ForgeRock’s Open Identity Stack

Register or Login to like
Register or Login to like
Open innovation

Identity and access management (IAM) is an integral part of online security across every industry. It is the power of effective IAM solutions that give responsible enterprises the ability to validate the identity of an individual and control their access in the organization, protecting data, information, and privacy of its employees and customers.

As the enterprise extends into mobile, social, SaaS, and cloud environments, identity and access management (IAM) needs to adapt to meet a new set of requirements. Traditional IAM platforms were designed for the intranet and deployments within the enterprise, they are complex, expensive to maintain, and not capable of scaling up to meet the high volumes of users typical in newer business-to-consumer and business-to-business deployments. It is for these reasons that a growing number of organizations are turning to open source software as a viable alternative to legacy vendor suites.

Why open source?

Traditional software development consists of a handful of engineers, writing code in a lab based on a set of requirements that were conceived months before they began coding. Because it’s a very linear process, the resulting software product usually reflects a set of requirements that were defined a year or more prior to its completion. The source of innovation is constrained to the engineers hired to work on the product, engineers who will actually never deploy it and who may have never deployed an enterprise, mission critical software solution. The final stage of development is a beta program when the code is finally shared with a select number of customers who are asked to test it and provide feedback. With technology requirements changing rapidly, this slow, closed, linear approach to software development is a constraint to innovation.

The open source development process addresses many of the constraints of the traditional software development. Open source is driven by the user community, not a select few, so the sources of innovation and new ideas are limitless. This more transparent approach means that community members are able to submit code and recommendations for new features not previously considered.

Quality is ensured since a member who is able to submit code has to be approved and have the appropriate credentials. Development is an ongoing process as well, not linear, code is continually being shared, updated, and tested. Further, instead of being tested in a lab and then through a limited beta program, open source code is continually tested by community members in the "real world," and buggy code can be identified and fixed immediately. The resulting software product is produced more rapidly, it reflects current requirements, and the quality and security of the product is better since it was vetted by a wider group of testers and critiques. Finally, enterprises that opt for open sourced products, avoid the longer-term challenges of vendor lock-in. With access to the source code, enterprises are not held captive by their software vendor. 

ForgeRock’s Open Identity Stack

Our Open Identity Stack is based on the advantages of open source. Our vision is to redefine identity and access management for the modern web across enterprise, cloud, mobile, and social environments. As the only 100% commercial open source identity stack, we have been constantly breaking new ground in the security world.

At ForgeRock, we actively collaborate with the open source community committed to design and productize the best, most innovative stack of identity and access management solutions. While there are several companies that break down the components of identity and access management and sell them as separate products, we wanted to provide common APIs that gave organizations simple access to access management, identity management and directory service, all based on open source code.

By doing so, a developer can now utilize reusable shared services across the entire identity platform, to fulfill all the requirements of the application strategy. ForgeRock works with the open source community that relies on identity and access management to solve real world, mission critical identity, and access management solutions. We work to ensure that our customers benefit from our active partnership with the open source community as well as our team of experienced engineers who understand enterprise requirements for QA, training, documentation, maintenance and support.

ForgeRock open source community

ForgeRock’s developer community includes several ways to get involved with the project:

1. Listeners are those who use the software from As a listener, you can provide feedback to developers in the form of bug reports and feature suggestions.

2. Fans are account members on the IDP and contribute to the project in the form of code or documentation.

3. Roadies are committers, who have been given write access to the code repository trunk and are considered part of the core development team.

4. Rockstars are elected due to merit for the evolution of the project and demonstration of commitment. In addition to having write access, they also have the right to vote for community-related decisions.

5. Band: A group of Rockstars that control and direct the project.

Just like every part of the technology world, security is a constantly evolving environment and it is important for companies to develop software to keep up with the change. At ForgeRock, we believe that open source software is the best way to do this.

John has more than 20 years of experience building innovative products for enterprise customers with focus on identity and access management for the last 12 years. Prior to joining ForgeRock, he served as Sr. Director of Product Management for the Identity Management group at Sun Microsystems. John has also held leadership positions at iPlanet, Silicon Graphics, NComputing, and IronKey.


Excellent article John. I agree that open source is leading innovation in the identity space.

WSO2 also has a 100% commercial open source identity stack, that is constantly breaking new ground in the security world. For example, the open source identity stack supports new web and cloud security protocols (i.e. XACML3, OAuth1a, OAuth2, SCIM, OpenID, and SAML2).

How exactly is ForgeRock the only 100% commercial open source identity stack? See WSO2 above; I work for Gluu, which has an open source enterprise identity stack; and there are others.

Either ForgeRock is blissfully ignorant to other market players... or they're defining "open source identity stack" so narrowly that they are only ones. Note, they don't really define what that means.

To be clear, Gluu's open source platform provides a way to authenticate users using open standards (SAML, OpenID Connect), to authorize users to access certain urls by creating fine grain policies, enable organizations to map existing backend user data, and enable integration with any IdM platform using the SCIM IETF standard.

Will is quite right... there are clearly other open source identity solutions out there. And its also true, that you may need to define a "stack" of open source software to meet your requirements. For Access Management, current open source identity components include Shibboleth, SimpleSAML php, FreeRADIUS (wifi / vpn), and CAS. For IDM, the answer is more complex... moving data in and out of a database according to a workflow is what many businesses due as part of their core business process. Its hard to quantify and qualify the extent of open source solutions here, but let's just say you can probably find some tools to get the job done. I know ForgeRock would like to classify itself as the ONLY open source Identity company, but its a specious claim.

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.