The ForgeRock platform comprises a number of standards-based components, built on a common framework using best-in-class open technologies. ForgeRock contributes to many of these standards to ensure they continue to develop and retain relevancy as technology and requirements evolve.
ForgeRock supports all major federation, authorization and provisioning standards, including:
- SAML 2.0
- OAuth 2.0
- OpenID Connect (OIDC)
- User-Managed Access (UMA)
- System for Cross-domain Identity Management (SCIM)
In addition to these, ForgeRock supports advanced OAuth 2.0 standards including OAuth 2.0 Device Authorization Grant and Proof-of-Possession. Its implementation of Client Initiated Backchannel Authentication (CIBA) works as an alternative to OAuth redirect flows and aims to solve the problems OAuth redirect flows raise.
UMA is not currently available in Identity Cloud deployments.
ForgeRock sees open standards as vital to ensuring compatibility and interoperability with external systems, guarding against obsolescence, providing choice, and avoiding vendor lock-in.
Examples of ForgeRock's dedication to open standards include (but are not limited to) the following:
- OpenID Connect (OIDC): ForgeRock is one of the pioneers in OIDC, releasing one of the first officially supported implementations of the open standard while providing ongoing enhancements, security updates and code contributions to ensure the standard is secure and continuing to meet evolving requirements.
- User-Managed Access (UMA): ForgeRock was pivotal in creating the UMA specification, having staff members of the Kantara board, technical staff developing the spec and our support staff providing fixes and ongoing support for users of the protocol.
- Identity Connector Framework (ICF): Based on the OpenICF Framework, ICF provides a consistent layer of integration between the ForgeRock platform and target resources and applications enabling comprehensive provisioning, reconciliation, and bi-directional synchronization that supports the various stages in the identity lifecycle.
- REST: The ForgeRock platform is entirely accessible via a common REST API. This provides an easily accessible, developer-friendly platform, enabling the implementation of applications and systems all based on the REST open standard.
- Open Banking: ForgeRock was part of a select group of identity vendors invited to participate in the UK's Open Banking working group and actively contributed to their decision to define an OIDC-based solution. In addition, ForgeRock was selected by the UK Open Banking Implementation Entity (OBIE) to provide a Reference Bank Application used by leading banks and third parties to build their own applications in accordance with Open Banking standards.
Identity Cloud documentation:
- Supported standards
- OAuth 2.0
- OpenID Connect 1.0
- SAML v2.0
- SCIM connector
- MFA: Web authentication (WebAuthn)
Identity Platform documentation: