/openig

The Open Identity Gateway is a high-performance reverse proxy server with specialized session management and credential replay functionality.

Primary LanguageJava

OpenIG - The Open Identity Gateway

The Open Identity Gateway (OpenIG) is a high-performance reverse proxy server with specialized session management and credential replay functionality.

OpenIG works together with OpenAM to integrate Web applications without the need to modify the target application or the container that it runs in.

  • Support for identity standards (OAuth 2.0, OpenID Connect, SAML 2.0)
  • Application and API gateway concept
  • Prepackaged SAML 2.0-based federation
  • Password capture and replay
  • Works with any identity provider, including OpenAM
  • Single Sign-On and Single Log-Out
  • 100% open source

The project is led by ForgeRock who integrate the OpenAM, OpenIDM, OpenDJ, OpenICF, and OpenIG open source projects to provide a quality-assured ForgeRock Identity Platform. Support, professional services, and training are available for the Identity Platform, providing stability and safety for the management of your digital identities.

To find out more about the services ForgeRock provides, visit www.forgerock.com.

To view the OpenDJ project page, which also contains all of the documentation, visit https://forgerock.org/openig/.

For a great place to start, take a look at the OpenIG Gateway Guide.

For further help and discussion, visit the community forums.

Getting the Open Identity Gateway

You can obtain the OpenIG Application in one of two ways:

Download It

The easiest way to try OpenIG is to download the binary file and follow the Gateway Guide.

You can download either:

  1. An enterprise release build.
  2. The nightly build which contains the latest features and bug fixes, but may also contain in progress unstable features.

Build the Source Code

In order to build the project from the command line follow these steps:

Prepare your Environment

To build OpenIG you will need the following installed on the machine you're going to build on:

Software Required Version
Java JDK Version 7 and above (see below)
Git 1.7.6 and above
Maven 3.1.0 and above

ForgeRock does not support the use of Java 9 for running OpenIG in production, but it is fine for building the code.

You should also set the following environment variables for the majority of versions;

JAVA_HOME - set to the directory in which your SDK is installed
MAVEN_OPTS - When building with Java 7 set this to '-Xmx1g -XX:MaxPermSize=512m'. Java 8 and above does not support MaxPermSize so set this to '-Xmx1g'.

Getting the Code

The central project repository lives on the ForgeRock Bitbucket Server at https://stash.forgerock.org/projects/OPENIG.

Mirrors exist elsewhere (for example GitHub) but all contributions to the project are managed by using pull requests to the central repository.

There are two ways to get the code - if you want to run the code unmodified you can clone the central repo (or a reputable mirror):

git clone https://stash.forgerock.org/scm/openig/openig.git

If, however, you are considering contributing bug fixes, enhancements, or modifying the code you should fork the project and then clone your private fork, as described below:

  1. Create an account on BackStage - You can use these credentials to create pull requests, report bugs, and download the enterprise release builds.
  2. Log in to the Bitbucket Server using your BackStage account credentials.
  3. Fork the openig repository. This will create a fork for you in your own area of Bitbucket Server. Click on your profile icon then select 'view profile' to see all your forks.
  4. Clone your fork to your machine; git clone https://stash.forgerock.org/scm/~username/openig.git

Obtaining the code this way will allow you to create pull requests later.

Building the Code

The OpenIG build process and dependencies are managed by Maven. The first time you build the project, Maven will pull down all the dependencies and Maven plugins required by the build, which can take a significant amount of time. Subsequent builds will be much faster!

$ cd openig
$ mvn clean install

Executing the OpenIG build is as simple as:

mvn -pl openig-war jetty:run

And you should see something like:

...
THU NOV 19 16:33:40 CET 2015 (INFO) _Router
Added route 'sts' defined in file '.../config/routes/openam-sts-oidc-to-saml.json'
------------------------------
...
Started ServerConnector@61843cc8{HTTP/1.1}{0.0.0.0:8080}
Started @10366ms
Started Jetty Server
Starting scanner at interval of 10 seconds.

The next step is then to go to http://localhost:8080 where you'll see the OpenIG welcome page.

Getting Started With OpenIG

ForgeRock provide a comprehensive set of documents for OpenIG, including the nightly docs gateway guide, Reference Guide, Release Notes and Javadocs:

Contributing

There are many ways to contribute to the OpenIG project. You can contribute to the OpenIG Docs Project, report or submit bug fixes, or contribute extensions such as custom authentication modules, authentication scripts, policy scripts, dev ops scripts, and more.

Versioning

ForgeRock produce an enterprise point release build. These builds use the versioning format X.0.0 (for example 3.0.0, 4.0.0) and are produced yearly. These builds are free to use for trials, proof of concept projects and so on. A license is required to use these builds in production.

Users with support contracts have access to sustaining releases that contain bug and security fixes. These builds use the versioning format 3.0.x (for example 3.1.1 is a sustaining release). Users with support contracts also get access to quality-assured interim releases, such as the forthcoming OpenIG 4.5.0.

Authors

See the list of contributors who participated in this project.

License

This project is licensed under the Common Development and Distribution License (CDDL). The following text applies to both this file, and should also be included in all files in the project:

The contents of this file are subject to the terms of the Common Development and Distribution License (the License). You may not use this file except in compliance with the License.

You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the specific language governing permission and limitations under the License.

When distributing Covered Software, include this CDDL Header Notice in each file and include the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL Header, with the fields enclosed by brackets [] replaced by your own identifying information: "Portions copyright [year] [name of copyright owner]".

Copyright 2016 ForgeRock AS.

All the Links!

To save you sifting through the readme looking for 'that link'...

Acknowledgments

  • Sun Microsystems.
  • The founders of ForgeRock.
  • The good things in life.