Step 2. Deploy AM

Deploying AM creates a default configuration that you can access with AM's administrative user; amAdmin.

To Deploy ForgeRock Access Management

Deploy AM into Apache Tomcat and then configure it for use.

  1. Copy the AM .war file to deploy in Apache Tomcat as openam.war:

    $ cp AM-7.1.4.war /path/to/tomcat/webapps/openam.war

    It can take Apache Tomcat several seconds to deploy AM.

  2. Navigate to the deployed AM application; for example,

  3. On the AM configuration screen, click Create Default Configuration.

    AM configuration screen
  4. Review the software license agreement. If you agree to the license, click "I accept the license agreement", and then click Continue.

    AM License Agreement
  5. Set the Default User [amAdmin] password to changeit, and click Create Configuration to configure AM.

    AM Evaluation Configuration


    When configuring AM for real-world use, do not use this password, it is only to get started with AM. The amAdmin user is the default AM administrator, that has full control over the AM configuration.

  6. Click the Proceed to Login link, then log in as amAdmin with the password you configured in a previous step, changeit.

    After login, AM should direct you to the Realms page.

    AM Realms

    AM stores its configuration, including the embedded DS server, in a directory named after the deployment URI. In other words, if AM is deployed under /openam, then the configuration is saved under $HOME/openam/.


    If you need to delete your configuration, the quickest way to start over is to stop Apache Tomcat, delete the AM configuration directory, and restart the AM web application to start the process from the beginning.

    AM is now configured, and ready for use. Make sure you have successfully logged in to the AM console before configuring the authentication tree.

  7. Make sure you have successfully logged in to the AM console, and then proceed to Step 3. Configure AM.

Read a different version of :