Fork me on GitHub


OpenIG is an independent policy enforcement point that reduces the proliferation of passwords and ensures consistent, secure access across multiple web apps and APIs. OpenIG can leverage any standards-compliant identity provider to integrate into your current architecture. Single sign-on and sign-off improves the user experience and will vastly improve adoption rates and consumption of services provided.
  • Extend SSO to any Application
  • Federate Enabling Applications
  • Implement Standards Based Policy Enforcement


ForgeRock have been developing and commercially supporting OpenIG since its birth in 2011. This version was originally released to ForgeRock customers in March 2012, and is now being released as our Community Edition with CDDL binary licensing which enables the downloadable binaries to be use din production.

How it Works

OpenIG is essentially a Java-based reverse proxy which runs as a web application. All HTTP traffic to each protected application is routed through OpenIG, enabling close inspection, transformation and filtering of each request. You can create new filters and handlers to modify the HTTP requests on their way through OpenIG, providing the ability to recognize login pages, submit login forms, transform or filter content, and even function as a Federation endpoint for the application. All these features are possible without making any changes to the application's deployment container or the application itself.

Getting Started

Download the binary, follow the 'Guide to OpenIG' and learn how to:

  • Install OpenIG
  • Configure Deployment Containers
  • Run Through Use Cases
  • Integrate with OpenAM as a Policy Decision Point
  • Use OpenIG to Provide with SAML2 SSO Fedaration
  • Protect a Wordpress Site by Example
  • Perform Password Capture and Replay


The documentation for OpenIG v2.1 is hosted on ForgeRock's BackStage servers. There you can find:

  • Guide to OpenIG
  • OpenIG Javadoc
  • OpenIG Reference
  • OpenIG Release Notes

Get the Code

The code is hosted on github. Issues should also be submitted against the github issue tracker

Get Involved

Fork the GitHub repo and create a pull request. It's worth discussing larger proposed changes in an issue before starting out.