ForgeRock Wamulator Using OpenIG

Hadi Ahmadi 19/07/2016

In collaboration with the LDS Church, Nulli has designed and implemented a solution that integrates the ForgeRock™ OpenIG and OpenAM over a Docker™ machine.

ForgeRock Wamulator provides an isolated IAM environment to simplify testing application protection, access control and more.

Using Docker during the development and testing of an application means that your developers can conduct integration testing of authentication and authorization mechanisms as well as manage and interpret SSO and REST traffic between browsers, clients, the applications and the IAM stack.

In 2008 the LDS Church’s Mark Boyd and the LDSTech team developed a Java-based intercepting proxy tool named “Wamulator”.  Web Access Management simulator, “Wamulator”, simulates a reverse proxy Web Access Management Single Sign On (SSO) environment on a developer’s local box. The Wamulator helps the developer by providing an isolated and safe test environment for test running their application integrated with the Identity and Access Management (IAM) services. The tool was originally written to simulate OpenSSO services and then was modified to support Oracle® Access Manager (OAM). Having moved to using ForgeRock OpenAM, the LDSTech team in collaboration with Nulli decided to build a similar tool that simulates the environment provided by the ForgeRock Identity Platform.

The ForgeRock Wamulator architecture is illustrated in the following diagram. An OpenIG container serves as the intercepting reverse proxy with a console that enables IAM environment configuration, session and traffic monitoring, as well as policy management and enforcement. The OpenAM container on the other hand is the point for user registration/authentication and access control decisions. Once an http request arrives at OpenIG, the URI parameters are checked and used to dispatch the request to a relevant route category, which can be the Wamulator console,  the OpenAM/REST traffic or the application SSO traffic. The dispatch routes handle the requests using OOTB filters/handlers as well as scripted modules which rely on a groovy-written AppWrap package that interfaces OpenAM and provides management for users, sessions and configuration.

The LDS-Nulli WAMulator for ForgeRock illustrates how project teams can use the various resources and features of OpenIG to provide services for website hosting, traffic monitoring, reverse proxying, authentication/authorization enforcement, and more by simply creating JSON config files and lightweight groovy-scripted classes. The scriptable handler and filter modules allow you to freely extend OpenIG functionality based on requirements and use cases. Our CD-SSO and Authentication Agent services are examples to clearly show the power of the scripting platform.

No Results