ForgeRock Service Broker for Pivotal Cloud Foundry

WARNING: This tile requires a Trusty stemcell. The end of life date for Ubuntu Trusty is April 2019. If a security vulnerability is found on this stemcell after April, it will not be fixed.

This documentation describes the ForgeRock Service Broker for Pivotal Cloud Foundry (PCF). The ForgeRock Service Broker for PCF enables applications deployed to PCF to benefit from the OAuth 2.0 features and route service provided by the ForgeRock Identity Platform.

Overview

The ForgeRock Service Broker for PCF enables applications to integrate with the following features of the ForgeRock Identity Platform:

• AM OAuth 2.0 Service, to obtain OAuth 2.0 access tokens by using the client credentials grant type, and to validate OAuth 2.0 access tokens or OpenID Connect ID tokens passed to your application.
• IG Route Service, to filter traffic to and from Cloud Foundry applications, adapting requests to protect applications, and adapting responses to filter outgoing content.

Requirements

The ForgeRock Service Broker for PCF requires the following installations to be accessible from the PCF environment:

• For the forgerock-am-oauth2 service, an instance of ForgeRock Access Management v13.0 or later
• For the forgerock-ig-route-service service, an instance of ForgeRock Identity Gateway v5.0 or later

Installation and Usage

For information about installing and using the ForgeRock Service Broker, see the ForgeRock Service Broker Guide.

• AM OAuth 2.0 Service

Through the AM OAuth 2.0 Service, the ForgeRock Service Broker automates the process of creating OAuth 2.0 client profiles, and requires a set of credentials with privileges for adding and removing OAuth 2.0 clients. The recommended approach is to create a new user in ForgeRock Access Management, add the user to a new group, and give that group the AgentAdmin privilege, allowing members to create and remove OAuth 2.0 clients.

For information about creating a user and delegating privileges, see To Prepare ForgeRock Access Management for ForgeRock Service Broker Installation in the ForgeRock Service Broker Guide.

• IG Route Service

The IG Route Service is a fully brokered route service to filter traffic to and from Cloud Foundry applications, adapting requests to protect applications, and adapting responses to filter outgoing content

Product Snapshot

Note: As of PCF v2.0, Elastic Runtime is renamed Pivotal Application Service (PAS).

The following table provides information about ForgeRock Service Broker version and version-support for Pivotal Cloud Foundry:

New Features, Fixes, Changes, and Limitations

For information about new features, fixes, changes, known issues, and limitations, see the ForgeRock Service Broker Release Notes.

Support and Services

ForgeRock provides support services, professional services, classes through ForgeRock University, and partner services to assist you in setting up and maintaining your deployments. For a general overview of these services, see ForgeRock Services.

ForgeRock has staff members around the globe who support our international customers and partners. If you have any questions, contact ForgeRock using the address or telephone number nearest to you.

Find the latest addresses and telephone numbers at the ForgeRock website or send an email to ForgeRock at info@forgerock.com.

Feedback

If you have found issues or reproducible bugs within the ForgeRock Service Broker for PCF, report them at the ForgeRock website.

When requesting help with a problem, include the following information:

• Description of the problem, including when the problem occurs and its impact on your operation
• Description of the environment, including the following information:
  • Machine type
  • Operating system and version
  • Web server or container and version
  • Java version
  • ForgeRock Identity Platform versions
  • Any patches or other software that might be affecting the problem
• Steps to reproduce the problem
• Any relevant access and error logs, stack traces, or core dumps