ForgeRock OpenIDM 4: Installing a Repository for Production (MySQL)

Think of this post as a remake of an earlier one done several months back. Well, just tha, the earlier blog post in reference here was based on a now older version of OpenIDM, ForgeRock‘s Identity Management Solution. As always, I’m grateful to the ForgeRock documentation team for a clean write up on the Configuration of MySQL as a repository for ForgeRock OpenIDM 4.

Related Video/Documentation:
Video – Setting Up ForgeRock OpenIDM with MySQL (OpenIDM 3.x)
Documentation – Setting up OpenIDM with MySQL

MySQL Database as Identity Repository for ForgeRock OpenAM

ForgeRock OpenAM has three types of repositories:

(i) Configuration Repository that stores the OpenAM configuration data (ForgeRock OpenDJ)
(ii) Authentication Repository that’s used by OpenAM to Perform User Authentication (has more than 20 options out of the box)
(iii) Identity Repository that stores the User Profiles (has several options like LDAP v3, OpenDJ, AD, IBM’s Directory Server and Database [Eary Access])

Someone asked me the details on configuring a Database as the Identity Repository for ForgeRock OpenAM, so as soon as I got a chance, created the following screen-cast to demonstrate the use of MySQL Database as an Identity Repository for ForgeRock OpenAM. It’s fairly straightforward.


ForgeRock OpenIDM: Setting Up SSL With MySQL Internal Repository

If you’ve already seen the video demonstration on setting up ForgeRock OpenIDM to use a JDBC repository, you may now be interested to know how to secure the traffic from ForgeRock OpenIDM to its JDBC repository. So in the video that follows, you will see:

– Setting up SSL in MySQL database
– Configuring OpenIDM to use SSLto the MySQL database (its internal repository)
Like several other videos that I’ve already published on this blog space around ForgeRock products, this one also makes use of Ubuntu 14.10 host 0S. A Linux Container running Ubuntu 14.04.2 LTS is where we’ve our ForgeRock OpenIDM and MySQL database running. The illustration below might help you get a quick picture about the infrastructure used for the screen-cast:

Hope you’ll find the video log useful:

MySQL Product Documentation
ForgeRock Documentation

ForgeRock OpenIG: Getting Credentials From JDBC Data Source

This update could be considered a variant of an earlier post around ForgeRock OpenIG. And it’s highly recommended you watch my screen-cast on ‘OpenIG Authentication From File DataStore’ (or the blog update mentioned above) before viewing the video embedded below. As always, for making the video demonstrations that you see below, I just followed the neat instruction from the ForgeRock documentation.

An illustration below for giving you an idea of what’s in store in my 8 minute video:

And here’s quick explanation on what’s happening:
step (1) OpenIG intercepts your browser’s HTTP GET request. The request matches the new route configuration (“/sql”)
Step (2) The OpenIG ‘SQLAttributesFilter’ looksup credentials for ‘’ in the H2 database
step (3) The ‘SQLAttributesFilter’ stores the credentials fetched in step 2 in Exchange
step (4) The ‘StaticRequestFilter’ retrieves the credentials from Exchange, replaces the original HTTP GET request with HTTP POST login that contains the credentials to authenticate
step (5) OpenIG now sends HTTP POST to the Application (listening on port 8081)
Step (6) The application (on port 8081) validates the authentication credentials and sends the response to OpenIG
step (7) The OpenIG now sends the response to the client (which happens to be user profile)

Now sit back and enjoy the video: