Notes covering new features, fixes and known issues for ForgeRock® Access Management Java agents. ForgeRock Access Management provides open source authentication, authorization, entitlement and federation software.
Read these release notes before installing Java Agents 5.6.
The information contained in these release notes cover prerequisites for installation, known issues and improvements to the software, changes and deprecated functionality, and other important information.
About ForgeRock Identity Platform™ Software
ForgeRock Identity Platform™ serves as the basis for our simple and comprehensive Identity and Access Management solution. We help our customers deepen their relationships with their customers, and improve the productivity and connectivity of their employees and partners. For more information about ForgeRock and about the platform, see https://www.forgerock.com.
Chapter 1. What's New in Java Agents
1.1. New Features
Java Agents 5.6 is a minor release that includes new platform support and bug fixes. There are no new features in this release.
1.2. Major Improvements
There are no major improvements in this release.
Chapter 2. Before You Install
This section covers software and hardware prerequisites for installing and running Java Agents.
ForgeRock supports customers using the versions specified here. Other versions and alternative environments might work as well. When opening a support ticket for an issue, however, make sure you can also reproduce the problem on a combination covered here.
2.1. Platform Requirements
The following table summarizes platform support:
|Operating Systems (OS)||OS Versions||Web Application Containers & Minimum Supported Versions|
[a] Supports JDK 11.
[b] Version 9.4.13 or later is required for JDK 11 support.
[c] Support for this platform will be discontinued in a future release.
Java Agents use the WebSocket protocol to receive notifications from AM. Both the Java container and the network infrastructure must support the WebSocket protocol to receive notifications from AM.
2.2. Access Management Requirements
Java Agents 5.6 do not interoperate with:
AM versions earlier than 5.5.
2.3. Java Requirements
Java agents run in a Java container, and require a Java Development Kit.
ForgeRock supports customers using the following Java versions. ForgeRock recommends the most recent Java update, with the latest security fixes.
|Oracle Java||8, 11|
|IBM Java (WebSphere only)||8|
2.4. Supported Clients
The following table summarizes supported clients and their minimum required versions:
|Client Platform||Native Apps[a]||Chrome 33+||Internet Explorer 9+ [b]||Edge 0.1+||Firefox 28+||Safari 6.2+||Mobile Safari|
|Windows 7 or later|
|Mac OS X 10.8 or later|
|Ubuntu 12.04 LTS or later|
|iOS 7 or later|
|Android 4.3 or later|
[a] Native Apps is a placeholder to indicate AM is not just a browser-based technology product. An example of a native app would be something written to use AM's REST APIs, such as the sample OAuth 2.0 Token Demo app.
[b] Internet Explorer 9 is the minimum required for end users. For the administration console, Internet Explorer 11 is required.
2.5. Special Requests
If you have a special request regarding support for a combination not listed here, contact ForgeRock at email@example.com.
Chapter 3. Changes and Deprecated Functionality
This chapter covers both major changes to existing functionality, and also deprecated and removed functionality.
3.1. Important Changes to Existing Functionality
Specify Agent Profile Realm During Installation
Java Agents 5.6 allow you to specify the realm in which the agent profile exists, making the process easier if you are not using the top-level realm.
Performing installation using an existing response file that does not specify the realm will assume the top-level realm.
For more information, see "Installing Java Agents" in the User Guide.
3.2. Deprecated Functionality
There is no deprecated functionality in this release.
3.3. Removed Functionality
No components were removed in this release.
Chapter 4. Fixes, Limitations, and Known Issues
4.1. Key Fixes
The following important issues were fixed in this release:
AMAGENTS-96: RFE: Base conditional login url on a specific request header instead of on the FQDN of the request.
AMAGENTS-896: When using local configuration for Agent and setting log level to be message we do not get any output in debug.out
AMAGENTS-988: Java Agent 5 should not have a value for com.sun.identity.client.notification.url property in OpenSSOAgentConfiguration.properties
AMAGENTS-1035: JASPA initialises data members corresponding to properties it no longer uses.
AMAGENTS-1036: com.sun.identity.agents.config.cdsso.enable is ignored for JASPA 5 and should be deleted from OpenSSOAgentConfiguration.properties file
AMAGENTS-1578: Java Agent makes error messages when NEU property is empty
AMAGENTS-2369: JASPA does not handle token expiry if notifications are disabled, not working, or slow
AMAGENTS-2416: resolve conflicts for depentent external libraries
AMAGENTS-2431: JASPA: When specifying any agent profile realm, the agent dies on startup
The following limitations and workarounds apply to Java Agents 5.6:
CDSSO Domain List Restrictions for WildFly and JBoss
Cookie support in WildFly and JBoss has been implemented so that only one cookie can be set with a certain name. This prevents setting the same cookie for multiple domains.
Configuring the CDSSO Doimain List policy agent property with more than one cookie domain may result in redirection loops.
To work around this issue, perform the following steps:
Navigate to Realms > Realm Name > Applications > Agents > Java > Agent Name > SSO.
Remove all cookie domains from the CDSSO Domain List (
Navigate to Realms > Realm Name > Applications > Agents > Java > Agent Name > Global.
Configure any required entries in the Agent Root URL for CDSSO (
The Java agent will set the cookie domain based on the requested resource.
4.3. Known Issues
AMAGENTS-2585: When uninstalling and reinstalling the Java Agent on windows, we get a message saying "Agent Configuration JVM option ...FAILED"
AMAGENTS-2589: The --acceptLicense parameter does not accept license permanently for java agent installer
AMAGENTS-2590: The Installer and the Agent Debug Logs should be updated so that the do not refer to Tomcat Agent v 6.0
AMAGENTS-2599: Uninstalling Java agent makes fake Failure message
AMAGENTS-2616: Java agent installer makes warning messages when JDK 11 is used
Chapter 5. Documentation Updates
The following table tracks changes to the documentation set following the release of Java Agents 5.6:
Initial release of Java Agents 5.6
Appendix A. Getting Support
For more information or resources about AM and ForgeRock Support, see the following sections:
A.1. Accessing Documentation Online
ForgeRock publishes comprehensive documentation online:
The ForgeRock Knowledge Base offers a large and increasing number of up-to-date, practical articles that help you deploy and manage ForgeRock software.
While many articles are visible to community members, ForgeRock customers have access to much more, including advanced information for customers using ForgeRock software in a mission-critical capacity.
ForgeRock product documentation, such as this document, aims to be technically accurate and complete with respect to the software documented. It is visible to everyone and covers all product features and examples of how to use them.
A.2. Using the ForgeRock.org Site
The ForgeRock.org site has links to source code for ForgeRock open source software, as well as links to the ForgeRock forums and technical blogs.
If you are a ForgeRock customer, raise a support ticket instead of using the forums. ForgeRock support professionals will get in touch to help you.
A.3. Getting Support and Contacting ForgeRock
ForgeRock provides support services, professional services, training through ForgeRock University, and partner services to assist you in setting up and maintaining your deployments. For a general overview of these services, see https://www.forgerock.com.