Thursday 27 October 2016

Introducing OpenIG Studio

According to the Twelve-Factor App, OpenIG [1] configuration is considered code [2]. Organizations are driving towards "headless" deployment models meaning that beyond the development stage, administration consoles or management APIs are disabled. It's the continuous integration and delivery pipeline which takes care of bringing a change from development to production in an automated way.

With this in mind and combined with the need to simplify the creation of OpenIG application protections (routes), we decided build an IDE-type utility, the OpenIG studio. OpenIG studio allows to visually build application or API protection (aka route) enabling message capture, throttling, authentication, authorization and statistics gathering. Further, OpenIG studio allows to do rapid prototyping of what is being built.

You can test drive the OpenIG studio without hassle via Docker. It only takes a couple of docker commands to get OpenIG running. Then point a browser to http://localhost:8080/openig/studio and create an application/API protection.



{
  "name": "rocksock",
  "baseURI": "http://internal.company.com:9080",
  "condition": "${matches(request.uri.path, '^/rocksock')}",
  "monitor": false,
  "handler": "ClientHandler"
}
You can export the configuration (ehem code) and then feed your source code management system (e.g. git) and ultimately the continuous delivery pipeline.

For example :
 {
  "name": "rocksock",
  "baseURI": "http://internal.company.com:9080",
  "condition": "${matches(request.uri.path, '^/rocksock')}",
  "monitor": false,
  "handler": "ClientHandler"
}


{
  "name": "rocksock",
  "baseURI": "http://internal.company.com:9080",
  "condition": "${matches(request.uri.path, '^/rocksock')}",
  "monitor": false,
  "handler": "ClientHandler"
}


Now that the configuration (ehem code) is built, how to rapidly test it ? As the studio is packaged with the OpenIG war file, the new configuration can be pushed to this running OpenIG instance. Press "Deploy" !

What all these configuration options are useful for, how to shut down the studio in production deployments and how to deal with deployment environment specific parameters merit separate contemplation.

The studio will be shipped with ForgeRock Identity Gateway 5.0.

Notes

[1] OpenIG is an identity gateway integrating (legacy) applications with modern digital identity tokens and procedures. Based on a reverse proxy type architecture, it can enforce authentication and authorization for access to web applications or APIs.
[2] With the exception for deployment environment specific settings. OpenIG provides a way to deal with this following Twelve-Factor App recommendations.