I am excited to announce Anypoint Platform's support for ForgeRock's OpenAM! As with the PingFederate support that came natively with the release of the Anypoint Platform for APIs last year, our new out-of-the-box support with OpenAM is seamless and can be configured for any organization with the push of a button. Once configured with OpenAM as an external identity provider, Anypoint Platform supports two key capabilities:
The ability to support SAML 2.0 based identity federation
This capability allows an organization's user base to log into Anypoint Platform using their existing credentials as-is – in other words, no need to duplicate or recreate all users in Anypoint Platform from scratch. Furthermore, the login process can be completely customized to follow an organization's standard login process – be it simple authentication, multi-factor authentication, or an SSO page meant to be used by all organizational applications.
As users log in, their profile is automatically created within Anypoint Platform. What's more, their identity is automatically mapped to roles within the platform (and as such, to the users are assigned the appropriate permissions to APIs and environments) through the mapping of a SAML assertion to roles which can be configured by the Anypoint Platform's role administration UI as shown in the screenshot below.
The use of OpenAM as an OAuth 2.0 server
The second capability that is now supported out-of-the-box is the use of OpenAM as an OAuth 2.0 server. When configured with OpenAM as the external identity provider, an Anypoint Platform organization's application registrations by API consumers (through the API portal) will automatically lead to the creation of OAuth 2.0 clients within OpenAM. Furthermore, the application of the new pre-packaged OpenAM policy to an API will ensure that all incoming requests to an API require a valid OAuth 2.0 token obtained by using the client ID and client secret of a registered and approved application.
If you are interested in using these new OpenAM capabilities, please review our updated external identity documentation pages. Looking forward, we are planning to introduce a generic SAML 2.0 federation capability that would allow the Anypoint Platform to be integrated with any SAML 2.0 compliant identity federation solution. Stay tuned!