Skip to content
Sample configuration files for ForgeRock OpenIG
Shell Groovy
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Sample configuration files for ForgeRock OpenIG.

OpenIG is a Java based reverse proxy that specializes in solving Identity Management challenges. For example, OpenIG can perform the following:

  • Act as a SAML Relying Party
  • Authenticate against an OpenID connect provider
  • Act as an OAuth 2 resource server
  • Perform SSO to legacy web applications using stored credentials.

For more information on OpenIG refer to the documentation


This project contains a number of sample OpenIG configurations to demonstrate various OpenIG features.

See the in each example directory for an description of each example.

Pull requests are welcome! If you have a neat OpenIG example that you can share, please add it as a new example directory and send me a pull request via github.

Running the examples

To run these examples you will need to set the OpenIG base location to the root of each example. You can do this with a java option to the container (-Dopenig.base=/path/to/openig/config) or set the OPENIG_BASE environment variable. For example, to test example 1, using Jetty as the container:

 java -Dopenig.base=/Users/myhome/src/openig_examples/example1 -jar start.jar 

For your convenience there is a shell script that will handle the above for you.

To use, copy the file env.template to, and edit to suit your environment.

To run an example:

./ example1


The examples use stored secrets which should not be checked in to github. Copy the file env.template to and edit to suit your environment.


Example Description
example1 Demonstrate authentication using the OpenID Connect Filter
example2 Using the OAuth2 resource server filter to protect a REST resource

A Note on Routing

OpenIG accepts the first route that matches a request, and it evaluates routes in name lexicographical order. This is why this default route in the examples is named "zDefault" (z being at the end of the alphabet). If (for example) the default route was called "aDefault" - our other routes would never run. The default route would always take precedence since it matches any request, and is evaluated first.

You can’t perform that action at this time.