Web Policy Agents 5.9.1

Requirements

ForgeRock supports customers using the versions specified here. Other versions and alternative environments might work as well. When opening a support ticket for an issue, however, make sure you can also reproduce the problem on a combination covered here.

Supported Operating Systems and Web Servers

Operating Systems OS Versions Web Servers & Minimum Supported Versions
  • Amazon Linux 2

  • CentOS

  • Oracle Linux

  • Red Hat Enterprise Linux

  • 7

  • 8

  • Apache HTTP Server 2.4

  • IBM HTTP Server 9

  • NGINX Plus R22(1)

  • NGINX Plus R23, R24, R25

  • Ubuntu Linux

  • 18.04 LTS

  • 20.04 LTS

  • Apache HTTP Server 2.4

  • IBM HTTP Server 9

  • NGINX Plus R22(1)

  • NGINX Plus R23, R24, R25

  • IBM AIX

  • 7

  • IBM HTTP Server 9

  • Microsoft Windows Server

  • 2012 R2(1)

  • Apache HTTP Server 2.4(1)(2)

  • Microsoft IIS 8.5(1)

  • 2016

  • Apache HTTP Server 2.4,(2)

  • Microsoft IIS 10

  • 2019

  • Apache HTTP Server 2.4(2)

  • Microsoft IIS 10

(1)Support to be discontinued in a future release.

(2)The Apache HTTP Server Project does not offer binary releases for Microsoft Windows. The ForgeRock Apache HTTP Server web agent for Windows was tested against the binaries offered by Apache Lounge

32-bit architectures are not supported.

AM Requirements

  • Web Agent 5.9.1 supports AM 6 and later.

  • Web Agent 5.9.1 requires the WebSocket protocol to communicate with AM. Both the web server and the network infrastructure must support the WebSocket protocol. For example, Apache HTTP server requires the proxy_wstunnel_module for proxying the WebSocket protocol.

    Refer to your network infrastructure and web server documentation for more information about WebSocket support.

  • If you are upgrading from a version earlier than 5, Web Agent 5 introduced notable changes in the configuration. For example, if you are using custom login pages, you must enable the org.forgerock.openam.agents.config.allow.custom.login property. For more information about changes introduced in Web Agent 5, refer to the Web Agent 5 Release Notes.

OpenSSL Requirements

Agents require OpenSSL or the Windows built-in Secure Channel API to be present. These libraries help to secure communications, for example, when connecting to AM using the WebSocket protocol.

Operating Systems OpenSSL Versions
  • CentOS

  • Red Hat Enterprise Linux

  • Oracle Linux

  • Ubuntu Linux

  • OpenSSL 1.0.x

  • OpenSSL 1.1.0

  • OpenSSL 1.1.1

  • Microsoft Windows Server

  • OpenSSL 1.0.x

  • OpenSSL 1.1.0

  • OpenSSL 1.1.1(1)

  • IBM AIX

  • OpenSSL 0.9.8

  • OpenSSL 1.0.x

  • OpenSSL 1.1.0

  • OpenSSL 1.1.1

(1)On Windows, Web Agent uses the Windows built-in Secure Channel API by default.

  • OpenSSL 1.0.2 or later is required to support TLSv1.2. If you have to use an earlier, weaker cipher in your environment, configure the org.forgerock.agents.config.tls bootstrap property with a security protocol other than TLSv1.2.

  • OpenSSL 1.1.1 or later is required to support TLSv1.3.

Other Requirements

Before installing Web Agent on your platform, make sure that the system meets the following requirements:

Linux Systems
  • Web Agent on Linux supports Glibc 2.17 and later versions, and is compatible with Glibc 2.14 and later versions. For Glibc versions before 2.14, contact ForgeRock Support.

  • Web Agent on Linux requires a minimum of 16 MB of shared memory for the session and policy cache, and the various worker processes. Additionally, it needs 32 KB shared memory for the logging system. Failure to provide enough shared memory may result in errors similar to the following:

    2017-11-10 12:06:00.492 +0000   DEBUG [1:7521][source/shared.c:1451]am_shm_create2() about to create block-clusters_0, size 1074008064
    2017-11-10 12:06:00.492 +0000   ERROR [1:7521]am_shm_create2(): ftruncate failed, error: 28

    To configure additional shared memory for the session and policy cache, see Environment Variables.

  • If POST data preservation is enabled, the web agent requires additional free disk space in the web agent installation directory to store the POST data cache files.

Microsoft Windows Systems
  • Before installing the IIS web agent, make sure that the optional Application Development component of Web Server (IIS) is installed. In the Windows Server 2012 Server Manager for example, Application Development is a component of Web Server (IIS) | Web Server.

  • Web Agent on Windows requires a minimum of 16 MB of shared memory for the session and policy cache, and the various worker processes in the system page file. Additionally, it needs 32 KB shared memory for the logging system. Failure to provide enough shared memory may result in errors similar to the following:

    2017-11-10 12:06:00.492 +0000   DEBUG [1:7521][source/shared.c:1451]am_shm_create2() about to create block-clusters_0, size 1074008064
    2017-11-10 12:06:00.492 +0000   ERROR [1:7521]am_shm_create2(): ftruncate failed, error: 28

    To configure additional shared memory for the session and policy cache, see Environment Variables.

  • If POST data preservation is enabled, the web agent requires additional free disk space in the web agent installation directory to store the POST data cache files.

Special Requests

If you need support for a combination not listed here, contact ForgeRock at info@forgerock.com.

Copyright © 2010-2023 ForgeRock, all rights reserved.