ForgeRock Identity Gateway (IG) supports both OpenID Connect (OIDC) and Security Assertion Markup Language (SAML) integration for authentication and single sign-on (SSO) scenarios. These protocols allow you to establish trust between identity providers (IdPs) and service providers (SPs), enabling users to access multiple applications with a single set of credentials. Here's how you can integrate IG with OIDC and SAML:
OIDC Integration:
Configure Identity Provider (IdP):
Set up an OIDC-compatible identity provider that will authenticate users and issue identity tokens. The IdP could be a third-party OIDC provider or an instance of ForgeRock Identity Platform's Access Management.
Configure IG for OIDC:
In the IG configuration, define a route for OIDC authentication.
Configure the OIDC handler to connect to the IdP. Provide the necessary configuration, including the IdP's authorization and token endpoints, client credentials, and scopes.
Configure the authentication filters and policies to use the OIDC handler for authentication.
Secure Applications with OIDC:
For each web application you want to secure, configure routes in IG.
Apply appropriate authentication and authorization policies to control access to the application's resources.
Single Sign-On (SSO):
Once a user logs in to one application through OIDC, the ID token can be used for SSO to other applications secured by IG.
SAML Integration:
Configure Identity Provider (IdP):
Set up a SAML-compatible identity provider that will authenticate users and issue SAML assertions. The IdP could be a third-party SAML provider or ForgeRock Identity Platform's Access Management acting as a SAML IdP.
Configure IG for SAML:
In the IG configuration, define a route for SAML authentication.
Configure the SAML handler to connect to the IdP. Provide the necessary metadata, including the IdP's Single Sign-On (SSO) and Single Logout (SLO) endpoints.
Configure the authentication filters and policies to use the SAML handler for authentication.
Secure Applications with SAML:
For each web application you want to secure, configure routes in IG.
Apply appropriate authentication and authorization policies to control access to the application's resources.
Single Sign-On (SSO):
Once a user logs in to one application through SAML, the SAML assertion can be used for SSO to other applications secured by IG.
In both cases, ForgeRock Identity Gateway acts as a service provider (SP), receiving and processing authentication requests from users and forwarding them to the identity provider (IdP). The IdP authenticates users and provides the necessary tokens or assertions, which IG uses to determine access rights.