Notes covering OpenIDM software requirements, fixes, known issues. The OpenIDM project offers flexible, open source services for automating management of the identity life cycle.

Chapter 1. What's New in OpenIDM 3.1

OpenIDM 3.1 provides many new features and product enhancements. The following list describes the main new features affecting an end user.

Administration User Interface

The new web-based Admin UI enables you to configure connectors, customize managed objects, set up attribute mappings between resources, configure reconciliation and synchronization rules, and more. For more information, see Section 4.1, "Configuring OpenIDM from the Admin UI" in the Integrator's Guide.

Addition of an aggregated view to the User View UI

The User View UI now includes a read-only view of the user account in each of the external resources to which it is linked. For more information, see Procedure 4.6, "To View a User's Account in External Resources" in the Integrator's Guide.

Reconciliation Performance Improvements

To improve reconciliation query performance on slower systems, you can now preload the entire result set into memory on the source or target system, or on both systems. For more information, see Section 12.5.1, "Improving Reconciliation Query Performance" in the Integrator's Guide.

Updated Connectors, New Connectors and Samples

Several of the connectors bundled with OpenIDM have been updated. For details of the latest versions, see Section 11.5, "Connectors Supported With OpenIDM 3.1" in the Integrator's Guide.

OpenIDM Enterprise bundles two new connectors, and corresponding sample configurations - a Google Apps Connector and a Salesforce connector. For more information, see Section 3.19, "Sample - Connecting to Salesforce With the Salesforce Connector" in the Installation Guide and Section 3.18, "Sample - Connecting to Google With the Google Apps Connector" in the Installation Guide.

Support for PostgreSQL

OpenIDM 3.1 supports PostgreSQL, 9.3 or higher, as an internal repository. For information on configuring OpenIDM with a PostgreSQL repository, see Section 4.4, "To Set Up OpenIDM With PostgreSQL" in the Installation Guide.

Improvements to the Audit Facility
  • Audit logs for synchronization operations

    The reconciliation audit facility has been extended to LiveSync and implicit sync operations. For more information, see Section 12.9, "Querying the Synchronization Audit Log" in the Integrator's Guide.

  • Ability to purge audit logs

    OpenIDM 3.1 provides the ability to purge audit logs at a scheduled interval, or when the logs reach a certain size. For more information, see Section 18.6, "Purging Obsolete Audit Information" in the Integrator's Guide.

  • Ability to filter audit logs

    The audit facility provides a new mechanism that enables you to filter audit data, thereby reducing the volume of data that is logged. For more information, see Section 18.5, "Filtering Data for Audits" in the Integrator's Guide.

For installation instructions and several samples to familiarize you with the OpenIDM features, see Chapter 1, "Installing OpenIDM Services" in the Installation Guide.

For an architectural overview and high-level presentation of OpenIDM, see Chapter 1, "Architectural Overview" in the Integrator's Guide.

1.1. Security Advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly. ForgeRock's security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base library.

Chapter 2. Before You Install OpenIDM Software

This chapter covers prerequisites for installing and running OpenIDM software.

For OpenIDM 3.1, the following configurations are supported for use in production.


The following JDBC repositories are supported for use in production:

  • MySQL 5.1 or 5.5 with Connector/J 5.1.18 or later

  • Microsoft SQL Server 2008

  • Oracle Database 11g

  • PostgreSQL 9.3 or higher

OrientDB is provided for evaluation only.

Stand-alone installation

You must install OpenIDM as a stand-alone service, using Apache Felix and Jetty, as provided. Alternate containers are not supported.

OpenIDM 3.1 bundles Jetty version 8.1.9.v20130131.


OpenIDM 3.1 comes packaged with these OpenICF connectors:

  • CSV File Connector

  • Database Table Connector

  • Generic LDAP Connector

  • XML File Connector

  • Groovy Connector Toolkit

    This toolkit enables you to create scripted connectors to virtually any resource

A corresponding PowerShell Connector Toolkit is available for download from ForgeRock Backstage, and enables you to create scripted connectors to address the requirements of your Microsoft Windows ecosystem.

The following connectors are available only with the OpenIDM Enterprise release:

  • Google Apps Connector

  • Salesforce Connector

ForgeRock provides additional connectors, as listed on the OpenICF project connectors site.

When using the LDAP connector to provision to Active Directory, OpenIDM 3.1 supports Active Directory Domain Controllers and Active Directory Global Catalogues. This release also provides support for Active Directory Lightweight Directory Services (LDS).

OpenIDM 3.1 also provides support for Windows 2012 R2 as the remote system for connectors and password synchronization plugins.


ForgeRock has tested many browsers with the OpenIDM UI, including the following browsers.

  • Chrome and Chromium, latest stable version

  • Firefox, latest stable version

  • Safari, latest stable version

  • Internet Explorer 9 and later

Operating Systems

OpenIDM 3.1 is supported on CentOS Linux 6.5 and on Windows 2008 R2 and Windows 2012 R2. It has been tested on most variations of Linux.

If you have a special request to support a component or combination not listed here, contact ForgeRock at

OpenIDM requires Java SE JDK 6 update 24 or later. When using the Oracle JDK, you also need Java Cryptography Extension (JCE) policy files.

On Windows systems, use Java SE JDK 7 update 6 or later, to take advantage of a recent JVM fix relating to non-blocking sockets with the default Jetty configuration.

OpenIDM 3.1 also supports OpenJDK 1.7.

You need 150 MB disk space and 1 GB memory for an evaluation installation. For a production installation, disk space and memory requirements will depend on the size of the repository, and on size of the audit and service log files that OpenIDM writes.

Chapter 3. OpenIDM Fixes, Limitations, & Known Issues

OpenIDM issues are tracked at

3.1. Fixes and Improvements

OpenIDM 3.1 includes the following major fixes and improvements.

  • OPENIDM-2611: review queries using QueryFilter with explicit tables in Oracle referring to CLOB field

  • OPENIDM-2610: QueryFilter used with explicitTables not working with Oracle or MS SQL Server

  • OPENIDM-2605: Missing queries from Oracle repo.jdbc.json

  • OPENIDM-2589: provisioner files in sample2x do not have enableFilteredResultsHandler set to false

  • OPENIDM-2549: unexpected results for queryFilters on integer properties when using JDBC repo

  • OPENIDM-2547: Base64 encoded attributes are not properly decoded to byte[]

  • OPENIDM-2538: Unable to login after changing the Session timeout setting via the UI

  • OPENIDM-2531: QueryFilter-generated SQL for OrientDB for sw "" is incorrect

  • OPENIDM-2529: searchBases in powershell2AD sample are not aligned among the scripts

  • OPENIDM-2526: Repo README.txt files need to be updated

  • OPENIDM-2525: QueryFilter-generated SQL for OrientDB does not parse

  • OPENIDM-2500: properties set as encrypted in managed.json written in plain text in activity audit when new and old values are the same

  • OPENIDM-2497: Query queryId=audit-by-recon-id not working on MS-SQL

  • OPENIDM-2489: Task scanner does not work using MS-SQL repository

  • OPENIDM-2485: Country Empty, but State is filled in

  • OPENIDM-2484: Multiple provisioner instances created for the same name

  • OPENIDM-2481: PostgreSQL query using wrong value


  • OPENIDM-2456: Workflow Sample not working with MS-SQL as repo

  • OPENIDM-2446: The exception attribute in the audit sync entries is not being pre-formatted before the entry is created.

  • OPENIDM-2437: TaskScannerContext should store the ScriptEntry

  • OPENIDM-2429: disabled connectors returned from system?action=test need to return connectorRef details

  • OPENIDM-2425: Query with queryFilter on managed users fails when using MS-SQL as repo

  • OPENIDM-2424: The __ALL__ object class should use a default object class endpoint if it is not defined in the provisioner config.

  • OPENIDM-2421: Consider making the ObjectType properties value in provisioner configs not required or allow it to be empty.

  • OPENIDM-2406: Update UID and DN of an ldap entry returns status 500 and Internal Server Error

  • OPENIDM-2394: Cannot REST query with a single quote in parameter value

  • OPENIDM-2386: Service creation scripts hard-code memory options to 1024m

  • OPENIDM-2385: queryFilter support for _id fields

  • OPENIDM-2381: condition on route config entries are ignored

  • OPENIDM-2375: obsolete router.json file in samples/misc and openidm-api-servlet/src/tests

  • OPENIDM-2364: update main samples README with last additions/modifications

  • OPENIDM-2355: Update linkedView to use queryFilter

  • OPENIDM-2344: OpenAM sample UI is not working

  • OPENIDM-2330: system?action=test disabled connectors need to return with the same details as an broken/active connector.

  • OPENIDM-2324: ScriptedRest connector 1.4 sample scripts exceptions are not properly thrown

  • OPENIDM-2323: ScriptedRest connector 1.4 - GET_LATEST_SYNC_TOKEN throws exception - /changelog doesn't support paged search

  • OPENIDM-2321: external/rest calls to SSL endpoints result in jetty exception

  • OPENIDM-2315: linkedView throws null exception when there is no sync defined

  • OPENIDM-2314: Script launched from router.json by onResponse hook is unable to update response data

  • OPENIDM-2312: SmartEvent framework maintains a unbounded event name cache which consumes the entire heap

  • OPENIDM-2288: Single Quote character in managed object causes OrientDB error

  • OPENIDM-2283: A node in a cluster doesn't currently listen for configuration changes

  • OPENIDM-2269: unable to use a ScriptTaskListener

  • OPENIDM-2240: Recon with situation MISSING and action CREATE behave differently in MySQL and PostgreSQL

  • OPENIDM-2238: Sync Audit Log record storage in PostgreSQL fails with error 'column "rev" of relation "auditsync" does not exist'

  • OPENIDM-2237: Create default connector configuration for Scripted SQL connector version raises a 500 error

  • OPENIDM-2233: ScriptedSQL sample3 - liveSync doesn't work

  • OPENIDM-2224: Enhance recon service to return a result indicating the status of the request reconciliation run

  • OPENIDM-2223: Update of connector info provider causes all remote connectors unavailable.

  • OPENIDM-2203: Pagination on managed users not working with PostgreSQL as repo

  • OPENIDM-2202: TaskScanner not working with PostgreSQL as repo

  • OPENIDM-2201: In Recon Summary the situation FOUND_ALREADY_LINKED is missing

  • OPENIDM-2200: Failure on writing sync audit log when action is exception with MySQL as repo

  • OPENIDM-2190: With PostgreSQL as repo, creating same user twice gets a 500 instead of 412

  • OPENIDM-2189: With PostgreSQL as repo, DELETE on managed user is not working

  • OPENIDM-2184: NPE thrown from within ObjectMapping$SyncOperation.isValidSource() during reconciliation.

  • OPENIDM-2180: Repo command action should be disallowed via HTTP

  • OPENIDM-2179: Sample 6 : The sample LDIF file provided is not valid

  • OPENIDM-2165: sourceCondition must work with maps

  • OPENIDM-2154: Use effectiveRoles of managed user instead of roles attribute in UI workflow scripts

  • OPENIDM-2153: Column name mismatch for notification tables when using SQLServer repository

  • OPENIDM-2134: only the last role was applied when multiple replaceTarget roles with the same property name were assigned to a user

  • OPENIDM-2127: Switching existing schedule from persisted=false to persisted=true results in duplicate scheduled jobs.

  • OPENIDM-2116: mergeWithTarget and replaceTarget on role definition fails if using Dynamic Assignment

  • OPENIDM-2106: Audit filter assumes action is a RequestType and improperly filters recon entries

  • OPENIDM-2089: Remove the need to store certificates in the default java keystore when doing ssl over jdbc.

  • OPENIDM-2087: Enabled:false needs to not return an error state for provisioners

  • OPENIDM-2079: Cannot PATCH managed user when ID contains special characters.

  • OPENIDM-2078: PermGen leak in "source" scripts

  • OPENIDM-2074: When the workflow module is disabled, shutdown errors are displayed on the console

  • OPENIDM-2067: For an MS SQL repository, queries in the repo config file containing concatenation functions do not work

  • OPENIDM-2062: openidm/system/NAME?_action=createFullConfig does not properly handle encrypted values causing the tests to fail.

  • OPENIDM-2061: Recon Fails to create users from AD "REV" : invalid identifier [Oracle]

  • OPENIDM-2058: Issues on status code and response content for REST API of Configuration with put and delete

  • OPENIDM-2057: Issues on status code and response content for REST API of System with post, and delete

  • OPENIDM-2056: Recon audit log entry formatting has issues (missing entries and extra entries)

  • OPENIDM-2055: Issues on status code and response content for REST API of Scheduler with query, put, and delete

  • OPENIDM-2046: Failed to start user onboarding workflow in usercase2 when external repo(MSSQL) was used.

  • OPENIDM-2021: If a query is made on an attribute that is not part of the object schema, OpenIDM returns an inaccurate message

  • OPENIDM-2002: Failed to Decrypt Jwt errors (badPaddingException)

  • OPENIDM-1990: OpenIDM ignoring min/max pool sizes in orient repo config

  • OPENIDM-1988: Scripted SQL 1.4 unable to find jdbc driver

  • OPENIDM-1959: cli.bat fails to export configuration when we give an absolute path in argument on Windows

  • OPENIDM-1954: Enabling the OrientDB Studio UI doesn't take effect until the second restart of OpenIDM

  • OPENIDM-1949: Update managed user with patch by query in POST should return modified object instead of null

  • OPENIDM-1946: Working location flag (-w) not working as documented

  • OPENIDM-1935: The ICF 1.4's RetryableException is wrapped incorrectly by IDM.

  • OPENIDM-1889: UI failed to recover from password changing failure

  • OPENIDM-1866: Delete of workflow definitions and instances via REST should return the deleted object

  • OPENIDM-1784: OpenIDM doesn't throw error on startup for provisioner's incorrect connectorRef

  • OPENIDM-1756: Cancelling "completed" taskscanner task sets its state to "cancelled" whereas it should have no effect

  • OPENIDM-1658: Hard-coded reference to database schema and table name in jdbc config files

  • OPENIDM-1560: when starting OpenIDM with -p option file is not taken in project location

  • OPENIDM-1409: The query-all and get-users-of-direct-role queries are not consistent across different repos

  • OPENIDM-1365: Recon Audit Log Entries Should Contain "messageDetails" for ScriptExceptions During Reconciliation

  • OPENIDM-1354: Recon Log Entries Missing "messageDetail" From Errors During Recon

  • OPENIDM-1337: Recon.csv and recon detail over REST are not aligned.

  • OPENIDM-1252: Unable to perform search queries with AND or OR operators in where clause for ScriptedSQL.

  • OPENIDM-1101: Inform administrator when property specified in sync.json as a target is missing from provisioner conf

  • OPENIDM-746: CLI.SH command "validate" does not detect an extra bracket that makes a JSON file not valid

  • OPENIDM-469: The ObjectMapping can change the _id and then the OpenIDM can not find the original target object any more

3.2. Limitations

OpenIDM 3.1 has the following known limitations:

  • When you add or edit a connector through the Admin UI, the list of required Base Connector Details is not necessarily accurate for your deployment. Some of these details might be required for specific deployment scenarios only. If you need a connector configuration where not all the Base Connector Details are required, you need to create your connector configuration file over REST (see Section 11.6, "Creating Default Connector Configurations" in the Integrator's Guide) or edit the connector configuration file (conf/provisioner.openicf-connector-type.json) directly.

  • For OracleDB repositories, queries that use the queryFilter syntax do not work on CLOB columns in explicit tables.

  • A conditional GET request, with the If-Match request header, is not currently supported.

  • OpenIDM provides an embedded workflow and business process engine based on Activiti and the Business Process Model and Notation (BPMN) 2.0 standard. As an embedded system, local integration is supported. Remote integration is not currently supported.

  • The OpenIDM implementation of roles does not enforce referential integrity. In other words, you can set up users with a hypothetical role x, before you create that referential role x. Conversely, if you delete an existing referential role y, users with that role will retain that role.

    When dynamically assigned roles are added, OpenIDM does not set up provisioning for previously existing users. Any updates to dynamically assigned roles will not update users assigned with those roles.

3.3. Known Issues

OpenIDM 3.1 has the following known issues.

  • OPENIDM-2637: OpenID Connect Auth Module is shown in the Admin UI, but is not supported

  • OPENIDM-2627: Connectors with an underscore in the ID cannot be edited via Admin UI

  • OPENIDM-2626: On IE11 update of a users profile throws Unknown error

  • OPENIDM-2622: For JDBC repos, accessing the audit log over REST shows incorrect "userid" and "roles" attribute values

  • OPENIDM-2621: Attempting to read a non-existent audit record over REST raises an exception in the console

  • OPENIDM-2612: queryFilter command in sample3 fails with status 500

  • OPENIDM-2607: Validating the connector configuration from the UI fails for Sample 3

  • OPENIDM-2604: For the ScriptedCREST sample, the connection to OpenDJ occasionally times out

  • OPENIDM-2593: RuntimeException using OSGI Service for datasource

  • OPENIDM-2590: Missing records in LDAP cause Data Association Management grid to fail

  • OPENIDM-2580: Workflow can not be started by key by a non-admin user

  • OPENIDM-2569: When OpenIDM is started with a provisioner.openicf.connectorinfoprovider.json file, the required bundle is not loaded correctly

    Workaround : Add a space or a line to the provisioner.openicf.connectorinfoprovider.json file, which reloads the associated bundle.

  • OPENIDM-2568: Reconcile Duration counter remains at 0:00 until reconciliation is complete

  • OPENIDM-2560: Required script file fields for Scripted Groovy Connector configuration preventing validation

  • OPENIDM-2502: Instructions associated with RC init creation script are incomplete

  • OPENIDM-2496: When SSL is enabled on LDAP connector with right CA certificate, validation failed on UI

  • OPENIDM-2460: JAVA_TYPE_DATE nativeType not supported

  • OPENIDM-2454: REST errors (4xx and 5xx) interfere with CORS response headers

  • OPENIDM-2349: Implement openidm.xx() method resolution running in the remote Activiti engine

  • OPENIDM-2348: Implement external webapp for the remote Activiti server

  • OPENIDM-2347: Implement OpenIDM -> external resource communication

  • OPENIDM-2265: Got "ORA-01843: not a valid month" while trying to liveSync from Oracle database

  • OPENIDM-2260: Inconsistencies in encoding/decoding the IDs used of managed users

  • OPENIDM-2244: AD PW Sync Setup script wizard fails when browsing for a PKCS12 format certificate file

  • OPENIDM-2141: When creating a provisioner with CREST no errors are thrown when a provisioner already exists

  • OPENIDM-2107: Deleting managed/user via REST or UI leaves links records behind

  • OPENIDM-2034: Support arbitrary [commons] auth modules via className

  • OPENIDM-2028: The .NET Connector Server Exception displays an incorrect connector error

  • OPENIDM-2016: sync on unsupported object class with remote java connector returns 500 instead of 400

  • OPENIDM-2005: OpenICF query filter does not support literal expressions

  • OPENIDM-2004: NPE in OpenICF Provisioner query w/o filter

  • OPENIDM-1991: IDM blocked accessing Orientdb ReadWriteDiskCache

  • OPENIDM-1981: Importing all config files with CLI configimport fails with Java 8

  • OPENIDM-1948: Creating managed user with PUT on managed/user// endpoint is accepted whereas it should be refused

  • OPENIDM-1941: "pattern" property in access.js rules does not work when used on system endpoints

  • OPENIDM-1907: Recon failures as a result of policy violations do not indicate the cause of the violation in the recon audit log.

  • OPENIDM-1898: Representation of request-object differs between code and json-representation

  • OPENIDM-1860: Null pointer exception when setting target attribute during onUnlink

  • OPENIDM-1823: getScriptBindings function of ServiceScript ( slows down extremely when accessed paralell from multiple threads

  • OPENIDM-1742: Launching a recon by ID on a non-existent ID is not handled correctly

  • OPENIDM-1664: Memory usage of AD connector continue to increase.

  • OPENIDM-1654: No sync/ service is registered if a sync.json file is not present in the configuration

  • OPENIDM-1632: is not properly defined

  • OPENIDM-1619: OperationOptions specified within the provisioner configuration are not passed to connectors by OpenIDM

  • OPENIDM-1600: Cluster with Oracle DB backend

  • OPENIDM-1564: __NAME__ attribute incorrectly required as part of object definition for a create action

  • OPENIDM-1562: Route to endpoint service not found if there is a resourcename after the name of the endpoint

  • OPENIDM-1530: OpenIDM self-signed certificates in keystore and truststore does not match

  • OPENIDM-1504: OpenICFProvisionerService handle method performs logger.isDebugEnabled() checks but logs at the error level

  • OPENIDM-1501: sync?_action=performAction with an action=DELETE results in a delete on the source rather than the target

  • OPENIDM-1488: XDate locales could not be initialized correctly

  • OPENIDM-1465: cannot access Remote Activiti engine - http://localhost:9090/openidm-workflow-remote-2.1.0-SNAPSHOT/, because of 500 - Internal server error

  • OPENIDM-1452: Incorrect bundleVersion in provisioner config yields confusing error

  • OPENIDM-1445: Provisioner service does not decrypt encrypted attributes before passing them to OpenICF framework

  • OPENIDM-1430: OpenIDM needs a restart after importing a new cert via REST API

  • OPENIDM-1269: some issues with Case Sensitivity options for Sync

  • OPENIDM-1219: DB/Config bootstrapping should use IdentityServer support for getting properties, including boot prop

  • OPENIDM-1186: PATCH with POST using MVCC are successful even if revision wrong

  • OPENIDM-1165: EXCEPTION action when doing liveSync stops the synctoken processing

  • OPENIDM-1074: disabling automatic polling for changes of config file not possible on new install

  • OPENIDM-848: Conflicting behavior might be observed between the default fields set by the onCreate script and policy enforcement

  • OPENIDM-662: query-all-ids always returns the revision as 0, even after the object has been updated to a newer revision

  • OPENIDM-470: OpenIDM cannot rename objects - if the identifier of the object changes, the associated link breaks

Chapter 4. OpenIDM Compatibility

This chapter covers major and minor changes to existing functionality, as well as deprecated and removed functionality in this release of OpenIDM. You must read this chapter before commencing a migration from a previous OpenIDM release.

4.1. Major Changes to Existing Functionality

The following changes will have an impact on existing deployments. Read these changes carefully and adjust existing scripts and clients accordingly.

Changes to indexing for JDBC repositories

To improve indexing across the various supported JDBC repositories, a change has been made for all generic object mappings. The size of the propvalue column in the objectproperties tables (used for searches) is now limited to 2000 characters for all repositories other than MS SQL. Longer values are truncated. For MS SQL repositories, the propvalue column is restricted to 195 characters.

Incoming searches are trimmed accordingly, so that search filters such as equals do not break for the truncated column values.

4.2. Minor Changes to Existing Functionality

The following changes should not have an impact on existing deployment configurations.

Change to roles assignment operation scripts

The scripts that specify how role values are assigned (replaceTarget.js and mergeWithTarget.js) now pass back a map containing the new value for the target object field and, optionally, an updated attributesInfo object. Previously, these scripts simply returned the new value of the target object field.

Changes to connector configuration creation

The way in which you generate connector configurations for access to external resources has changed. There are now three separate actions involved in creating the connector configuration. For more information, see Section 11.6, "Creating Default Connector Configurations" in the Integrator's Guide.

The previous method of creating a connector configuration is retained in this release, for compatibility.

New location for sample JDBC repository configurations

The sample JDBC repository configurations, previously located at openidm/samples/misc/repo.jdbc-repo-type.json, are now located at openidm/db/repo-type/conf/repo.jdbc.json. The files no longer need to be renamed before being copied to your project's conf directory.

4.3. Deprecated Functionality

No functionality has been deprecated in OpenIDM 3.1.

No additional functionality is planned to be deprecated at this time.

4.4. Removed Functionality

No functionality has been removed in OpenIDM 3.1.

No functionality is planned to be removed at this time.

4.5. Functionality That Will Change in the Future

No major functionality is planned to change at this time.

Chapter 5. How to Report Problems & Provide Feedback

If you have questions regarding OpenIDM which are not answered by the documentation, there is a mailing list which can be found at where you are likely to find an answer.

If you have found issues or reproducible bugs within OpenIDM 3.1, report them in

When requesting help with a problem, please include the following information:

  • Description of the problem, including when the problem occurs and its impact on your operation

  • Machine type, operating system version, Java version, and OpenIDM release version, including any patches or other software that might be affecting the problem

  • Steps to reproduce the problem

  • Any relevant access and error logs, stack traces, or core dumps

Chapter 6. Support

You can purchase OpenIDM support subscriptions and training courses from ForgeRock and from consulting partners around the world and in your area. To contact ForgeRock, send mail to To find a partner in your area, see

Read a different version of :