Preface

As a reverse proxy server (also referred to as a gateway in HTTP RFCs), OpenIG filters all traffic to and from a server application, adapting requests to protect the service and adapting responses to filter outgoing content. The credential replay functionality effectively enables single sign-on (SSO) with applications that do not integrate easily into a traditional SSO service. In reading and following the instructions in this guide, you will learn how to:

  • Install OpenIG and evaluate all OpenIG features

  • Protect server applications and integrate them with SSO solutions

  • Use OpenIG to allow an existing application to act as an OAuth 2.0 resource server

  • Use OpenIG to allow an existing application to act as an OAuth 2.0 client or OpenID Connect 1.0 Relying Party

  • Use OpenIG to allow an existing application to act as a SAML 2.0 Service Provider

  • Configure OpenIG to handle authentication in common use cases

  • Monitor and audit traffic flowing through OpenIG

  • Extend OpenIG with Groovy scripts and Java plugins

  • Troubleshoot typical problems

Using This Guide

This guide is intended for access management designers and administrators who develop, build, deploy, and maintain OpenIG for their organizations.

This guide is written so you can get started with OpenIG quickly, and learn more as you progress through the guide. This guide is also written with the assumption that you already have basic familiarity with the following topics:

  • Hypertext Transfer Protocol (HTTP), including how clients and servers exchange messages, and the role that a reverse proxy (gateway) plays

  • JavaScript Object Notation (JSON), which is the format for OpenIG configuration files

  • Managing services on operating systems and application servers

  • Configuring network connections on operating systems

  • Managing Public Key Infrastructure (PKI) used to establish HTTPS connections

  • Access management for web applications

Depending on the features you use, you should also have basic familiarity with the following topics:

  • Lightweight Directory Access Protocol (LDAP) if you use OpenIG with LDAP directory services

  • Structured Query Language (SQL) if you use OpenIG with relational databases

  • Configuring OpenAM if you use password capture and replay, or if you plan to follow the OAuth 2.0 or SAML 2.0 tutorials

  • The Groovy programming language if you plan to extend OpenIG with scripts

  • The Java programming language if you plan to extend OpenIG with plugins, and Apache Maven for building plugins

Formatting Conventions

Most examples in the documentation are created in GNU/Linux or Mac OS X operating environments. If distinctions are necessary between operating environments, examples are labeled with the operating environment name in parentheses. To avoid repetition file system directory names are often given only in UNIX format as in /path/to/server , even if the text applies to C:\path\to\server as well. Absolute path names usually begin with the placeholder /path/to/ . This path might translate to /opt/ , C:\Program Files\ , or somewhere else on your system. Command-line, terminal sessions are formatted as follows:

$ echo $JAVA_HOME
/path/to/jdk

Command output is sometimes formatted for narrower, more readable output even though formatting parameters are not shown in the command. Program listings are formatted as follows:

class Test {
    public static void main(String [] args)  {
        System.out.println("This is a program listing.");
    }
}

Accessing Documentation Online

Open Identity Platform Community publishes comprehensive documentation online:

  • The Open Identity Platform Community Documentation offers a large and increasing number of up-to-date, practical articles that help you deploy and manage Open Identity Platform software.

  • Open Identity Platform product documentation, such as this document, aims to be technically accurate and complete with respect to the software documented. It is visible to everyone and covers all product features and examples of how to use them.

Joining the Open Identity Platform Community

Visit the community resource center where you can find information about each project, download nightly builds, browse the resource catalog, ask and answer questions on the forums, find community events near you, and of course get the source code as well.

Getting Support and the Contacting Open Identity Platform Community

Open Identity Platform Community Approved Vendors provide support services, professional services, trainings, and partner services to assist you in setting up and maintaining your deployments.