Solutions Hub
ForgeRock Service Broker for VMware Tanzu

Secure, Standards-Based Protection for Modern Applications

Compatible with TAS

Compatible with TAS
Can be consumed by apps on TAS

Compatible with TKG
Can run on or be consumed by apps on TKG

Compatible with TKGI
Can run on or be consumed by apps on TKGI

The ForgeRock Service Broker is a lightweight, simple way to protect microservices and applications. Developers can easily enable a persistent identity, portable across clouds for people-to-service and service-to-service (API-to-API) use cases. With multiple options for deployment, the broker offers extensive capabilities for using the ForgeRock Identity Platform to secure applications running in Tanzu Application Service (TAS).

Checkmark icon

Dynamic Security with Route Service

Requests directed to the route service can be dynamically configured to leverage capabilities of the ForgeRock Identity Platform such as authentication, authorization, and traffic throttling.

Checkmark icon

Reduce Overhead with Token Transformation

Tokens may be transformed and injected with additional data to further reduce the number of calls a microservice has to make to a data store.

Checkmark icon

Secure Service-to-Service Calls with OAuth2

With OAuth2 as an identity protocol, the ForgeRock Identity Platform protects microservices and applications by securing API-to-API transactions running within Tanzu.

ForgeRock Service Broker
ForgeRock Overview

ForgeRock is the Digital Identity Management company transforming the way organizations interact securely with customers, employees, devices, services, and things. The ForgeRock Service Broker is part of the ForgeRock Identity Platform™, a unified IAM solution that builds customer relationships, addresses stringent regulations for privacy and consent, and leverages the Internet of Things.

More about ForgeRock

“ForgeRock’s service broker for TAS delivers a simple way for developers to easily bring state-of-the-art identity capabilities, including authentication, multifactor authentication, authorization and adaptive risk to Tanzu.”

Daniel Raskin, SVP Product, ForgeRock

How It Works

The ForgeRock Service Broker offers multiple options to protect TAS applications.

OAuth2 Service

Token management at the application level is necessary if the application needs to call another application with an OAuth2 token.

The Service Broker registers bound applications as OAuth2 clients with the ForgeRock Identity Platform and enables applications to perform the following:

  • Request OAuth2 access tokens using the Client Secret and Client ID from the environment
  • Access applications or microservices with obtained OAuth2 tokens
  • Validate OAuth2 access tokens from the requesting applications or microservices

Route Service

Application and microservices security can be externalized using extensive capabilities of the ForgeRock Identity Platform.

Traffic to an application bound to a Route Service is routed to the ForgeRock Identity Gateway by Cloud Foundry's CF Router. This enables the ForgeRock Identity Gateway to perform the following use case:

  • Enforce authentication and authorization via ForgeRock Access Management
  • Support complex use cases with scriptable filters and handlers
  • Transform and inject token with additional data from data store or user profile

Read the documentation

Get Started

Download Now
Down arrow

Let’s talk.

Contact us about ForgeRock Service Broker for VMware Tanzu.

Thank you for your interest!

We will get back to you shortly.

Thank you for your interest!

We will get back to you shortly.