Web Policy Agents

Requirements

ForgeRock supports customers using the versions specified here. Other versions and alternative environments might work as well. When opening a support ticket for an issue, however, make sure you can also reproduce the problem on a combination covered here.

Special requests

If you have a special request regarding support for a combination not listed here, contact ForgeRock at info@forgerock.com.

AM requirements

  • Web Agent supports AM 6.5 and later.

  • Web Agent requires the WebSocket protocol to communicate with AM. Both the web server and the network infrastructure must support the WebSocket protocol. For example, Apache HTTP server requires the proxy_wstunnel_module for proxying the WebSocket protocol.

    Refer to your network infrastructure and web server documentation for more information about WebSocket support.

  • Web Agent 5 introduced notable changes in the configuration. For example, if you are using custom login pages, you must enable custom login mode (org.forgerock.openam.agents.config.allow.custom.login). For more information about changes introduced in Web Agent 5, refer to the Web Agent 5 Release notes.

OpenSSL requirements

Agents require OpenSSL or the Windows built-in Secure Channel API to secure communications such as the connection to AM through the WebSocket protocol.

From Web Agent 2023.3, OpenSSL 1.1.1 or a later version is required. It is essential to upgrade if you are using an earlier version of OpenSSL.

OpenSSL 1.0.2 or a later version is required for TLSv1.2. If you have to use an earlier, weaker cipher in your environment, configure the org.forgerock.agents.config.tls bootstrap property with a security protocol other than TLSv1.2.

Operating systems OpenSSL versions Agent version

CentOS

Red Hat Enterprise Linux

Oracle Linux

Ubuntu Linux

OpenSSL 3.0.x

2023.9, 2023.6, 2023.3, 5.10

OpenSSL 1.1.1

2023.9, 2023.6, 2023.3, 5.10, 5.9

OpenSSL 1.1.0

5.10, 5.9

OpenSSL 1.0.X

5.10, 5.9

Microsoft Windows Server (1)

OpenSSL 3.0.x

2023.9, 2023.6, 2023.3, 5.10

OpenSSL 1.1.1

2023.9, 2023.6, 2023.3, 5.10, 5.9

OpenSSL 1.1.0

5.10, 5.9

OpenSSL 1.0.X

5.10, 5.9

IBM AIX

OpenSSL 3.0.x

2023.9, 2023.6, 2023.3, 5.10

OpenSSL 1.1.1

2023.9, 2023.6, 2023.3, 5.10, 5.9

OpenSSL 1.1.0

5.10, 5.9

OpenSSL 1.0.X

5.10, 5.9

OpenSSL 0.9.8

5.10, 5.9

(1)On Windows, Web Agent uses the Windows built-in Secure Channel API by default.

Platform requirements

32-bit architectures are not supported.

Supported operating systems and web servers Web Agent 2023.9

Operating systems OS versions Web servers & minimum supported versions

  • CentOS Linux(1)

  • 7(2)

  • Apache HTTP Server 2.4

  • Red Hat JBoss Core Services (Red Hat Enterprise Linux only)

  • IBM HTTP Server 8.5, 9

  • NGINX Plus R25(2), R26(2), R27(2), R28(2), R29, R30

  • Red Hat Enterprise Linux

  • Oracle Linux

  • Amazon Linux 2

  • 7(2)

  • 8

  • 9

  • Ubuntu Linux

  • 18.04 LTS(2)

  • 20.04 LTS

  • 22.04 LTS

  • SUSE Linux Enterprise

  • 15

  • Apache HTTP Server 2.4

  • Microsoft Windows Server

  • 2016, 2019, 2022

  • Apache HTTP Server 2.4(3)

  • Microsoft IIS 10

  • IBM AIX

  • 7

  • IBM HTTP Server 9

(1)For information about which version of CentOS to use with the listed NGINX Plus, refer to the NGINX Plus documentation.
(2)Support to be discontinued in a future release.
(3)The Apache HTTP Server Project does not offer binary releases for Microsoft Windows. The ForgeRock Apache HTTP Server web agent for Windows was tested against the binaries offered by Apache Lounge.

Supported operating systems and web servers Web Agent 2023.6

Operating systems OS versions Web servers & minimum supported versions

  • CentOS(1)

  • 7(2)

  • Apache HTTP Server 2.4

  • IBM HTTP Server 9

  • NGINX Plus R25(2), R26(2), R27(2), R28, R29

  • Red Hat Enterprise Linux

  • Oracle Linux

  • Amazon Linux 2

  • 7(2)

  • 8

  • 9

  • Ubuntu Linux

  • 18.04 LTS(2)

  • 20.04 LTS

  • 22.04 LTS

  • SUSE Linux Enterprise

  • 15

  • Apache HTTP Server 2.4

  • Microsoft Windows Server

  • 2016, 2019, 2022

  • Apache HTTP Server 2.4(3)

  • Microsoft IIS 10

  • IBM AIX

  • 7

  • IBM HTTP Server 9

(1)For information about which version of CentOS to use with the listed NGINX Plus, refer to the Nginx Plus documentation.
(2)Support to be discontinued in a future release.
(3)The Apache HTTP Server Project does not offer binary releases for Microsoft Windows. The ForgeRock Apache HTTP Server web agent for Windows was tested against the binaries offered by Apache Lounge.

Supported operating systems and web servers Web Agent 2023.3

Operating systems OS versions Web servers & minimum supported versions

  • CentOS(1)

  • 7(2)

  • Apache HTTP Server 2.4

  • IBM HTTP Server 9

  • NGINX Plus R25(2), R26, R27, R28

  • Red Hat Enterprise Linux

  • Oracle Linux

  • Amazon Linux 2

  • 7(2)

  • 8

  • 9

  • Ubuntu Linux

  • 18.04 LTS(2)

  • 20.04 LTS

  • 22.04 LTS

  • SUSE Linux Enterprise

  • 15

  • Apache HTTP Server 2.4

  • Microsoft Windows Server

  • 2016, 2019, 2022

  • Apache HTTP Server 2.4(3)

  • Microsoft IIS 10

  • IBM AIX

  • 7

  • IBM HTTP Server 9

(1)For information about which version of CentOS to use with the listed NGINX Plus, refer to the NGINX Plus documentation.
(2)Support to be discontinued in a future release.
(3)The Apache HTTP Server Project does not offer binary releases for Microsoft Windows. The ForgeRock Apache HTTP Server web agent for Windows was tested against the binaries offered by Apache Lounge.

Supported operating systems and web servers Web Agent 5.10

Operating systems OS versions Web servers & minimum supported versions

  • Amazon Linux 2

  • Oracle Linux

  • Red Hat Enterprise Linux

  • 7

  • 8

  • Apache HTTP Server 2.4

  • IBM HTTP Server 9

  • NGINX Plus R23(1), R24(1), R25, R26, R27

  • CentOS

  • 7

  • 8(1)

  • Apache HTTP Server 2.4

  • IBM HTTP Server 9

  • NGINX Plus R23(1), R24(1), R25, R26, R27

  • Ubuntu Linux

  • 18.04 LTS

  • 20.04 LTS

  • Apache HTTP Server 2.4

  • IBM HTTP Server 9

  • NGINX Plus R23(1), R24(1), R25, R26, R27

  • 22.04 LTS

  • Apache HTTP Server 2.4

  • IBM HTTP Server 9

  • IBM AIX

  • 7

  • IBM HTTP Server 9

  • Microsoft Windows Server

  • 2012 R2(1)

  • Apache HTTP Server 2.4(2)

  • Microsoft IIS 8.5

  • 2016, 2019, 2022

  • Apache HTTP Server 2.4,(2)

  • Microsoft IIS 10

(1)Support to be discontinued in a future release.

(2)The Apache HTTP Server Project does not offer binary releases for Microsoft Windows. The ForgeRock Apache HTTP Server web agent for Windows was tested against the binaries offered by Apache Lounge

Supported operating systems and web servers Web Agent 5.9

Operating Systems OS Versions Web Servers & Minimum Supported Versions

  • Amazon Linux 2

  • CentOS

  • Oracle Linux

  • Red Hat Enterprise Linux

  • 7

  • 8

  • Apache HTTP Server 2.4

  • IBM HTTP Server 9

  • NGINX Plus R22(1)

  • NGINX Plus R23, R24, R25

  • Ubuntu Linux

  • 18.04 LTS

  • 20.04 LTS

  • Apache HTTP Server 2.4

  • IBM HTTP Server 9

  • NGINX Plus R22(1)

  • NGINX Plus R23, R24, R25

  • IBM AIX

  • 7

  • IBM HTTP Server 9

  • Microsoft Windows Server

  • 2012 R2(1)

  • Apache HTTP Server 2.4(1)(2)

  • Microsoft IIS 8.5(1)

  • 2016

  • Apache HTTP Server 2.4,(2)

  • Microsoft IIS 10

  • 2019

  • Apache HTTP Server 2.4(2)

  • Microsoft IIS 10

(1)Support to be discontinued in a future release.

(2)The Apache HTTP Server Project does not offer binary releases for Microsoft Windows. The ForgeRock Apache HTTP Server web agent for Windows was tested against the binaries offered by Apache Lounge

Linux Systems requirements

  • Web Agent on Linux supports Glibc 2.17 and later versions, and is compatible with Glibc 2.14 and later versions. For Glibc versions before 2.14, contact ForgeRock Support.

  • Web Agent on Linux requires a minimum of 16 MB of shared memory for the session and policy cache, and the various worker processes. Additionally, it needs 32 KB shared memory for the logging system. Failure to provide enough shared memory may result in errors similar to the following:

    2017-11-10 12:06:00.492 +0000   DEBUG [1:7521][source/shared.c:1451]am_shm_create2() about to create block-clusters_0, size 1074008064
2017-11-10 12:06:00.492 +0000   ERROR [1:7521]am_shm_create2(): ftruncate failed, error: 28

    To configure additional shared memory for the session and policy cache, see Environment variables.

  • If POST data preservation is enabled, the web agent requires additional free disk space in the web agent installation directory to store the POST data cache files.

Microsoft Windows systems requirements

  • Before installing the IIS web agent, make sure that the optional Application Development component of Web Server (IIS) is installed. In the Windows Server 2012 Server Manager for example, Application Development is a component of Web Server (IIS) | Web Server.

  • Web Agent on Windows requires a minimum of 16 MB of shared memory for the session and policy cache, and the various worker processes in the system page file. Additionally, it needs 32 KB shared memory for the logging system. Failure to provide enough shared memory may result in errors similar to the following:

    2017-11-10 12:06:00.492 +0000   DEBUG [1:7521][source/shared.c:1451]am_shm_create2() about to create block-clusters_0, size 1074008064
2017-11-10 12:06:00.492 +0000   ERROR [1:7521]am_shm_create2(): ftruncate failed, error: 28

    To configure additional shared memory for the session and policy cache, see Environment variables.

  • If POST data preservation is enabled, the web agent requires additional free disk space in the web agent installation directory to store the POST data cache files.

Copyright © 2010-2023 ForgeRock, all rights reserved.