AM release notes

Requirements

Files to download

Access Management software is available at https://backstage.forgerock.com.

The following table describes the files available for download.

Access Management software
File Description

AM-7.4.0.zip

Cross-platform distribution including all software components.

For a list of the files in the .zip archive, see Download AM.

AM-7.4.0.war

Deployable web application archive file.

AM-SSOAdminTools-5.1.3.21.zip

The .zip file that contains tools to manage AM from the command line.

AM-SSOConfiguratorTools-5.1.3.21.zip

The .zip file that contains tools to configure AM from the command line.

Files for previous versions
File AM 6.5 AM 7.0 AM 7.1 AM 7.2 AM 7.3

AM ZIP

AM-6.5.5.zip

AM-7.0.2.zip

AM-7.1.4.zip

AM-7.2.1.zip

AM-7.3.1.zip

AM WAR

AM-6.5.5.war

AM-7.0.2.war

AM-7.1.4.war

AM-7.2.1.war

AM-7.3.1.war

AM SSO Admin Tools

SSOAdminTools-5.1.2.24.zip

SSOAdminTools-5.1.3.11.zip

SSOAdminTools-5.1.3.19.zip

SSOAdminTools-5.1.3.16.zip

SSOAdminTools-5.1.3.21.zip

AM SSO Configurator Tools

SSOConfiguratorTools-5.1.2.24.zip

SSOConfiguratorTools-5.1.3.11.zip

SSOConfiguratorTools-5.1.3.19.zip

SSOConfiguratorTools-5.1.3.16.zip

SSOConfiguratorTools-5.1.3.21.zip

Operating systems

Access Management software is supported on the following operating systems:

Operating system AM 6.5 AM 7.0 AM 7.1 AM 7.2 AM 7.3 AM 7.4

Amazon Linux

2, 2017.09, 2018.03

2018.03

2, 2018.03

Red Hat Enterprise Linux, CentOS

6, 7

7

Debian Linux

Not supported

11

Red Hat Enterprise Linux, Rocky Linux

Not supported

8, 9

Solaris Sparc, Solaris x64

10,11

Not supported

SuSE

12

12, 15

15

Ubuntu

14.04 LTS, 16.04 LTS, 18.04 LTS

16.04 LTS, 18.04 LTS

18.04 LTS, 20.04 LTS

18.04 LTS, 20.04 LTS, 22.04 LTS

Windows Server

2012 R2, 2016

2016, 2019

Web and Java agents

The following table summarizes the minimum recommended version of web and Java agents:

Minimum agent version recommended
Agent Version

Web agents

5.10.2

Java agents

5.10.2

AM supports several versions of web agents and Java agents. For supported container versions and other platform requirements related to agents, refer to the Web Agents Release Notes and the Java Agents Release Notes.

Java

Access Management software is supported on the following Java environments:

Vendor AM 6.5 AM 7.0 AM 7.1 AM 7.2 AM 7.3 AM 7.4

IBM SDK, Java Technology Edition (WebSphere only)

8

Not supported

OpenJDK(1)

8, 11(2)

11

11, 17

Oracle Java

8, 11(2)

11

11, 17

(1) AM supports OpenJDK-based distributions, including:

  • AdoptOpenJDK/Eclipse Temurin Java Development Kit (Adoptium)

  • Amazon Corretto

  • Azul Zulu

  • Red Hat OpenJDK

ForgeRock tests most extensively with AdoptOpenJDK/Eclipse Temurin. ForgeRock recommends using the HotSpot JVM.

Always use a JVM with the latest security fixes.

Application containers

This table summarizes supported web application containers and their required versions:

Container AM 6.5 AM 7.0 AM 7.1 AM 7.2 AM 7.3 AM 7.4

Apache Tomcat

7(1), 8.5, 9

8.5, 9

IBM WebSphere

8.5.5.8+(2), 9

Not supported

IBM WebSphere Liberty

Not supported

20.0.0.1

22.0.0.4

JBoss Enterprise Application Platform

7.1

7.2

7.3

7.4

Oracle WebLogic Server

12c (12.2.1.3)

Not supported

Wildfly

10.1, 11, 12

12, 19

15, 19

15, 26

(1) Don’t use Apache Tomcat 7.0.15+. This version results in a SocketTimeoutException when the application tries to read the request InputStream under high load. This issue affects Apache Tomcat 7.0.15+ only, and was fixed in version 8.5. For more information, go to https://github.com/apache/tomcat80/pull/9.

(2) WebSphere 8.5.5.x does not have the JEE libraries required to support WebSockets. This impacts policy agents, which use WebSockets extensively. WebSphere 9.x is not affected by this issue.

The web application container must be able to write to its own home directory, where AM stores configuration files.

Java Agents and Web Agents require the WebSocket protocol to communicate with AM.

Ensure that the container where AM runs, the web server/container where the agents run, and your network infrastructure all support the WebSocket protocol.

Refer to your network infrastructure and web server/container documentation for more information about WebSocket support.

Directory servers

This table lists supported directory servers.

As described in identity stores, you can configure AM to use LDAPv3-compliant directory servers as user data stores. If you have a special request to deploy AM with a user data store not mentioned in the following table, contact info@forgerock.com.

Supported directory servers
Directory server AM 6.5 AM 7.0 AM 7.1 AM 7.2 AM 7.3 AM 7.4

Embedded ForgeRock Directory Services(1)

6.5.6

7.0

7.1.5

7.2

7.3

7.4

External ForgeRock Directory Services

Any ForgeRock-supported version

6 and later

File system-based

N/A

Oracle Unified Directory

11g R2

Oracle Directory Server Enterprise Edition

11g

Microsoft Active Directory

2012 R2, 2016

2016, 2019

IBM Tivoli Directory Server

6.3

6.4

(1) Demo and test environments only.

Supported features
Directory server Configuration Apps / policies CTS Identities UMA

Embedded ForgeRock Directory Services(1)

External ForgeRock Directory Services

File system-based

Oracle Unified Directory

Oracle Directory Server Enterprise Edition

Microsoft Active Directory

IBM Tivoli Directory Server

(1) Demo and test environments only.

Third-party software

ForgeRock provides support for using the following third-party software when logging ForgeRock Common Audit events:

Third-party logging software
Software AM 6.5 AM 7.0 AM 7.1 AM 7.2 AM 7.3 AM 7.4

Java Message Service (JMS)

N/A

2.0 API

MySQL JDBC Driver Connector/J

N/A

8 (at least 8.0.19)

Splunk

N/A

8.0 (at least 8.0.2)

Elasticsearch and Splunk have native or third-party tools to collect, transform, and route logs. Examples include Logstash and Fluentd.

ForgeRock recommends that you consider these alternatives. These tools have advanced, specialized features focused on getting log data into the target system. They decouple the solution from the ForgeRock Identity Platform systems and version, and provide inherent persistence and reliability. You can configure the tools to avoid losing audit messages if a ForgeRock Identity Platform service goes offline, or delivery issues occur.

These tools can work with ForgeRock Common Audit logging:

  • Configure the server to log messages to standard output, and route from there.

  • Configure the server to log to files, and use log collection and routing for the log files.

ForgeRock provides support for using the following third-party software when monitoring ForgeRock servers:

Third-party monitoring software
Software AM 6.5 AM 7.0 AM 7.1 AM 7.2 AM 7.3 AM 7.4

Grafana

N/A

5 (at least 5.0.2)

Graphite

N/A

1

Prometheus

N/A

2.0

For hardware security module (HSM) support, ForgeRock software requires a client library that conforms to the PKCS#11 standard v2.20 or later.

Supported clients

The following table summarizes supported clients and their minimum required versions:

Supported clients
Client Platform Native Apps(1) Chrome 62+ Edge 25+ Firefox 57+ Safari 11+ Mobile Safari

Windows 8

Windows 10

Mac OS X 10.11 or later

Ubuntu 14.04 LTS or later

iOS 9 or later

Android 6 or later

(1)Native Apps is a placeholder to indicate the platform is not limited to browser-based technologies. An example of a native app would be something written to use ForgeRock REST APIs.

Special requests

If you have a special request regarding support for a combination not listed here, contact ForgeRock at info@forgerock.com.

Copyright © 2010-2024 ForgeRock, all rights reserved.