ForgeRock Identity Gateway

Requirements

ForgeRock supports customers using the versions specified here. Other versions and alternative environments might work as well. When opening a support ticket for an issue, however, make sure you can also reproduce the problem on a combination covered here.

Downloads

Download product software from the ForgeRock BackStage download site:

File Description

IG-2024.3.0.zip

Cross-platform distribution including all software components.

IG-sample-application-2024.3.0.jar

Web application for testing IG configurations

For information about using the Docker image provided with the product software, refer to IG’s Deployment guide.

Operating systems

IG is supported on the following operating system versions:

Vendor IG 2024.3 IG 2023.11 IG 2023.9 IG 2023.6 IG 2023.4 IG 2023.2

Amazon Linux

2, 2023

2, 2023

2, 2023

-

-

-

Red Hat Enterprise Linux

7, 8, 9

7, 8, 9

7, 8, 9

7, 8, 9

7, 8

7, 8

Centos OS

7

7

7

7

7

7

Ubuntu LTS

22.04, 20.04

22.04, 20.04

22.04, 20.04

22.04, 20.04

20.04

20.04

Windows Server

2016, 2019, 2022

2016, 2019

2016, 2019

2016, 2019

2016, 2019

2016, 2019

SUSE Linux Enterprise

12, 15

12, 15

12, 15

12, 15

12, 15

12, 15

Rocky Linux

9.x

-

-

-

-

-

Java

IG supports the following Java environments:

IG version Vendor Java version

2024.3

OpenJDK, including OpenJDK-based distributions:

  • AdoptOpenJDK/Eclipse Adoptium

  • Amazon Corretto

  • Azul Zulu

  • Red Hat OpenJDK

21, 17

2023.11 - 2023.4

OpenJDK, including OpenJDK-based distributions:

  • AdoptOpenJDK/Eclipse Adoptium

  • Amazon Corretto

  • Azul Zulu

  • Red Hat OpenJDK

17, 11

2023.2 - 7.1

OpenJDK, including OpenJDK-based distributions:

  • AdoptOpenJDK/Eclipse Adoptium

  • Amazon Corretto

  • Azul Zulu

  • Red Hat OpenJDK

11

7

OpenJDK, including OpenJDK-based distributions:

  • AdoptOpenJDK/Eclipse Adoptium

  • Amazon Corretto

  • Azul Zulu

  • Red Hat OpenJDK

Oracle Java

ForgeRock tests most extensively with Eclipse Adoptium.

ForgeRock recommends using the HotSpot JVM.

Consider the following points for using Java:

  • Use a JVM with the latest security fixes.

  • Keep your Java installation up-to-date with the latest security fixes.

  • Java 11 is the earliest long-term supported (LTS) Java version for IG 2023.11 and earlier versions. Earlier versions of Java don’t contain required cryptography fixes. If you are using an earlier version of Java, secure your installation as described in the Java JDK Security Advisory #202109.

HTTP protocol

IG supports HTTP/1.1 and HTTP/2.0.

HTTP/1.0 is not supported.

FQDNs

IG replication requires use of fully qualified domain names (FQDNs), such as ig.example.com.

Hostnames like example.com are acceptable for evaluation. In production, and when using replication across systems, you must either ensure DNS is set up correctly to provide FQDNs, or update the hosts file (/etc/hosts or C:\Windows\System32\drivers\etc\hosts) to supply unique, FQDNs.

Certificates

For secure network communications with client applications that you do not control, install a properly signed digital certificate that your client applications recognize, such as one that works with your organization’s PKI, or one signed by a recognized CA.

To use the certificate during installation, the certificate must be located in a file-based keystore supported by the JVM (JKS, JCEKS, PKCS#12), or on a PKCS#11 token. To import a signed certificate into the server keystore, use the Java keytool command.

Third-party software for encryption

Bouncy Castle is required for signature encryption with RSASSA-PSS or Deterministic ECDSA. For information, refer to The Legion of the Bouncy Castle.

Third-party software

ForgeRock provides support for using the following third-party software when logging ForgeRock Common Audit events:

Software Version

Java Message Service (JMS)

2.0 API

MySQL JDBC Driver Connector/J

8 (at least 8.0.19)

Splunk

8.0 (at least 8.0.2)

Elasticsearch and Splunk have native or third-party tools to collect, transform, and route logs. Examples include Logstash and Fluentd.

ForgeRock recommends that you consider these alternatives. These tools have advanced, specialized features focused on getting log data into the target system. They decouple the solution from the ForgeRock Identity Platform systems and version, and provide inherent persistence and reliability. You can configure the tools to avoid losing audit messages if a ForgeRock Identity Platform service goes offline, or delivery issues occur.

These tools can work with ForgeRock Common Audit logging:

  • Configure the server to log messages to standard output, and route from there.

  • Configure the server to log to files, and use log collection and routing for the log files.

ForgeRock provides support for using the following third-party software when monitoring ForgeRock servers:

Software Version

Grafana

5 (at least 5.0.2)

Graphite

1

Prometheus

2.0

For hardware security module (HSM) support, ForgeRock software requires a client library that conforms to the PKCS#11 standard v2.20 or later.

Studio browser

ForgeRock has tested many browsers with Studio, including the latest stable version of Chrome.

Features requiring later versions of ForgeRock Access Management

Feature Minimum version of AM

Session eviction.

AM 7.3, available after the IG 2023.2 release

OAuth2TokenExchangeFilter.

AM 7.1

Support for refresh of idle sessions when the SingleSignOnFilter is used for authentication with AM. For more information, refer to the sessionIdleRefresh property of IG’s AmService.

AM 6.5.3

Eviction of revoked OAuth 2.0 access tokens from the cache. For more information, refer to IG’s CacheAccessTokenResolver, and the cache property of OAuth2ResourceServerFilter.

AM 6.5.3

Support for OAuth 2.0 Mutual TLS (mTLS). For more information, refer to ConfirmationKeyVerifierAccessTokenResolver and Validate certificate-bound access tokens.

AM 6.5.1
Copyright © 2010-2024 ForgeRock, all rights reserved.