Académique Documents
Professionnel Documents
Culture Documents
K
C
RO
E E?
RGC T M
FO P A
IM
S
I IT
T ES
A
H O
WO W
Paul Dunham
TriNet March 2014
WHAT IS FORGEROCK?
ForgeRock is a company that provides service and
support for the Open Identity Stack
http://forgerock.com
The Open Identity Stack is open source identity
management software supported by a large
community of software and security companies
Open Identity Stack is light weight, scalable and secure
Seeker/ASP
Apps
Seeker
Login Page
Seeker /
ASP
Sencha
Apps
TriNet
Gatewa
y
Mobile App
Mobile
Gatewa
y
Seeker Session
Management
Seeker/ASP
Apps
Sencha
Apps
Mobile App
TriNet
Gatewa
y
Mobile
Gatewa
y
TriNet
Auth
ForgeRock HR
Passport Login
Page
ForgeRock
IDM db
Sign on
Sign off
Change password
E.g. mobilegateway now calls TriNet Auth to signon users instead of calling
Seeker.
3
TriNetAuthCookie
Seeker/ASP
1 Apps
3 TriNetAuthCookie
ForgeRock HR
Passport Login
Page
ook i e
C
h
t
u
ForgeRock
etA
5 TriN
IDM db
TriNet
D
I
L
Auth
6 EMP
kie
o
o
C
h
etAut
N
i
r
T
Seeker / 4
1. User navigates to
ASP
L ID
https://www.hrpassport.com
6 EMP
7
2. Policy agent 302s to Forge Rock login
page
ey Concept: User Identity (EMPLID)
3. Login page creates TriNetAuthCookie
derived from the
and 302s browser to HRPassport page
iNetAuthCookie, not passed by 4. Seeker uses TriNetAuthCookie to query
he Web Browser.
TriNetAuth.war for the EMPLID
5. TriNetAuth.war sends query to OpenAM
3
TriNetAuthCookie
Sencha & Mobile
Apps
1
3 TriNetAuthCookie
ForgeRock HR
Passport Login
Page
ook i e
C
h
t
u
ForgeRock
etA
5 TriN
IDM db
TriNet
D
I
L
Auth
6 EMP
1. User navigates to
L ID
https://www.hrpassport.com
6 EMP
7
2. Policy agent 302s to Forge Rock login
page
ey Concept: User Identity (EMPLID)
3. Login page creates TriNetAuthCookie
derived from the
and 302s browser to HRPassport page
iNetAuthCookie, not passed by 4. WebLogic uses TriNetAuthCookie to
he Web Browser.
query TriNetAuth.war for the EMPLID
5. TriNetAuth.war sends query to OpenAM
WHERE IS FORGEROCK
ForgeRock is currently installed on:
Complete - Dev
WHAT IS NEXT?
Subsequent phases will involve
GET
https://gateway.hrpassport.com/trinetAuth/services/v1.0/authentication/guid?
token=<TriNetAuthCookie Value>
Returns the GUID for the logged in user
GET https://gateway.hrpassport.com/trinetAuth/services/v1.0/authentication/user/<GUID>
Returns the information about the user: Emplid, customid, first, middle last names.
There is no need to validate the TriNetAuthCookie because the HTTP request will
not reach your application with out a valid TriNetAuthCookie.
Dev TriNetAuthCookieDEV
StageS- TriNetAuthCookieSS
CAB- TriNetAuthCookieCAB
StageR- TriNetAuthCookieSR
CAA- TriNetAuthCookieCAA
Prod - TriNetAuthCookie
DOCUMENT REFERENCES
This presentation
https://confluence.trinet-devops.com/display/security/What+is+Fo
rgeRock+-+Presentation
TriNet Auth API documentation
https://confluence.trinetdevops.com/display/FR/trinetAuth+API+Documentation
QUESTIONS?