In the past few days, I had the opportunity to test OpenIG, the OpenAM Open Identity Gateway. It’s an architecture component to be used as a reverse proxy between browsers and applications. The great benefit of OpenIG is that it makes it possible to extend your SSO or federation network to existing applications, without modifying them. So, it’s useful when you’ve to deal with « black box like » applications.
OpenIG comes as a Java web application you simply deploy in your favorite application server. Most of the gateway configuration is located in a json file where you have to describe the requests flow through the gateway, thanks to provided filters. These filters can extract data from the incoming requests, and/or use it to replay credentials, or whatever the backend applicatin requires.
Some filters may also use a database, an LDAP directory, a flat file, HTTP headers, SAML assertions, or an OpenAM agent to extract data and submit it to the application, without user interaction.
I just wonder how it performs since it’s not a real reverse proxy but rather a lego that can act as a reverse proxy. Moreover, as a rather new product, I’d test it intensively before moving to production. At least, a reasonable option would be to use it aside a true reverse proxy, to offload the gateway from static pages.