OpenAM Admin Console
|Initial release||February 7, 2010|
|Stable release||Release 11.0.0 / December 13, 2013|
|Available in||English, French, German, Spanish, Japanese, Korean, Simplified Chinese and Traditional Chinese|
|Type||Identity and access management|
|Website||http://openam.forgerock.org/ and http://forgerock.com/what-we-offer/open-identity-stack/openam/|
ForgeRock announced in February 2010 that they would continue to develop and support OpenSSO from Sun now that Oracle has chosen to discontinue development on the project. ForgeRock has renamed the product OpenAM as Oracle retains the rights to the name OpenSSO.
- Authentication: OpenAM supports 20 authentication methods out-of-the-box. OpenAM has the flexibility to chain methods together along with Adaptive Risk scoring, or to create custom authentication modules based on the JAAS (Java Authentication and Authorization Service) open standard. Windows IWA is supported to enable a completely seamless heterogeneous OS and Web application SSO environment.
- Authorization: OpenAM provides authorization policy from basic, simple, coarse-grained rules to highly advanced, fine-grained entitlements based on XACML (Extensible Authorization Mark-Up Language). Authorization policies are abstracted from the application, allowing developers to quickly add or change policy as needed without modification to the underlying application.
- Adaptive risk authentication: The adaptive risk authentication module is used to assess risks during the authentication process, and to determine whether to require that the user complete further authentication steps. Adaptive risk authentication determines, based on risk scoring, whether more information from a user is required when they login. For example, a risk score can be calculated based on an IP address range, access from a new device, account idle time, etc., and applied to the authentication chain.
- Federation: Federation services securely share identity information across heterogeneous systems or domain boundaries using standard identity protocols (SAML, WS-Federation, OpenID Connect). Quickly setup and configure service provider or cloud service connections through the Fedlet, OAuth2 Client, OAuth2 Provider, or OpenIG Federation Gateway. The OpenIG Federation Gateway is a component of OpenAM providing a SAML2 compliant enforcement point and allows businesses to quickly add SAML2 support to their applications with little to no knowledge of the standard. In addition, there is no need to modify the application or install any plugin or agent on the application container. Out-of the-box tools enable simple task-based configuration of Google Apps, ADFS2, along with many other integration targets. OpenAM can also act as a multi-protocol hub, translating for providers who rely on other, older standards. OAuth2 support is an open standard for modern federation and authorization, allowing users to share their private resources with tokens instead of credentials.
- Single sign-on (SSO): OpenAM provides multiple mechanisms for SSO, whether the requirement is enabling cross-domain SSO for a single organization, or SSO across multiple organizations through the Federation Service. OpenAM supports multiple options for enforcing policy and protecting resources, including policy agents that reside on web or application servers, a proxy server, or the OpenIG (Identity Gateway). OpenIG runs as a self-contained gateway and protects web applications where installing a policy agent is not possible.
- High availability: To enable high availability for large-scale and mission-critical deployments, OpenAM provides both system failover and session failover. These two key features help to ensure that no single point of failure exists in the deployment, and that the OpenAM service is always available to end-users. Redundant OpenAM servers, policy agents, and load balancers prevent a single point of failure. Session failover ensures the user’s session continues uninterrupted, and no user data is lost.
- Developer access: OpenAM provides client application programming interfaces with Java and C APIs and a RESTful API that can return JSON or XML over HTTP, allowing users to access authentication, authorization, and identity services from web applications using REST clients in their language of choice. OAuth2 also provides a REST Interface for the modern, lightweight federation and authorization protocol.
A ForgeRock OpenAM release is equivalent to Sun's OpenSSO Enterprise release. Full support through sustaining patches is available.
A ForgeRock snapshot release is equivalent to Sun's OpenSSO Express release. Full support is available with fixes being made available in the nightly builds.