AM is a centralized access management server, securing protected resources across the network and providing authentication, authorization, Web security, and federation services in a single, integrated solution. AM manages access to the protected resources by controlling who has access, when, how long, and under what conditions by centralizing disparate hardware and software services for cloud, enterprise, mobile, and business-to-business (B2B) systems.
"Architecture" illustrates the AM architecture.
AM features a highly modular and flexible architecture with multiple plugin points to meet any customer deployment. It leverages industry standard protocols, such as HTTP, XML, SOAP, REST, SAML v2.0, OAuth 2.0, OpenID Connect 1.0, and so forth to deliver a high performance, highly scalable, and highly available access management solution over the network. AM services are 100% Java-based, proven across multiple platforms and containers in many production deployments.
AM core server can be deployed and integrated within existing network infrastructures. AM provides the following distribution files:
AM provides a utility with some cryptographic functionality used for creating Docker images. This utility is strictly for future use, and is not currently supported.
AM provides a SOAP-based security token service (STS) server that issues tokens based on the WS-Security protocol[a].
AM provides an
AM provides configuration and upgrade tools for installing and maintaining your server. The
AM provides a configuration file upgrade tool. For more information on converting configuration files for import into AM, see the
AM provides an AM Fedlet, a light-weight SAML v2.0 service provider. The Fedlet lets you set up a federated deployment without the need of a fully-featured service provider.
AM provides an IDP Discovery Profile (SAMLv2 binding profile) for its IDP Discovery service. The profile keeps track of the identity providers for each user.
Clean installs of AM with an embedded data store provide ready-made sample authentication trees to demonstrate how they can be put together. These sample trees are not installed by default on installs of AM with an external configuration store, or if you are upgrading an existing instance of AM. The
AM provides a utility to help with creating a trust store for use with web authentication. See the
[a] AM also provides REST-based STS service endpoints, which you can directly utilize on the AM server.
The ForgeRock BackStage download site hosts downloadable versions of AM, including a
.zip file with all of the AM components, the
.war file, AM tools, the configurator, web and Java agents, and documentation. Verify that you review the Software License and Subscription Agreement presented before you download AM files.
ForgeRock offers the services you need to deploy AM commercial builds into production, including training, consulting, and support.