Last updated on April 16, 2014 at 7:15 EDT

ForgeRock Releases OpenAM 10.0

June 4, 2012

SAN FRANCISCO, June 5, 2012 /PRNewswire/ –

ForgeRock is pleased to announce the general availability of OpenAM 10.0, one of the
key product in the I3Open Platform. ForgeRock strengthens OpenAM Authentication,
Authorization and Federation capabilities by adding OAuth 2.0, Risk Based Authentication
and the Open Identity Gateway. In addition, several key enhancements to security,
performance, reliability and replication have been implemented.

The OpenAM 10.0 release is a major upgrade and it sets the stage for a modern
architecture and introduces many new important features, general improvements to the core
product, as well as to the agents. A large amount of the code base has been audited and
cleaned up, and as a result the overall quality has been improved. Since the initial
release of OpenAM more than a thousand bugs, security issues and improvements have been

OpenAM 10.0 is the result of several months of intensive research and development work
at ForgeRock combined with input and feedback from the flourishing OpenAM open source
community and our customers. This release significantly strengthens the security and
integration capabilities of the standards based I3 Open Platform. It includes improvements
in the areas of Federation with SAML 2.0 and OAuth 2.0, application integration, Risk
Based Authentication, and key enhancements in security, reliability, performance and the
underlying replication architecture.

The release features the following industry-leading capabilities:

        - Open Identity Gateway (OpenIG): A high performance identity proxy that
          expedites the integration of web applications into a Single Sign-On environment
          without touching the application. Ideal for legacy applications where changes to the
          security model are contraindicated. OpenIG also extends the SAML 2.0 Service Provider
          capabilities of the OpenAM offering.
        - Risk Based Authentication: Measure the risk associated with an authentication
          event and challenge with additional stronger credentials if the need arises. This is
          now part of the authentication framework and includes capabilities such as geographic
          location evaluation, time since last login, number of authentication failures check,
          ip address history check, cookie associated with a device check and attribute profile
          check, among others.
        - OAuth 2.0 authentication: Users can now federate their accounts from Google,
          Facebook, MSN, and any OAuth 2.0 provider with OpenAM.
        - SAML 2.0 Identity Provider enhanced capabilities that ease the interaction
          with end-users for several tasks such as approval of attribute release to service
          providers. This is implemented as an additional hook into the SAML 2.0 framework.
        - ForgeRock's OpenDJ is now the embedded configuration store.

OpenAM comprises in one single product the features and capabilities usually found in
several products. The latest version can be obtained from the downloads
[http://www.forgerock.org/openam.html ] area [http://www.forgerock.org/openam.html ] .
[http://www.forgerock.org/openam.html ]

About ForgeRock: ForgeRock is the global open source vendor behind the Icubed Open
Identity Platform. ForgeRock identity oriented technology powers solutions for thousands
of the world’s largest companies and government organizations. The Icubed vision is to
deliver a fully open source platform for the creation of interactive web and cloud
solutions using identity throughout. ForgeRock technology is built on open standards and
deployed by a global network of system integrator, consulting and training partners.
Icubed products are supported for mission-critical operations by ForgeRock enterprise
lifecycle subscriptions. For more information and free downloads visit


SOURCE Forgerock AS

Source: PR Newswire