The ForgeRock Service Broker is a lightweight, simple way to protect microservices and applications. Developers can easily enable a persistent identity, portable across clouds for people-to-service and service-to-service (API-to-API) use cases. With multiple options for deployment, the broker offers extensive capabilities for using the ForgeRock Identity Platform to secure applications running in PCF.
Dynamic Security with Route Service
Requests directed to the route service can be dynamically configured to leverage capabilities of the ForgeRock Identity Platform such as authentication, authorization, and traffic throttling.
Reduce Overhead with Token Transformation
Tokens may be transformed and injected with additional data to further reduce the number of calls a microservice has to make to a data store.
Secure Service-to-Service Calls with OAuth2
With OAuth2 as an identity protocol, the ForgeRock Identity Platform protects microservices and applications by securing API-to-API transactions running within Pivotal Cloud Foundry.
ForgeRock is the Digital Identity Management company transforming the way organizations interact securely with customers, employees, devices, services, and things. The ForgeRock Service Broker is part of the ForgeRock Identity Platform™, a unified IAM solution that builds customer relationships, addresses stringent regulations for privacy and consent, and leverages the Internet of Things.
The service is documented with instructions for setup and operation.
Supports high availability against internal service failures to minimize downtime for bound applications.
Multi-Availability Zone support. Make use of multiple availability zones in cloud deployments to support failover.
Get visibility into details of service operation through standard monitoring and logging tools for products and Pivotal Cloud Foundry.
Developers have control over when to upgrade to new versions, subject to policies set by operators, so that app modifications and downtime can be managed.
“ForgeRock’s Pivotal Cloud Foundry broker delivers a simple way for developers to easily bring state-of-the-art identity capabilities, including authentication, multifactor authentication, authorization and adaptive risk to Pivotal Cloud Foundry.”
Daniel Raskin, SVP Product, ForgeRock
The ForgeRock Service Broker offers multiple options to protect Pivotal Cloud Foundry applications.
Token management at the application level is necessary if the application needs to call another application with an OAuth2 token.
The Service Broker registers bound applications as OAuth2 clients with the ForgeRock Identity Platform and enables applications to perform the following:
- Request OAuth2 access tokens using the Client Secret and Client ID from the environment
- Access applications or microservices with obtained OAuth2 tokens
- Validate OAuth2 access tokens from the requesting applications or microservices
Application and microservices security can be externalized using extensive capabilities of the ForgeRock Identity Platform.
Traffic to an application bound to a Route Service is routed to the ForgeRock Identity Gateway by Cloud Foundry's CF Router. This enables the ForgeRock Identity Gateway to perform the following use case:
- Enforce authentication and authorization via ForgeRock Access Management
- Support complex use cases with scriptable filters and handlers
- Transform and inject token with additional data from data store or user profile