what is forge rock
TRANSCRIPT
-
8/17/2019 What is Forge Rock
1/18
W H A T I S F
O R G E
R O C K ?
H O W
D O E S
I T
I M P
A C T
M E ?
Paul Dunham
TriNet March 2!"
-
8/17/2019 What is Forge Rock
2/18
FORGEROCK PRO#ECT GOA$S
• Passport users will see nothing diferent. This change
is 100% transparent to our users.• Replace current HRPassport security with a more
secure industry standard technology
• Pave the way or easy
• I%entit& mana'ement
• inte'rati(n () TriNet *ran%+• Sin'le Si'n,(n -SSO.
• Inte'rati(n /ith (ther +&+tem+
-
8/17/2019 What is Forge Rock
3/18
WHAT IS FORGEROCK?
ForgeRoc is a company that provides service and
support or the !"pen #dentity $tac htt01)(r'er(c34c(m
The "pen #dentity $tac is open source identitymanagement sotware supported &y a large
community o sotware and security companies
"pen #dentity $tac is light weight' scala&le and secure
http://forgerock.com/http://forgerock.com/
-
8/17/2019 What is Forge Rock
4/18
WHAT IS IDENTIT5 MANAGEMENT?
#dentity (anagement )#*(+ is a set o tools used to
manage all the users and passwords in our systemProvides us with tools to manage,
Authenticati(n -l('in.
Pa++/(r% -chan'e6 e70ire6 %i+a8le6 re+et.
9+er I%entit& %ata encr&0ti(n
Sin'le Si'n On -t( (ther TriNet *ran%+ an% t( (therC(m0anie+.
-We are n(t u+in' IDM )(r Auth(ri:ati(n at thi+ time.
-
8/17/2019 What is Forge Rock
5/18
WH5 DO WE NEED IT?
Tri-et is growing. s we grow we need the a&ility to
integrate new companies and new products /uicly andsecurely using industry standards.
#*( gives us a mechanism or managing all user identities
One t((l )(r all 8ran%+ an% 0r(%uct+
Ea+& t( im0lement Secure
Scala8le
Stan%ar%+ 8a+e%
Cr(++ 0lat)(rm
-
8/17/2019 What is Forge Rock
6/18
WHERE ARE WE STARTING?
The rst phase o the ForgeRoc implementation in Tri-et is to
replace the login mechanism in HR Passport.
HR Passport uses $eeer to login' validate users andpasswords. ll user and password inormation is stored inthe HP "racle data&ase
ith the new #*( all login credential inormation will &estored on the #*( 2*P servers.
-o other systems' &rands or data are &eing changed or phaseone.
-
8/17/2019 What is Forge Rock
7/18
See3er Se++i(nMana'ement
M(8ileGate/a
&
TriNetGate/a
&
See3er$('in Pa'e
See3er ASP
See3erASPA00+
SenchaA00+
M(8ile A00
Oracle HR
Data8a+e
3eore F(r'eR(c3 IDMInte'rati(n
$eeer 0er)(rm+ all l('inan% +e++i(n mana'ement
-
8/17/2019 What is Forge Rock
8/18
Oracle HR
Data8a+e
See3er Se++i(n
Mana'ement
M(8ileGate/a
&
TriNetGate/a
&See3er
ASP
See3erASPA00+
SenchaA00+
M(8ile A00
TriNet
Auth
F(r'eR(c3 HRPa++0(rt $('in
Pa'e
C(m0ati8ilit&$a&er
F(r'eR(c3IDM %8
ter F(r'eR(c3 IDM Inte'rati(n
Policy gentinterce0t+ all re;ue+t+
re%irectin' t( l('in 0a'e a+ nee%e% an%
F(r'eR(c3 P(lic& A'ent
-
8/17/2019 What is Forge Rock
9/18
WHAT IS TRINET A9TH
Tri-et uth is a we& service' developed &y the Tri-et e& $ervices Team' thatprovides access to authentication' session management and identity
management.
• $ign on
• $ign of
• 4hange password
• 5na&le 6 *isa&le account
• 7alidate uth Toen
• 8et user identity rom uth Toen
• 5.g. mo&ilegateway now calls Tri-et uth to signon users instead o calling$eeer.
• 5.g. $eeer calls Tri-et uth to change passwords' ena&le 6 disa&leaccounts.
-
8/17/2019 What is Forge Rock
10/18
4 $('in 0a'e create+ TriNetAuthC((3iean% >2+ 8r(/+er t( HRPa++0(rt 0a'e
"4 See3er u+e+ TriNetAuthC((3ie t( ;uer&
TriNetAuth4/ar )(r the EMP$ID TriNetAuthC((3ie
> TriNetAuthC((3ie
> TriNetAuthC((3ie
@
TriNetAuth
F(r'eR(c3IDM %8
" T r i Ne tA u
t h C(( 3 ie
? E M P $ I D
? E M P $
I D
y 4oncept1 9+er I%entit& -EMP$ID.derived )r(m theiNetAuthC((3ie6 not 0a++e% 8&e We8 *r(/+er4
https://www.hrpassport.com/https://www.hrpassport.com/
-
8/17/2019 What is Forge Rock
11/18
2+ t( F(r'e R(c3 l('in0a'e
>4 $('in 0a'e create+ TriNetAuthC((3iean% >2+ 8r(/+er t( HRPa++0(rt 0a'e
"4 We8$('ic u+e+ TriNetAuthC((3ie t(
;uer& TriNetAuth4/ar )(r the EMP$ID TriNetAuthC((3ie
> TriNetAuthC((3ie
> TriNetAuthC((3ie
@
TriNetAuth
F(r'eR(c3IDM %8
" T r i Ne tA u
t h C(( 3 ie
? E M P $ I D
? E M P $
I D
y 4oncept1 9+er I%entit& -EMP$ID.derived )r(m theiNetAuthC((3ie6 not 0a++e% 8&e We8 *r(/+er4
https://www.hrpassport.com/https://www.hrpassport.com/
-
8/17/2019 What is Forge Rock
12/18
WI$$ THE RO$$O9T IMPACT M5 PRO#ECT?
• Rolling out the code or ForgeRoc is no diferent than that
o any other pro:ect we move through the $*42 process.
• There is only impact i &oth pro:ects are modiying the samecode at the same time.
•
4on;icts are resolved using the normal priority and gitmerge mechanisms.
-
8/17/2019 What is Forge Rock
13/18
WHERE IS FORGEROCK
ForgeRoc is currently installed on,
• 4omplete < *ev
• 4omplete < $tage$ < 4omplete
• 4omplete < 43 )=5+ < 4omplete
• 4omplete < $tageR )>T+ < 4omplete
• (ay 1?th < Production
• (ay 1@th < 2iteR' *emo' 4' >T' T2*ev
• (ay 1Ath < =53' =54' 3#' 3#3' 2ite$
• (ay B0th < #T*ev' #T=
-
8/17/2019 What is Forge Rock
14/18
WHAT IS NEBT?
$u&se/uent phases will involve
• 5liminating the T$5$$#"-#* concept rom our applications• 4onverting other &rands to use Tri-et uth and ForgeRoc
#*(
• $witching $$" rom Ping Federated $$" to ForgeRoc $$"
• 5na&ling deep lining into HRPassport.
*ates and phases are not yet dened.
-
8/17/2019 What is Forge Rock
15/18
HOW DO I INTEGRATE WITH FORGEROCK Thin o ForgeRoc as a rewall. -o HTTP)s+ re/uests get &y ForgeRoc without a
Tri-etuth4ooie. # there is no cooie' ForgeRoc will display the login page'veriy the userCs credentials' create the Tri-etuth4ooie and resu&mit theoriginal HTTP)s+ re/uest with the cooie attached.
"nce the re/uest reaches your application you use the Tri-et uth we& servicesto get inormation a&out the logged in user rom the Tri-etuth4ooie. 5.g.
• 85Thttps,66gateway.hrpassport.com6trinetuth6services6v1.06authentication6guidD
toenETri-etuth4ooie 7alueG• Return+ the G9ID )(r the l(''e% in u+er
• GET htt0+1'ate/a&4hr0a++0(rt4c(mtrinetAuth+er=ice+=!4authenticati(nu+erG9ID
• Return+ the in)(rmati(n a8(ut the u+er1 Em0li%6 cu+t(mi%6 r+t6 mi%%le la+t name+4
There is no need to validate the Tri-etuth4ooie &ecause the HTTP re/uest willnot reach your application with out a valid Tri-etuth4ooie.
-
8/17/2019 What is Forge Rock
16/18
THERE ARE DIFFERENT TRINETA9THCOOKIES5ach environment has its own Tri-etuth4ooie name.
•
*ev Tri-etuth4ooie*57• $tage$< Tri-etuth4ooie$$
• 43< Tri-etuth4ooie43
• $tageR< Tri-etuth4ooie$R
• 4< Tri-etuth4ooie4
•
Prod < Tri-etuth4ooie
• 3e sure to mae your use o the Tri-etuth4ooie name acongura&le property in your application. The name is diferentin diferent environments and the name may change in the utureas we integrate with other systems.
-
8/17/2019 What is Forge Rock
17/18
DOC9MENT REFERENCES
• Turn "ver documents
• ForgeRoc Page on 4on;uence• htt0+1c(nuence4trinet,%e=(0+4c(m%i+0la&FRF(r'eR(c3
• This presentation
• htt0+1c(nuence4trinet,%e=(0+4c(m%i+0la&+ecurit&Whati+F(r'eR(c3,Pre+entati(n
• Tri-et uth P# documentation
• htt0+1c(nuence4trinet,%e=(0+4c(m%i+0la&FRtrinetAuthAPID(cumentati(n
https://confluence.trinet-devops.com/display/FR/ForgeRockhttps://confluence.trinet-devops.com/display/security/What+is+ForgeRock+-+Presentationhttps://confluence.trinet-devops.com/display/security/What+is+ForgeRock+-+Presentationhttps://confluence.trinet-devops.com/display/security/What+is+ForgeRock+-+Presentationhttps://confluence.trinet-devops.com/display/security/What+is+ForgeRock+-+Presentationhttps://confluence.trinet-devops.com/display/FR/ForgeRockhttps://confluence.trinet-devops.com/display/FR/ForgeRockhttps://confluence.trinet-devops.com/display/FR/ForgeRock
-
8/17/2019 What is Forge Rock
18/18
9ESTIONS?