idm Image

The idm Docker image contains the IDM configuration.

Customization Overview

  • Customize IDM’s configuration data by using the Admin UI and the REST APIs.

  • Capture changes to the IDM configuration by exporting them from the IDM service running on Kubernetes to the staging area.

  • Save the modified IDM configuration to a configuration profile in your forgeops repository clone.

  • Build an updated idm Docker image that contains your customizations.

  • Redeploy IDM.

  • Verify that changes you’ve made to the IDM configuration are in the new Docker image.

Detailed Steps

Perform the following steps iteratively when developing a custom idm Docker image:

  1. If this is your first time building a custom Docker image, verify that you performed these setup activities, which are required for developers:

  2. Verify that:

    • The CDK is deployed.

    • The namespace in which the CDK is deployed is set in your Kubernetes context.

  3. Perform version control activities on your forgeops repository clone:

    1. Run the git status command.

    2. Review the state of the config directory.

    3. (Optional) Run the git commit command to commit changes to files that have been modified.

  4. Modify the IDM configuration using the IDM Admin UI or the REST APIs.

    For information about how to access the IDM Admin UI or REST APIs, see IDM Services.

    See About Property Value Substitution for important information about configuring values that vary at run-time, such as passwords and host names.

  5. Export the changes you made to the IDM configuration in the running ForgeRock Identity Platform to the staging area:

    $ cd /path/to/forgeops/bin
    $ ./ export --component idm
    Exporting IDM configuration…​
    tar: Removing leading `/' from member names
    IDM configuration files have been exported to docker/7.0/idm/config.

    The export --component idm command copies IDM static configuration from the running CDK instance to the staging area.

    Exporting the configuration from the CDK to the staging area.
  6. Review the differences between the files you exported to the staging area and files that you previously saved to your configuration profile.

    Use the diff command to review the changes. For example:

    $ ./ diff --component idm --profile my-profile
    diff  -u --recursive config/7.0/my-profile/idm docker/7.0/idm
    diff -u --recursive -x '.' -x Dockerfile -x '.sh' config/7.0/my-profile/idm/conf/audit.json docker/7.0/idm/conf/audit.json
    --- config/7.0/my-profile/idm/conf/audit.json	2022-01-06 11:35:36.000000000 -0800
    + docker/7.0/idm/conf/audit.json	2022-01-06 11:54:19.000000000 -0800
    @@ -135,6 +135,9 @@
         "exceptionFormatter" : {
             "type" : "text/javascript",
    +        "globals" : {
    +            "fred" : "aaa"
    +        },
             "file" : "bin/defaults/script/audit/stacktraceFormatter.js"
    . . .
    Only in docker/7.0/idm: resolver
    Only in docker/7.0/idm: ui
    . . .
  7. Save the IDM configuration to your configuration profile:

    $ ./ save --component idm --profile my-profile
    Saving IDM configuration.

    The save --component idm command copies IDM static configuration from the staging area to your configuration profile.

    Saving the configuration to your configuration profile.
  8. Perform version control activities on your forgeops repository clone:

    1. Run the git status command.

    2. Review the state of the config directory.

    3. (Optional) Run the git commit command to commit changes to files that have been modified.

  9. Build a new idm image that includes your changes to IDM static configuration:

    $ ./cdk build idm
    Building [idm]…​
    Sending build context to Docker daemon    276kB
    7.1.5: Pulling from
    79d3b412d726: Already exists
    . . .
    Step 7/7 : COPY --chown=forgerock:root . /opt/openidm
     --→ 4c47ecbce819
    Successfully built 4c47ecbce819
    Successfully tagged idm:24f2f9a16
    Updated the image_defaulter with your new image for idm: "idm:4c47ecbce819a8cc9b1b4af9821bf3653b33d06469ae6d25f82caae17805c195"

    The cdk build command calls Skaffold to build a new idm Docker image and push the image to your Docker registry[1]. It also updates the image defaulter file so that the next time you install IDM, the cdk install command gets IDM static configuration from your new custom Docker image.

    Building the new custom Docker image.
  10. Redeploy IDM:

    1. Remove IDM from your CDK installation:

      $ cd /path/to/forgeops/bin
      $ ./cdk delete idm
      OK to delete these components? [Y/N] Y
      configmap "idm" deleted
      configmap "idm-logging-properties" deleted
      service "idm" deleted
      deployment.apps "idm" deleted
    2. Redeploy IDM:

      $ ./cdk install idm
      Checking secret-agent operator and related CRDs: secret-agent CRD found in cluster.
      Checking ds-operator and related CRDs: ds-operator CRD found in cluster.
      Installing component(s): ['idm']
      configmap/idm created
      configmap/idm-logging-properties created
      service/idm created
      deployment.apps/idm created
      Enjoy your deployment!
    3. Run the kubectl get pods command to monitor the status of the IDM pod. Wait until the pod is ready before proceeding to the next step.

  11. To validate that IDM has the expected configuration:

    • Describe the IDM pod. Locate the tag of the Docker image that Kubernetes loaded, and verify that it’s your new custom Docker image’s tag.

    • Start the IDM Admin UI and verify that your configuration changes are present.

Additional Topics of Interest

1. Occasionally, Skaffold has issues with cached images. To work around a caching problem, remove Skaffold’s cache by running the rm -rf $HOME/.skaffold/cache command. If removing the cache still does not resolve the problem, use the docker pull command to manually pull the images.
Copyright © 2010-2024 ForgeRock, all rights reserved.