Notes covering new features, fixes, and known issues in the ForgeRock® Identity Message Broker.


These release notes describe prerequisites for installation, known issues and improvements to the software, changes and deprecated functionality, and other important information.

ForgeRock Identity Platform™ is the only offering for access management, identity management, user-managed access, directory services, and an identity gateway, designed and built as a single, unified platform.

The platform includes the following components that extend what is available in open source projects to provide fully featured, enterprise-ready software:

  • ForgeRock Access Management (AM)

  • ForgeRock Identity Management (IDM)

  • ForgeRock Directory Services (DS)

  • ForgeRock Identity Gateway (IG)

  • ForgeRock Identity Message Broker (IMB)

Chapter 1. What's New in This Release

The Identity Message Broker is a publish-subscribe broker service that secures and hardens the sending and receiving of messages between an MQTT client and the cloud in Internet of Things (IoT) systems.

The Identity Message Broker provides the following features, which are a subset of the MQTT specification:

  • Quality of Service (QoS) level 0

  • Ping, publish, and subscribe methods

  • Secure MQTT (MQTTS) for the MQTT server connection

  • Authentication of MQTT clients through certificates and keys

ForgeRock Access Management acts as an authorization server, to authenticate MQTT clients through OpenID Connect tokens.

This chapter describes new features, improvements, and fixes in the Identity Message Broker.

1.1. New Features

This is the first release of Identity Message Broker.

1.2. Security Advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly. ForgeRock's security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For more information, see ForgeRock's Security Policy.

Chapter 2. Before You Install

This chapter describes prerequisites for installing and running the Identity Message Broker.

2.1. Required Software

The following software is required by the IMB:

  • Java 8

  • ForgeRock Access Management 5.1 or a later version

    AM is used to authenticate MQTT clients, authenticate the Identity Message Broker, and provide a policy decision point. For information, see the Access Management documentation.

The examples in Chapter 3, "Running MQTT Publish and Receive" in the User Guide use Mosquitto MQTT client for the MQTT client and cloud application. For information and downloads, see

2.2. Downloading Identity Message Broker Software

Download from the Edge Security area of the ForgeRock BackStage download site .

Chapter 3. Changes and Deprecated Functionality

This chapter describes major changes to existing functionality, deprecated functionality, and removed functionality.

3.1. Important Changes to Existing Functionality

This is the first release. No existing functionality has been changed in this release.

3.2. Deprecated Functionality

This is the first release. No existing functionality has been deprecated in this release.

3.3. Removed Functionality

This is the first release. No existing functionality has been removed in this release.

Chapter 4. Fixes, Limitations, and Known Issues

This chapter describes the status of fixes, limitations, and known issues at this release.

4.1. Key Fixes

This is the first release. No key fixes are attributed to this release.

4.2. Limitations

The Identity Message Broker supports a subset of the MQTT specification. For information about the features provided by IMB, see Chapter 1, "What's New in This Release". This release includes the following limitations:

Quality of Service (QoS) Level 0 Only

Each MQTT publish is sent with QoS 0, in which the sender tries with best effort to send a message once, and relies on the reliability of TCP. A message is never resent.

Even if the client requests to subscribe with a QoS 1 or QoS 2, a QoS 0 is provided. A client cannot recuperate a missed message.

Non-persistent sessions

Information for a client is not saved by the IMB when the session closes. For example, a client that is connected and subscribed to topics must resubscribe if it disconnects and reconnects.

Last will and testament

Clients cannot currently specify a last will message to be sent when they disconnect ungracefully.

4.3. Known Issues

No important known issues are attributed to this release.

Chapter 5. Getting Support

This chapter includes information and resources for ForgeRock Identity Message Broker and ForgeRock support.

5.1. Accessing Documentation Online

ForgeRock publishes comprehensive documentation online:

  • The ForgeRock Knowledge Base offers a large and increasing number of up-to-date, practical articles that help you deploy and manage ForgeRock software.

    While many articles are visible to community members, ForgeRock customers have access to much more, including advanced information for customers using ForgeRock software in a mission-critical capacity.

  • ForgeRock product documentation, such as this document, aims to be technically accurate and complete with respect to the software documented. It is visible to everyone and covers all product features and examples of how to use them.

5.2. How to Report Problems or Provide Feedback

If you find issues or reproducible bugs, report them in

When requesting help with a problem, include the following information:

  • Description of the problem, including when the problem occurs and its impact on your operation

  • Description of the environment, including the following information:

    • Machine type

    • Operating system and version

    • Web server or container and version

    • Java version

    • Patches or other software that might affect the problem

  • Steps to reproduce the problem

  • Relevant access and error logs, stack traces, and core dumps

5.3. Getting Support and Contacting ForgeRock

ForgeRock provides support services, professional services, classes through ForgeRock University, and partner services to assist you in setting up and maintaining your deployments. For a general overview of these services, see

ForgeRock has staff members around the globe who support our international customers and partners. For details, visit, or send an email to ForgeRock at

Read a different version of :