Requirements
Files to download
PingAM software is available at https://backstage.forgerock.com.
The following table describes the files available for download.
| File | Description |
|---|---|
|
Cross-platform distribution including all software components. For a list of the files in the .zip archive, see Download AM. |
|
Deployable web application archive file. |
|
The .zip file that contains tools to manage AM from the command line. |
|
The .zip file that contains tools to configure AM from the command line. |
| File | AM 6.5 | AM 7.0 | AM 7.1 | AM 7.2 | AM 7.3 | AM 7.4 |
|---|---|---|---|---|---|---|
AM ZIP |
AM-6.5.5.zip |
AM-7.0.2.zip |
AM-7.1.4.zip |
AM-7.2.2.zip |
AM-7.3.1.zip |
AM-7.4.0.zip |
AM WAR |
AM-6.5.5.war |
AM-7.0.2.war |
AM-7.1.4.war |
AM-7.2.2.war |
AM-7.3.1.war |
AM-7.4.0.war |
AM SSO Admin Tools |
SSOAdminTools-5.1.2.24.zip |
SSOAdminTools-5.1.3.11.zip |
SSOAdminTools-5.1.3.19.zip |
SSOAdminTools-5.1.3.27.zip |
SSOAdminTools-5.1.3.21.zip |
AM-SSOAdminTools-5.1.3.21.zip |
AM SSO Configurator Tools |
SSOConfiguratorTools-5.1.2.24.zip |
SSOConfiguratorTools-5.1.3.11.zip |
SSOConfiguratorTools-5.1.3.19.zip |
SSOConfiguratorTools-5.1.3.27.zip |
SSOConfiguratorTools-5.1.3.21.zip |
AM-SSOConfiguratorTools-5.1.3.21.zip |
Operating systems
PingAM software is supported on the following operating systems:
| Operating system | AM 6.5 | AM 7.0 | AM 7.1 | AM 7.2 | AM 7.3 | AM 7.4 | AM 7.5 |
|---|---|---|---|---|---|---|---|
Amazon Linux |
2, 2017.09, 2018.03 |
2018.03 |
2, 2018.03 |
2, 2018.03, 2023 |
|||
CentOS |
6, 7 |
Not supported |
|||||
Debian Linux |
Not supported |
11 |
|||||
Red Hat Enterprise Linux |
6, 7 |
8, 9 |
|||||
Rocky Linux |
Not supported |
8, 9 |
|||||
Solaris Sparc, Solaris x64 |
10,11 |
Not supported |
|||||
SuSE |
12 |
12, 15 |
15 |
||||
Ubuntu |
14.04 LTS, 16.04 LTS, 18.04 LTS |
16.04 LTS, 18.04 LTS |
18.04 LTS, 20.04 LTS |
18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS |
|||
Windows Server |
2012 R2, 2016 |
2016, 2019 |
|||||
Web and Java agents
The following table summarizes the minimum recommended version of web and Java agents:
| Agent | Version |
|---|---|
Web agents |
5.10.2 |
Java agents |
5.10.2 |
AM supports several versions of web agents and Java agents. For supported container versions and other platform requirements related to agents, refer to the Web Agents Release Notes and the Java Agents Release Notes.
Java
PingAM software is supported on the following Java environments:
| Vendor | AM 6.5 | AM 7.0 | AM 7.1 | AM 7.2 | AM 7.3 | AM 7.4 | AM 7.5 |
|---|---|---|---|---|---|---|---|
IBM SDK, Java Technology Edition (WebSphere only) |
8 |
Not supported |
|||||
OpenJDK(1) |
8, 11(2) |
11 |
11, 17 |
17 |
|||
Oracle Java |
8, 11(2) |
11 |
11, 17 |
17 |
|||
(1) AM supports OpenJDK-based distributions, including:
-
AdoptOpenJDK/Eclipse Temurin Java Development Kit (Adoptium)
-
Amazon Corretto
-
Azul Zulu
-
Red Hat OpenJDK
Ping Identity tests most extensively with AdoptOpenJDK/Eclipse Temurin. Use the HotSpot JVM, if possible.
| Always use a JVM with the latest security fixes. |
Application containers
This table summarizes supported web application containers and their required versions:
| Container | AM 6.5 | AM 7.0 | AM 7.1 | AM 7.2 | AM 7.3 | AM 7.4 | AM 7.5 |
|---|---|---|---|---|---|---|---|
Apache Tomcat |
7(1), 8.5, 9 |
8.5, 9 |
|||||
IBM WebSphere |
8.5.5.8+(2), 9 |
Not supported |
|||||
IBM WebSphere Liberty |
Not supported |
20.0.0.1 |
22.0.0.4 |
||||
JBoss Enterprise Application Platform |
7.1 |
7.2 |
7.3 |
7.4 |
|||
Oracle WebLogic Server |
12c (12.2.1.3) |
Not supported |
|||||
Wildfly |
10.1, 11, 12 |
12, 19 |
15, 19 |
15, 26 |
26 |
||
(1) Don’t use Apache Tomcat 7.0.15+. This version results in a SocketTimeoutException when the application tries to read the request InputStream under high load. This issue affects Apache Tomcat 7.0.15+ only and was fixed in version 8.5. For more information, go to https://github.com/apache/tomcat80/pull/9.
(2) WebSphere 8.5.5.x does not have the JEE libraries required to support WebSockets. This impacts policy agents, which use WebSockets extensively. WebSphere 9.x is not affected by this issue.
The web application container must be able to write to its own home directory, where AM stores configuration files.
|
Java Agents and Web Agents require the WebSocket protocol to communicate with AM. Ensure that the container where AM runs, the web server/container where the agents run, and your network infrastructure all support the WebSocket protocol. Refer to your network infrastructure and web server/container documentation for more information about WebSocket support. |
Directory servers
This table lists supported directory servers.
As described in identity stores, you can configure AM to use LDAPv3-compliant directory servers as user data stores. If you have a special request to deploy AM with a user data store not mentioned in the following table, contact info@forgerock.com.
| Directory server | AM 6.5 | AM 7.0 | AM 7.1 | AM 7.2 | AM 7.3 | AM 7.4 | AM 7.5 |
|---|---|---|---|---|---|---|---|
Embedded DS(1)(2) |
6.5.6 |
7.0 |
7.1.5 |
7.2 |
7.3 |
7.4 |
7.5 |
External DS(2) |
Any Ping Identity-supported version |
6 and later |
|||||
File system-based |
N/A |
||||||
Oracle Unified Directory |
11g R2 |
||||||
Oracle Directory Server Enterprise Edition |
11g |
||||||
Microsoft Active Directory |
2012 R2, 2016 |
2016, 2019 |
|||||
IBM Tivoli Directory Server |
6.3 |
6.4 |
|||||
(1) Demo and test environments only. (2) PingDS, formerly named ForgeRock Directory Server.
| Directory server | Configuration | Apps / policies | CTS | Identities | UMA |
|---|---|---|---|---|---|
Embedded PingDS(1) |
✔ |
✔ |
✔ |
✔ |
✔ |
External PingDS |
✔ |
✔ |
✔ |
✔ |
✔ |
File system-based |
✔ |
||||
Oracle Unified Directory |
✔ |
||||
Oracle Directory Server Enterprise Edition |
✔ |
||||
Microsoft Active Directory |
✔ |
||||
IBM Tivoli Directory Server |
✔ |
(1) Demo and test environments only.
Third-party software
Ping Identity supports using the following third-party software when logging Common Audit events:
| Software | AM 6.5 | AM 7.0 | AM 7.1 | AM 7.2 | AM 7.3 | AM 7.4 | AM 7.5 |
|---|---|---|---|---|---|---|---|
Java Message Service (JMS) |
N/A |
2.0 API |
|||||
MySQL JDBC Driver Connector/J |
N/A |
8 (at least 8.0.19) |
|||||
Splunk |
N/A |
8.0 (at least 8.0.2) |
|||||
|
Elasticsearch and Splunk have native or third-party tools to collect, transform, and route logs. Examples include Logstash and Fluentd. Consider using these alternatives as they have advanced, specialized features focused on getting log data into the target system. They decouple the solution from the Ping Identity Platform systems and version, and provide inherent persistence and reliability. You can configure the tools to avoid losing audit messages if a Ping Identity Platform service goes offline, or delivery issues occur. These tools can work with Common Audit logging:
|
Ping Identity supports using the following third-party software when monitoring AM servers:
| Software | AM 6.5 | AM 7.0 | AM 7.1 | AM 7.2 | AM 7.3 | AM 7.4 | AM 7.5 |
|---|---|---|---|---|---|---|---|
Grafana |
N/A |
5 (at least 5.0.2) |
|||||
Graphite |
N/A |
1 |
|||||
Prometheus |
N/A |
2.0 |
|||||
For hardware security module (HSM) support, AM requires a client library that conforms to the PKCS#11 standard v2.20 or later.
Supported clients
The following table summarizes supported clients and their minimum required versions:
| Client Platform | Native Apps(1) | Chrome 62+ | Edge 25+ | Firefox 57+ | Safari 11+ | Mobile Safari |
|---|---|---|---|---|---|---|
Windows 8 |
|
|
|
|||
Windows 10 |
|
|
|
|
||
Mac OS X 10.11 or later |
|
|
|
|
||
Ubuntu 14.04 LTS or later |
|
|
|
|||
iOS 9 or later |
|
|
|
|||
Android 6 or later |
|
|
(1)Native Apps is a placeholder to indicate the platform is not limited to browser-based technologies. An example of a native app would be something written to use common REST APIs.