Lesson 2: Providing step-up authentication and transactional authorization

• Describe and implement step-up authentication
• Describe and implement transactional authorization

Chapter 4: Protecting a REST API

Use IG as an OAuth2 resource server to protect a REST API and demonstrate how the solution can be extended by using scripting.

Lesson 1: Configuring IG as an OAuth2 resource server

• Describe and implement an OAuth2ResourceServerFilter
• List access token resolvers
• Observe the flow with the TokenIntrospectionAccessTokenResolver

Lesson 2: Extending functionality with scripts

• Describe the scripting framework for extending IG functionality
• Examine and implement dynamic scopes solution

Chapter 5: Preparing for production with IG

Highlight various areas that must be taken into account when preparing to go to production with an IG solution, such as maintenance, tuning, security, and deployment.

Lesson 1: Auditing, monitoring and tuning an IG solution

• Describe and implement auditing
• Discuss monitoring
• Examine tuning questions

Lesson 2: Developing awareness of security questions with IG

• Discuss IG best practices regarding security
• Examine and implement common secrets
• Describe and implement throttling

Lesson 3: Deploying IG

• Describe and implement property value substitution
• Set up multiple IG instances