ForgeRock Service Broker for Pivotal Cloud Foundry
This documentation describes the ForgeRock Service Broker for Pivotal Cloud Foundry (PCF). The ForgeRock Service Broker for PCF enables applications deployed to PCF to benefit from the OAuth 2.0 features and route service provided by the ForgeRock Identity Platform.
The ForgeRock Service Broker for PCF enables applications to integrate with the following features of the ForgeRock Identity Platform:
- AM OAuth 2.0 Service, to obtain OAuth 2.0 access tokens by using the client credentials grant type, and to validate OAuth 2.0 access tokens or OpenID Connect ID tokens passed to your application.
- IG Route Service, to filter traffic to and from Cloud Foundry applications, adapting requests to protect applications, and adapting responses to filter outgoing content.
The ForgeRock Service Broker for PCF requires the following installations to be accessible from the PCF environment:
- For the forgerock-am-oauth2 service, an instance of ForgeRock Access Management v13.0 or later
- For the forgerock-ig-route-service service, an instance of ForgeRock Identity Gateway v5.0 or later
For information about installing and using the ForgeRock Service Broker, see the ForgeRock Service Broker Guide.
- AM OAuth 2.0 Service
Through the AM OAuth 2.0 Service, the ForgeRock Service Broker
automates the process of creating OAuth 2.0
client profiles, and requires a set of credentials with privileges for
adding and removing OAuth 2.0 clients. The recommended approach is to
create a new user in ForgeRock Access Management, add the user to a new group, and give that
AgentAdmin privilege, allowing members to create and remove
OAuth 2.0 clients.
For information about creating a user and delegating privileges, see To Prepare ForgeRock Access Management for ForgeRock Service Broker Installation in the ForgeRock Service Broker Guide.
- IG Route Service
The IG Route Service is a fully brokered route service to filter traffic to and from Cloud Foundry applications, adapting requests to protect applications, and adapting responses to filter outgoing content
The following table provides information about ForgeRock Service Broker version and version-support for Pivotal Cloud Foundry:
|Release date||February 28, 2019|
|Software component version||ForgeRock Service Broker v2.0.1|
|Compatible Ops Manager version(s)||v2.1.x, v2.2.x, v2.3.x, and v2.4.x|
|Compatible Pivotal Application Service version(s)||v2.1.x, v2.2.x, v2.3.x, and v2.4.x|
|BOSH stemcell version||Ubuntu Xenial|
WARNING: ForgeRock Service Broker for PCF v2.0.2 and earlier require a Ubuntu Trusty stemcell. The end-of-life date for Ubuntu Trusty is April 2019. If a security vulnerability is found on this stemcell after April, it will not be fixed.
For information about new features, fixes, changes, known issues, and limitations, see the ForgeRock Service Broker Release Notes.
ForgeRock provides support services, professional services, classes through ForgeRock University, and partner services to assist you in setting up and maintaining your deployments. For a general overview of these services, see ForgeRock Services.
ForgeRock has staff members around the globe who support our international customers and partners. If you have any questions, contact ForgeRock using the address or telephone number nearest to you.
If you have found issues or reproducible bugs within the ForgeRock Service Broker for PCF, report them at the ForgeRock website.
When requesting help with a problem, include the following information:
- Description of the problem, including when the problem occurs and its impact on your operation
- Description of the environment, including the following information:
- Machine type
- Operating system and version
- Web server or container and version
- Java version
- ForgeRock Identity Platform versions
- Any patches or other software that might be affecting the problem
- Steps to reproduce the problem
- Any relevant access and error logs, stack traces, or core dumps