Integrating Spring Boot with OpenAM(ForgeRock)

Question

I am new to spring security but the scenario I am trying to achieve is to provide basic authentication/authorization(security). The user story requires integration of ForgeRock OpenAM(mandatory) for security. Scenario: I have a spring boot microservice which exposes APIs to allow a UI to connect to a server. How can I include OpenAM within spring boot REST service so that I can provide basic security? What all do I require to achieve the same?

Answer 1

You can use OAuth2 or OIDC to integrate your REST-Service with OpenAM.

For information on OAuth2 and REST look at this eg: https://content.pivotal.io/blog/securing-restful-web-services-with-oauth2

For information on using OAuth2 with OpenAM look here: https://backstage.forgerock.com/docs/am/5.5/oauth2-guide/ Same for OIDC with OpenAM: https://backstage.forgerock.com/docs/am/5.5/oidc1-guide/

Hope I could help you :)

Answer 2

There are probably plenty of ways to do that: Some Forgerock plugins, let gateways do the AuthX, SAML2, OAuth2/OIDC, ...

The way I'd recommend is to stick to standards - because they are interchangeable and you can apply them to any application or use them with every modern identity provider.

I personally favor OIDC (aka. OpenID Connect, which is based on OAuth2) for an SSO in applications. There are plenty of good resources on how to setup OIDC/OAuth2 with OpenAM and same for Spring Security.

Here are some links that will help you to learn about it:

• To learn about OIDC the standard has a pretty good website linking to good resources: https://openid.net/connect/
• Same for OAuth2: https://www.oauth.com
• Baeldung Spring Security OIDC example: https://www.baeldung.com/spring-security-openid-connect
• OIDC Guide for OpenAM by Forgerock: https://wikis.forgerock.org/confluence/display/openam/OpenID+Connect+Quick+Start