The ForgeRock Service Broker offers multiple options to protect Tanzu applications.
Token management at the application level is necessary if the application needs to call another application with an OAuth2 token.
The Service Broker registers bound applications as OAuth2 clients with the ForgeRock Identity Platform and enables applications to perform the following:
- Request OAuth2 access tokens using the Client Secret and Client ID from the environment
- Access applications or microservices with obtained OAuth2 tokens
- Validate OAuth2 access tokens from the requesting applications or microservices
Application and microservices security can be externalized using extensive capabilities of the ForgeRock Identity Platform.
Traffic to an application bound to a Route Service is routed to the ForgeRock Identity Gateway by Cloud Foundry's CF Router. This enables the ForgeRock Identity Gateway to perform the following use case:
- Enforce authentication and authorization via ForgeRock Access Management
- Support complex use cases with scriptable filters and handlers
- Transform and inject token with additional data from data store or user profile