Solutions Hub
ForgeRock Service Broker for VMware Tanzu

Secure, Standards-Based Protection for Modern Applications

Compatible with TAS

与TAS兼容
Can be consumed by apps on TAS

Compatible with TKG
Can run on or be consumed by apps on TKG

与PKS兼容
Can run on or be consumed by apps on TKGI

ForgeRock Service Broker是一种保护微服务和应用的轻量级简单方法。开发人员可以轻松启用持久身份,该身份可以跨云使用,以支持“人到服务”和...

Dynamic Security with Route Service

Requests directed to the route service can be dynamically configured to leverage capabilities of the ForgeRock Identity Platform such as authentication, authorization, and traffic throttling.

Reduce Overhead with Token Transformation

Tokens may be transformed and injected with additional data to further reduce the number of calls a microservice has to make to a data store.

Secure Service-to-Service Calls with OAuth2

With OAuth2 as an identity protocol, the ForgeRock Identity Platform protects microservices and applications by securing API-to-API transactions running within Tanzu.

观看
ForgeRock Service Broker
ForgeRock 概述

ForgeRock is the Digital Identity Management company transforming the way organizations interact securely with customers, employees, devices, services, and things. The ForgeRock Service Broker is part of the ForgeRock Identity Platform™, a unified IAM solution that builds customer relationships, addresses stringent regulations for privacy and consent, and leverages the Internet of Things.

More about ForgeRock

“ForgeRock’s service broker for TAS delivers a simple way for developers to easily bring state-of-the-art identity capabilities, including authentication, multifactor authentication, authorization and adaptive risk to Tanzu.”

Daniel Raskin, SVP Product, ForgeRock

工作原理

The ForgeRock Service Broker offers multiple options to protect TAS applications.


OAuth2 Service

Token management at the application level is necessary if the application needs to call another application with an OAuth2 token.

The Service Broker registers bound applications as OAuth2 clients with the ForgeRock Identity Platform and enables applications to perform the following:

  • Request OAuth2 access tokens using the Client Secret and Client ID from the environment
  • Access applications or microservices with obtained OAuth2 tokens
  • Validate OAuth2 access tokens from the requesting applications or microservices



Route Service

Application and microservices security can be externalized using extensive capabilities of the ForgeRock Identity Platform.

Traffic to an application bound to a Route Service is routed to the ForgeRock Identity Gateway by Cloud Foundry's CF Router. This enables the ForgeRock Identity Gateway to perform the following use case:

  • Enforce authentication and authorization via ForgeRock Access Management
  • Support complex use cases with scriptable filters and handlers
  • Transform and inject token with additional data from data store or user profile




阅读文档

使用入门

立即下载