ForgeRock Service Broker for PCF

Secure, Standards-Based Protection for Cloud Foundry Applications

ForgeRock Service Broker是一种保护微服务和应用的轻量级简单方法。开发人员可以轻松启用持久身份,该身份可以跨云使用,以支持“人到服务”和...

Dynamic Security with Route Service

Requests directed to the route service can be dynamically configured to leverage capabilities of the ForgeRock Identity Platform such as authentication, authorization, and traffic throttling.

Reduce Overhead with Token Transformation

Tokens may be transformed and injected with additional data to further reduce the number of calls a microservice has to make to a data store.

Secure Service-to-Service Calls with OAuth2

With OAuth2 as an identity protocol, the ForgeRock Identity Platform protects microservices and applications by securing API-to-API transactions running within Pivotal Cloud Foundry.

ForgeRock Service Broker
ForgeRock 概述

ForgeRock is the Digital Identity Management company transforming the way organizations interact securely with customers, employees, devices, services, and things. The ForgeRock Service Broker is part of the ForgeRock Identity Platform™, a unified IAM solution that builds customer relationships, addresses stringent regulations for privacy and consent, and leverages the Internet of Things.

More about ForgeRock

Integration Features

The service is documented with instructions for setup and operation.

Supports high availability against internal service failures to minimize downtime for bound applications.

Multi-Availability Zone support. Make use of multiple availability zones in cloud deployments to support failover.

Get visibility into details of service operation through standard monitoring and logging tools for products and Pivotal Cloud Foundry.

Developers have control over when to upgrade to new versions, subject to policies set by operators, so that app modifications and downtime can be managed.

“ForgeRock’s Pivotal Cloud Foundry broker delivers a simple way for developers to easily bring state-of-the-art identity capabilities, including authentication, multifactor authentication, authorization and adaptive risk to Pivotal Cloud Foundry.”

Daniel Raskin, SVP Product, ForgeRock


The ForgeRock Service Broker offers multiple options to protect Pivotal Cloud Foundry applications.

OAuth2 Service

Token management at the application level is necessary if the application needs to call another application with an OAuth2 token.

The Service Broker registers bound applications as OAuth2 clients with the ForgeRock Identity Platform and enables applications to perform the following:

  • Request OAuth2 access tokens using the Client Secret and Client ID from the environment
  • Access applications or microservices with obtained OAuth2 tokens
  • Validate OAuth2 access tokens from the requesting applications or microservices

Route Service

Application and microservices security can be externalized using extensive capabilities of the ForgeRock Identity Platform.

Traffic to an application bound to a Route Service is routed to the ForgeRock Identity Gateway by Cloud Foundry's CF Router. This enables the ForgeRock Identity Gateway to perform the following use case:

  • Enforce authentication and authorization via ForgeRock Access Management
  • Support complex use cases with scriptable filters and handlers
  • Transform and inject token with additional data from data store or user profile