Notes covering new features, fixes and known issues for ForgeRock® Access Management Java agents. ForgeRock Access Management provides open source authentication, authorization, entitlement and federation software.

Preface

Read these release notes before installing Java Agents.

The information contained in these release notes cover prerequisites for installation, known issues and improvements to the software, changes and deprecated functionality, and other important information.

About ForgeRock Identity Platform™ Software

ForgeRock Identity Platform™ serves as the basis for our simple and comprehensive Identity and Access Management solution. We help our customers deepen their relationships with their customers, and improve the productivity and connectivity of their employees and partners. For more information about ForgeRock and about the platform, see https://www.forgerock.com.

Chapter 1. What's New in Java Agents

Before you install or update Java agents, read these release notes.

Important

Before upgrading to Java Agents 5.6.x, consider the following points:

  • Java Agents 5.6.x only supports AM 5.5 and later.

  • Java Agents 5.6.x use the WebSocket protocol to communicate with AM. Both the Java container and the network infrastructure must support the WebSocket protocol.

    Refer to your network infrastructure and Java container documentation for more information about WebSocket support.

  • If you are upgrading from a version earlier than 5, Java Agents 5 introduced notable changes. For example, they dropped support for JAAS and require you to enable a new property if you are not using the AM UI as the login page.

    For more information about changes introduced in Java Agents 5, refer to the Java Agents 5 Release Notes.

1.1. Patch Releases

ForgeRock patch releases contain a collection of fixes that have been grouped together and released as part of our commitment to support our customers. For general information on ForgeRock's maintenance and patch releases, see Maintenance and Patch Availability Policy.

Java Agents 5.6.1.1
  • Java Agents 5.6.1.1 is the latest release targeted for Java Agents 5.6.1.0 deployments and can be downloaded from the ForgeRock Backstage website.

    This release fixes a security issue. For more information, see "Security Advisories".

1.2. New Features

Java Agents 5.6.1.1
  • No new features were introduced in this release.

Java Agents 5.6.1.0
  • No new features were introduced in this release.

Java Agents 5.6.0
  • There are no new features in this release.

1.3. Major Improvements

Java Agents 5.6.1.1
  • There are no major improvements in this release.

Java Agents 5.6.1.0
  • There are no major improvements in this release.

Java Agents 5.6.0
  • There are no major improvements in this release.

1.4. Security Advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly. ForgeRock's security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base.

Chapter 2. Before You Install

This section covers software and hardware prerequisites for installing and running Java Agents.

ForgeRock supports customers using the versions specified here. Other versions and alternative environments might work as well. When opening a support ticket for an issue, however, make sure you can also reproduce the problem on a combination covered here.

2.1. Platform Requirements

The following table summarizes platform support:

Supported Operating Systems & Web Application Containers
Operating Systems (OS)OS VersionsWeb Application Containers & Minimum Supported Versions
Amazon Linux 2,
CentOS,
Oracle Linux,
Red Hat Enterprise Linux
6,
7
Apache Tomcat 7.0.79,
Apache Tomcat 8.5,
Apache Tomcat 9.0, [a]
Eclipse Jetty 9, [b]
IBM WebSphere Application Server 8.5.5.9,
IBM WebSphere Application Server 9.0,
Oracle WebLogic Server 12c (12.2.1.3)
Red Hat JBoss Enterprise Application Platform 6.3.3, [c]
Red Hat JBoss Enterprise Application Platform 7.1,
Red Hat JBoss Enterprise Application Platform 7.2, [a]
WildFly 13,
WildFly 14,
WildFly 15, [a]
WildFly 16 [a]
Ubuntu Linux
16.04 LTS, [c]
18.04 LTS
IBM AIX
6, [c]
7
IBM WebSphere Application Server 8.5.5.9,
IBM WebSphere Application Server 9.0
Microsoft Windows Server
2008 R2, [c]
2012, [c]
2012 R2, [c]
2016
Apache Tomcat 7.0.79,
Apache Tomcat 8.5,
Apache Tomcat 9.0 [a]
Oracle Solaris SPARC,
Oracle Solaris x64
10,
11
Apache Tomcat 7.0.79,
Apache Tomcat 8.5,
Apache Tomcat 9.0, [a]
Oracle WebLogic Server 12c (12.2.1.3)

[a] Supports JDK 11.

[b] Version 9.4.13 or later is required for JDK 11 support.

[c] Support for this platform will be discontinued in a future release.


Important

Java Agents uses the WebSocket protocol to communicate with AM. Both the Java container and the network infrastructure must support the WebSocket protocol.

Refer to your network infrastructure and Java container documentation for more information about WebSocket support.

2.2. Access Management Requirements

Java Agents 5.6.1.1 does not interoperate with:

  • OpenAM

  • AM versions earlier than 5.5.

2.3. Java Requirements

Java agents run in a Java container, and require a Java Development Kit.

ForgeRock supports customers using the following Java versions. ForgeRock recommends the most recent Java update, with the latest security fixes.

Supported Java Development Kit Versions
VendorVersion
Oracle Java8, 11
IBM Java (WebSphere only)8
OpenJDK8, 11

2.4. Supported Clients

The following table summarizes supported clients and their minimum required versions:

Supported Clients
Client Platform Native Apps[a] Chrome 33+ Internet Explorer 9+ [b] Edge 0.1+Firefox 28+Safari 6.2+Mobile Safari
Windows 7 or later   
Mac OS X 10.8 or later     
Ubuntu 12.04 LTS or later      
iOS 7 or later     
Android 4.3 or later      

[a] Native Apps is a placeholder to indicate AM is not just a browser-based technology product. An example of a native app would be something written to use AM's REST APIs, such as the sample OAuth 2.0 Token Demo app.

[b] Internet Explorer 9 is the minimum required for end users. For the administration console, Internet Explorer 11 is required.


2.5. Special Requests

If you have a special request regarding support for a combination not listed here, contact ForgeRock at info@forgerock.com.

Chapter 3. Changes and Deprecated Functionality

This chapter covers both major changes to existing functionality, and also deprecated and removed functionality.

3.1. Important Changes to Existing Functionality

Java Agents 5.6.1.1
  • There are no important changes in functionality in this release.

Java Agents 5.6.1.0
  • There are no important changes in functionality in this release, other than those identified in Java Agents 5.6.0.

Java Agents 5.6.0
  • Specify Agent Profile Realm During Installation

    Java Agents 5.6 allow you to specify the realm in which the agent profile exists, making the process easier if you are not using the top-level realm.

    Performing installation using an existing response file that does not specify the realm will assume the top-level realm.

    For more information, see "Installing Java Agents" in the User Guide.

3.2. Deprecated Functionality

Java Agents 5.6.1.1
  • There is no deprecated functionality in this release.

Java Agents 5.6.1.0
  • There is no deprecated functionality in this release.

Java Agents 5.6.0
  • There is no deprecated functionality in this release.

3.3. Removed Functionality

Java Agents 5.6.1.1
  • There is no removed functionality in this release.

Java Agents 5.6.1.0
  • There is no removed functionality in this release.

Java Agents 5.6.0
  • There is no removed functionality in this release.

Chapter 4. Fixes, Limitations, and Known Issues

4.1. Key Fixes

Java Agents 5.6.1.1
Java Agents 5.6.1.0

The following important issues were fixed in this release:

  • AMAGENTS-2416: Resolve conflicts for depentent external libraries

  • AMAGENTS-2648: Space characters in UID aren't encoded

  • AMAGENTS-2666: It is not possible to login when "Invert Not Enforced URIs" property is set

Java Agents 5.6.0

The following important issues were fixed in this release:

  • AMAGENTS-96: RFE: Base conditional login url on a specific request header instead of on the FQDN of the request.

  • AMAGENTS-896: When using local configuration for Agent and setting log level to be message we do not get any output in debug.out

  • AMAGENTS-988: Java Agent 5 should not have a value for com.sun.identity.client.notification.url property in OpenSSOAgentConfiguration.properties

  • AMAGENTS-1035: JASPA initialises data members corresponding to properties it no longer uses.

  • AMAGENTS-1036: com.sun.identity.agents.config.cdsso.enable is ignored for JASPA 5 and should be deleted from OpenSSOAgentConfiguration.properties file

  • AMAGENTS-1578: Java Agent makes error messages when NEU property is empty

  • AMAGENTS-2369: JASPA does not handle token expiry if notifications are disabled, not working, or slow

  • AMAGENTS-2416: resolve conflicts for depentent external libraries

  • AMAGENTS-2431: JASPA: When specifying any agent profile realm, the agent dies on startup

4.2. Limitations

Java Agents 5.6.1.1
  • There are no known limitations in this release.

Java Agents 5.6.1.0
  • There are no known limitations in Java Agents 5.6.1.0, other than those identified in Java Agents 5.6.0.

Java Agents 5.6.0

The following limitations and workarounds apply to Java Agents 5.6.0:

  • CDSSO Domain List Restrictions for WildFly and JBoss

    Cookie support in WildFly and JBoss has been implemented so that only one cookie can be set with a certain name. This prevents setting the same cookie for multiple domains.

    Configuring the CDSSO Doimain List policy agent property with more than one cookie domain may result in redirection loops.

    To work around this issue, perform the following steps:

    1. Navigate to Realms > Realm Name > Applications > Agents > Java > Agent Name > SSO.

    2. Remove all cookie domains from the CDSSO Domain List (com.sun.identity.agents.config.cdsso.domain) property.

    3. Navigate to Realms > Realm Name > Applications > Agents > Java > Agent Name > Global.

    4. Configure any required entries in the Agent Root URL for CDSSO (sunIdentityServerDeviceKeyValue) property.

    The Java agent will set the cookie domain based on the requested resource.

4.3. Known Issues

Java Agents 5.6.1.1
  • There are no known issues in this release.

Java Agents 5.6.1.0
  • There are no known issues in Java Agents 5.6.1.0, other than those identified in Java Agents 5.6.0.

Java Agents 5.6.0
  • AMAGENTS-2585: When uninstalling and reinstalling the Java Agent on windows, we get a message saying "Agent Configuration JVM option ...FAILED"

  • AMAGENTS-2589: The --acceptLicense parameter does not accept license permanently for java agent installer

  • AMAGENTS-2590: The Installer and the Agent Debug Logs should be updated so that the do not refer to Tomcat Agent v 6.0

  • AMAGENTS-2599: Uninstalling Java agent makes fake Failure message

  • AMAGENTS-2616: Java agent installer makes warning messages when JDK 11 is used

Chapter 5. Documentation Updates

The following table tracks changes to the documentation set following the release of Java Agents 5.6:

Documentation Change Log
DateDescription
2019-08-02

Initial release of Java Agents 5.6.1.1.

2019-07-04

Initial release of Java Agents 5.6.1.0.

The following documentation updates were made for this release:

2019-03-29

Initial release of Java Agents 5.6.0.


Appendix A. Getting Support

ForgeRock provides support services, professional services, training through ForgeRock University, and partner services to assist you in setting up and maintaining your deployments. For a general overview of these services, see https://www.forgerock.com.

ForgeRock has staff members around the globe who support our international customers and partners. For details, visit https://www.forgerock.com, or send an email to ForgeRock at info@forgerock.com.

ForgeRock publishes comprehensive documentation online:

  • The ForgeRock Knowledge Base offers a large and increasing number of up-to-date, practical articles that help you deploy and manage ForgeRock software.

    While many articles are visible to community members, ForgeRock customers have access to much more, including advanced information for customers using ForgeRock software in a mission-critical capacity.

  • ForgeRock product documentation, such as this document, aims to be technically accurate and complete with respect to the software documented. It is visible to everyone and covers all product features and examples of how to use them.

Read a different version of :