Notes covering new features, fixes and known issues for ForgeRock® Access Management Java agents. ForgeRock Access Management provides open source authentication, authorization, entitlement and federation software.


Read these release notes before installing Java Agents 5.6.

The information contained in these release notes cover prerequisites for installation, known issues and improvements to the software, changes and deprecated functionality, and other important information.

About ForgeRock Identity Platform™ Software

ForgeRock Identity Platform™ serves as the basis for our simple and comprehensive Identity and Access Management solution. We help our customers deepen their relationships with their customers, and improve the productivity and connectivity of their employees and partners. For more information about ForgeRock and about the platform, see

Chapter 1. What's New in Java Agents

1.1. New Features

Java Agents 5.6
  • Java Agents 5.6 is a minor release that includes new platform support and bug fixes. There are no new features in this release.

1.2. Major Improvements

Java Agents 5.6
  • There are no major improvements in this release.

Chapter 2. Before You Install

This section covers software and hardware prerequisites for installing and running Java Agents.

ForgeRock supports customers using the versions specified here. Other versions and alternative environments might work as well. When opening a support ticket for an issue, however, make sure you can also reproduce the problem on a combination covered here.

2.1. Platform Requirements

The following table summarizes platform support:

Supported Operating Systems & Web Application Containers
Operating Systems (OS)OS VersionsWeb Application Containers & Minimum Supported Versions
Amazon Linux 2,
Oracle Linux,
Red Hat Enterprise Linux
Apache Tomcat 7.0.79,
Apache Tomcat 8.5,
Apache Tomcat 9.0, [a]
Eclipse Jetty 9, [b]
IBM WebSphere Application Server,
IBM WebSphere Application Server 9.0,
Oracle WebLogic Server 12c (
Red Hat JBoss Enterprise Application Platform 6.3.3, [c]
Red Hat JBoss Enterprise Application Platform 7.1,
Red Hat JBoss Enterprise Application Platform 7.2, [a]
WildFly 13,
WildFly 14,
WildFly 15, [a]
WildFly 16 [a]
Ubuntu Linux
16.04 LTS, [c]
18.04 LTS
6, [c]
IBM WebSphere Application Server,
IBM WebSphere Application Server 9.0
Microsoft Windows Server
2008 R2, [c]
2012, [c]
2012 R2, [c]
Apache Tomcat 7.0.79,
Apache Tomcat 8.5,
Apache Tomcat 9.0 [a]
Oracle Solaris SPARC,
Oracle Solaris x64
Apache Tomcat 7.0.79,
Apache Tomcat 8.5,
Apache Tomcat 9.0, [a]
Oracle WebLogic Server 12c (

[a] Supports JDK 11.

[b] Version 9.4.13 or later is required for JDK 11 support.

[c] Support for this platform will be discontinued in a future release.


Java Agents use the WebSocket protocol to receive notifications from AM. Both the Java container and the network infrastructure must support the WebSocket protocol to receive notifications from AM.

2.2. Access Management Requirements

Java Agents 5.6 do not interoperate with:

  • OpenAM

  • AM versions earlier than 5.5.

2.3. Java Requirements

Java agents run in a Java container, and require a Java Development Kit.

ForgeRock supports customers using the following Java versions. ForgeRock recommends the most recent Java update, with the latest security fixes.

Supported Java Development Kit Versions
Oracle Java8, 11
IBM Java (WebSphere only)8
OpenJDK8, 11

2.4. Supported Clients

The following table summarizes supported clients and their minimum required versions:

Supported Clients
Client Platform Native Apps[a] Chrome 33+ Internet Explorer 9+ [b] Edge 0.1+Firefox 28+Safari 6.2+Mobile Safari
Windows 7 or later   
Mac OS X 10.8 or later     
Ubuntu 12.04 LTS or later      
iOS 7 or later     
Android 4.3 or later      

[a] Native Apps is a placeholder to indicate AM is not just a browser-based technology product. An example of a native app would be something written to use AM's REST APIs, such as the sample OAuth 2.0 Token Demo app.

[b] Internet Explorer 9 is the minimum required for end users. For the administration console, Internet Explorer 11 is required.

2.5. Special Requests

If you have a special request regarding support for a combination not listed here, contact ForgeRock at

Chapter 3. Changes and Deprecated Functionality

This chapter covers both major changes to existing functionality, and also deprecated and removed functionality.

3.1. Important Changes to Existing Functionality

Java Agents 5.6
  • Specify Agent Profile Realm During Installation

    Java Agents 5.6 allow you to specify the realm in which the agent profile exists, making the process easier if you are not using the top-level realm.

    Performing installation using an existing response file that does not specify the realm will assume the top-level realm.

    For more information, see "Installing Java Agents" in the User Guide.

3.2. Deprecated Functionality

Java Agents 5.6
  • There is no deprecated functionality in this release.

3.3. Removed Functionality

Java Agents 5.6
  • No components were removed in this release.

Chapter 4. Fixes, Limitations, and Known Issues

4.1. Key Fixes

Java Agents 5.6

The following important issues were fixed in this release:

  • AMAGENTS-96: RFE: Base conditional login url on a specific request header instead of on the FQDN of the request.

  • AMAGENTS-896: When using local configuration for Agent and setting log level to be message we do not get any output in debug.out

  • AMAGENTS-988: Java Agent 5 should not have a value for com.sun.identity.client.notification.url property in

  • AMAGENTS-1035: JASPA initialises data members corresponding to properties it no longer uses.

  • AMAGENTS-1036: com.sun.identity.agents.config.cdsso.enable is ignored for JASPA 5 and should be deleted from file

  • AMAGENTS-1578: Java Agent makes error messages when NEU property is empty

  • AMAGENTS-2369: JASPA does not handle token expiry if notifications are disabled, not working, or slow

  • AMAGENTS-2416: resolve conflicts for depentent external libraries

  • AMAGENTS-2431: JASPA: When specifying any agent profile realm, the agent dies on startup

4.2. Limitations

The following limitations and workarounds apply to Java Agents 5.6:

  • CDSSO Domain List Restrictions for WildFly and JBoss

    Cookie support in WildFly and JBoss has been implemented so that only one cookie can be set with a certain name. This prevents setting the same cookie for multiple domains.

    Configuring the CDSSO Doimain List policy agent property with more than one cookie domain may result in redirection loops.

    To work around this issue, perform the following steps:

    1. Navigate to Realms > Realm Name > Applications > Agents > Java > Agent Name > SSO.

    2. Remove all cookie domains from the CDSSO Domain List (com.sun.identity.agents.config.cdsso.domain) property.

    3. Navigate to Realms > Realm Name > Applications > Agents > Java > Agent Name > Global.

    4. Configure any required entries in the Agent Root URL for CDSSO (sunIdentityServerDeviceKeyValue) property.

    The Java agent will set the cookie domain based on the requested resource.

4.3. Known Issues

Java Agents 5.6
  • AMAGENTS-2585: When uninstalling and reinstalling the Java Agent on windows, we get a message saying "Agent Configuration JVM option ...FAILED"

  • AMAGENTS-2589: The --acceptLicense parameter does not accept license permanently for java agent installer

  • AMAGENTS-2590: The Installer and the Agent Debug Logs should be updated so that the do not refer to Tomcat Agent v 6.0

  • AMAGENTS-2599: Uninstalling Java agent makes fake Failure message

  • AMAGENTS-2616: Java agent installer makes warning messages when JDK 11 is used

Chapter 5. Documentation Updates

The following table tracks changes to the documentation set following the release of Java Agents 5.6:

Documentation Change Log

Initial release of Java Agents 5.6

Appendix A. Getting Support

For more information or resources about AM and ForgeRock Support, see the following sections:

A.1. Accessing Documentation Online

ForgeRock publishes comprehensive documentation online:

  • The ForgeRock Knowledge Base offers a large and increasing number of up-to-date, practical articles that help you deploy and manage ForgeRock software.

    While many articles are visible to community members, ForgeRock customers have access to much more, including advanced information for customers using ForgeRock software in a mission-critical capacity.

  • ForgeRock product documentation, such as this document, aims to be technically accurate and complete with respect to the software documented. It is visible to everyone and covers all product features and examples of how to use them.

A.2. Using the Site

The site has links to source code for ForgeRock open source software, as well as links to the ForgeRock forums and technical blogs.

If you are a ForgeRock customer, raise a support ticket instead of using the forums. ForgeRock support professionals will get in touch to help you.

A.3. Getting Support and Contacting ForgeRock

ForgeRock provides support services, professional services, training through ForgeRock University, and partner services to assist you in setting up and maintaining your deployments. For a general overview of these services, see

ForgeRock has staff members around the globe who support our international customers and partners. For details, visit, or send an email to ForgeRock at

Read a different version of :