Hello Team,
I was doing a project of configuring ForgeRock IOT SDK and gateway, but I was thinking about how ForgeRock can be used as an intermediary source before a user wants to access sensor data.
I have followed backstage documentation and set up the ForgeRock AM with IOT service. Any suggestions will be appreciated on the same.
Please let me know if any further detail is required
Hi AK7580,
It’s great to see you working with ForgeRock’s IoT SDK and Identity Gateway.
I’m happy to assist with checking with our internal teams for advice.
To better assist, could you please share more details about your use case and the specific nature of the sensor data you’re handling?
Additionally, could you provide some insights into the anticipated data flow within your setup? Are you considering the utilization of IG for tasks such as preprocessing, filtering, or validating sensor data before its final delivery to the end user?
This additional context will enable us to offer targeted guidance that aligns precisely with your requirements.
Thank you!
Sheila
Hello Sheila,
Thank you for considering the request.
I apologize for the delay in response due to some personal reasons. I will stay active on the thread to share the required data.
As part of the current status, I have built a Raspberry PI (running Linux Debian 12) as OS with AM deployment completed by referring the below link:
https://backstage.forgerock.com/docs/iot/7.1/evaluation-guide/about-iot.html
Could you please share more details about your use case and the specific nature of the sensor data you’re handling?
Use Case: Forgerock IAM should act as an interminate security component between end users and embedded systems (currently we are using electronic sensors controlled by Raspberry Pico Zero) whenever the end user wants to view sensor data/web page)
Additionally, could you provide some insights into the anticipated data flow within your setup? Are you considering the utilization of IG for tasks such as preprocessing, filtering, or validating sensor data before its final delivery to the end user?
Please find the requested details:
Sensor Data: Currently. we are accessing sensor data either by hitting the URL created by the ESP8266 server or as part of the logic implemented, by accessing data of ultrasonic sensor
Use Case: Forgerock IAM should act as an interminate security component between end users and embedded systems (currently we are using electronic sensors controlled by Raspberry Pico Zero, ESP8266 (Wifi) module) whenever the end user wants to view sensor data/web page)
Data Flow: I have completed the build of 2 such ESP8266 web server’s APIs where the data can be accessed (sensor values like distance, water;evel in a tank) and these are connected to the local area network
Requirement:
COMPONENT 1 (FORGEROCK): The need is to make ForgeRock protect the ESP8266 API by acting as an intermediary component by allowing authorized users only to access ESP8266 web servers
To test this in the local area network, the Raspberry PI 3 (Master) is configured with AM deployment, and Identity Gateway pre-requisites and is running
COMPONENT 2 (Embedded system setup): currently I am using electronic sensors (HCs404, Relay) controlled by Raspberry Pico Zero, ESP8266 (Wifi) module) and anyone can view sensor data/web pages being in LAN.
COMPONENT 3: End Users
Yes, agreeing to the statement. Also, I am trying to make use of IG as it offers multiple facilities and protection to AM servers in terms of usage, and security. So basically initially I am trying to learn to make Identity Gateway as a reverse proxy for the AM deployed on Raspberry PI (Master). IT should verify those users by interacting with Rasp Pi 3 (Master)
So I wanted to understand if IG needs to be installed and configured on the separate device where AM is currently installed (Master)
Hello StaySecure_2,
Thank you for sharing these additional details with us regarding your use case. It helps us gain a much better understanding of your setup and requirements. I will assist with checking with our internal teams for advice on how best to proceed with the placement of IG to address your requirements based on the information provided.
Cheers,
Sheila
Hello StaySecure_2,
After consulting with both the IoT and IG teams, it’s clear that both agree co-locating Access Management (AM) and Identity Gateway (IG) is sufficient for your specific use case. The IoT solution was designed to facilitate registration, authentication, and authorization of devices wanting to connect to the internet. Data produced by the devices would then be published to a 3rd party IoT platform. AM facilitates trust between the device and the IoT platform and also between users wanting to access that data from the IoT Platform.
According to your requirements, deploying IG and AM together should suffice subject to host resource availability. Given the limited RAM of a PI3, potential contention or performance degradation might occur if swap space is utilized.
Please note that running IG within the same container as AM is discouraged. Instead, it’s advisable to use IG standalone, which has been the standard version shipped since 2023.2.
I hope you find this information helpful. In summary, both teams support the co-location of IG and AM for your use case, provided that host resources are sufficient.
Thank you,
Sheila
Hey Sheila,
Thank you for sharing the details.
I will share my concerns tf enountered.
You’re welcome! I’m glad I could assist with the details. Please feel free to share your concerns, and I’ll do my best to address them. Happy to help!
Cheers!
Sheila