ForgeRock OpenIG 4 – Getting Credentials From Database

Home / ForgeRock / ForgeRock OpenIG 4 – Getting Credentials From Database

To know how ForgeRock OpenIG 4 is configured to fetch User Credentials from a Database for User Authentication (a process transparent to the User), the following Video log might help. I had posted a similar video on this space earlier, but that then the User Credentials were fetched from a Flat File (CSV). The flow isn’t quite different from that, just that a Filter used by ForgeRock OpenIG in this case is different and that we should configure the OpenIG to connect to the DB.

In the video, we’ll:
– Install the H2 Database. Create ‘Users’ table and load User data in it
– Configure OpenIG (deployed in Jetty) to connect to the Database
– Prepare OpenIG Route Configuration file to fetch User Credentials (based on a Email address) and post the data to HTTP Server, who responds with the User profile page

For those whose right side of the brain is more prominent, here’s the visual representation of what is mentioned above:

OpenIGGettingCredentialsfromDB-Updated

For those who don’t want to think too much looking at the illustration below, but would like to sit back, relax and enjoy watching a show, here’s the video. Enjoy!

Related Documentation/Video
ForgeRock OpenIG Documentation
Screencast on using OpenIG 3.x to Connect to a JDBC Datastore

ForgeRock OpenIG: Getting Credentials From JDBC Data Source

Home / ForgeRock / ForgeRock OpenIG: Getting Credentials From JDBC Data Source

This update could be considered a variant of an earlier post around ForgeRock OpenIG. And it’s highly recommended you watch my screen-cast on ‘OpenIG Authentication From File DataStore’ (or the blog update mentioned above) before viewing the video embedded below. As always, for making the video demonstrations that you see below, I just followed the neat instruction from the ForgeRock documentation.

An illustration below for giving you an idea of what’s in store in my 8 minute video:

OpenIGJDBCDatastore
And here’s quick explanation on what’s happening:
step (1) OpenIG intercepts your browser’s HTTP GET request. The request matches the new route configuration (“/sql”)
Step (2) The OpenIG ‘SQLAttributesFilter’ looksup credentials for ‘sholmes@example.com’ in the H2 database
step (3) The ‘SQLAttributesFilter’ stores the credentials fetched in step 2 in Exchange
step (4) The ‘StaticRequestFilter’ retrieves the credentials from Exchange, replaces the original HTTP GET request with HTTP POST login that contains the credentials to authenticate
step (5) OpenIG now sends HTTP POST to the Application (listening on port 8081)
Step (6) The application (on port 8081) validates the authentication credentials and sends the response to OpenIG
step (7) The OpenIG now sends the response to the client (which happens to be user profile)

Now sit back and enjoy the video: