Notes on prerequisites, fixes, and known issues for the ForgeRock® Token Validation Microservice.


ForgeRock Identity Platform™ serves as the basis for our simple and comprehensive Identity and Access Management solution. We help our customers deepen their relationships with their customers, and improve the productivity and connectivity of their employees and partners. For more information about ForgeRock and about the platform, see

Chapter 1. What's New

The ForgeRock Token Validation Microservice is delivered as part of the ForgeRock Identity Platform to introspect and validate OAuth 2.0 access_tokens in service-to-service deployments. For information about the features of the Token Validation Microservice, see the User Guide.

1.1. Maintenance Release

The Token Validation Microservice 1.0.1 is a maintenance release.

1.2. New Features

There are no new features introduced in the Token Validation Microservice 1.0.1.

1.3. Product Improvements

There are no major improvements introduced in the Token Validation Microservice 1.0.1.

1.4. Security Advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly. ForgeRock's security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base library.

Chapter 2. Before You Install

This chapter describes the requirements for running the Token Validation Microservice.


If you have a request to support a component or combination not listed here, contact ForgeRock at

2.1. Downloading the Token Validation Microservice Software

Download the product software from the ForgeRock BackStage download site:

  • Token Validation Microservice .zip file,

2.2. Java Requirements

The following table lists supported Java versions:

JDK Requirements
Oracle JDK11 or later versions
OpenJDK11 or later versions

For the latest security fixes, ForgeRock recommends that you use the most recent update.

2.3. Authorization Server Requirements

Use an OAuth 2.0 authentication server, such as ForgeRock Access Management. For information about downloading and using AM, see AM's Release Notes.

If you use AM, AM version 6 or later is required.

The examples in the Token Validation Microservice User Guide use AM, and assume that it is reachable on

Chapter 3. Compatibility With Other Releases

This chapter describes important changes to existing functionality, deprecated functionality, and removed functionality.

3.1. Important Changes to Existing Functionality

This release of the Token Validation Microservice includes the following important change:

gracefulStop In ScheduledExecutorService

When gracefulStop is true, the ScheduledExecutorService now removes submitted jobs and attempts to end running jobs, after respecting the gracePeriod. In previous releases, when gracefulStop was true, it did not remove or end jobs.

For other information about the ScheduledExecutorService, see ScheduledExecutorService, in the Identity Gateway Configuration Reference.

3.2. Deprecated Functionality

This section lists deprecated functionality, as defined in "ForgeRock Product Stability Labels".

No features are deprecated in this release of the Token Validation Microservice.

3.3. Removed Functionality

This section lists removed functionality, as defined in "ForgeRock Product Stability Labels"..

No functionality has been removed in this release of the Token Validation Microservice.

Chapter 4. Fixes, Limitations, and Known Issues

Issues in the Token Validation Microservice are tracked at This chapter covers the status of key issues and limitations in this release.

4.1. Key Fixes

This release of the Token Validation Microservice fixes the following important issues:

  • OPENIG-3820: Path/QueryString with %encoded values are forwarded in a decoded way

  • MICSVC-118: Remove default-config.json

  • The port number in the default admin.json was changed to 9090

4.2. Limitations

This release of the Token Validation Microservice includes the following limitations:

CacheTimeout For The JwkSetSecretStore Cannot Be Disabled Or Lower Than 10 Seconds

The cacheTimeout property cannot be disabled in the JwkSetSecretStore. The minimum value is 10 seconds. If a lower value is set, the cacheTimeout is forced to 10 seconds.

Streaming Mode Not Available

The ClientHandler cannot stream responses from a proxied application to the user agent. Responses are processed in non-streaming mode only, after the entire entity content is available. Consequently, only the non-streaming mode is available, which does not support Server-Sent Events (SSE) or very large files.

SqlAttributesFilter Not Supported

The Token Validation Microservice cannot execute SQL queries by using the SqlAttributesFilter. Because the Token Validation Microservice does not provide a JNDI tree to look up, it cannot access connections in JDBC connection pools, that are required by the SqlAttributesFilter.

4.3. Known Issues

This release of the Token Validation Microservice includes the following known issue:

Chapter 5. Documentation Changes

The following table lists important changes to the documentation:

Documentation Changes


August 2019

Update to the lists of important changes, fixes, limitations, and known issues in the Release Notes.


July 2019

The first release of the Token Validation Microservice.

Appendix A. Release Levels and Interface Stability

This appendix includes ForgeRock definitions for product release levels and interface stability.

A.1. ForgeRock Product Release Levels

ForgeRock defines Major, Minor, Maintenance, and Patch product release levels. The release level is reflected in the version number. The release level tells you what sort of compatibility changes to expect.

Release Level Definitions
Release LabelVersion NumbersCharacteristics


Version: x[.0.0] (trailing 0s are optional)

  • Bring major new features, minor features, and bug fixes

  • Can include changes even to Stable interfaces

  • Can remove previously Deprecated functionality, and in rare cases remove Evolving functionality that has not been explicitly Deprecated

  • Include changes present in previous Minor and Maintenance releases


Version: x.y[.0] (trailing 0s are optional)

  • Bring minor features, and bug fixes

  • Can include backwards-compatible changes to Stable interfaces in the same Major release, and incompatible changes to Evolving interfaces

  • Can remove previously Deprecated functionality

  • Include changes present in previous Minor and Maintenance releases

Maintenance, Patch

Version: x.y.z[.p]

The optional .p reflects a Patch version.

  • Bring bug fixes

  • Are intended to be fully compatible with previous versions from the same Minor release

A.2. ForgeRock Product Stability Labels

ForgeRock products support many features, protocols, APIs, GUIs, and command-line interfaces. Some of these are standard and very stable. Others offer new functionality that is continuing to evolve.

ForgeRock acknowledges that you invest in these features and interfaces, and therefore must know when and how ForgeRock expects them to change. For that reason, ForgeRock defines stability labels and uses these definitions in ForgeRock products.

ForgeRock Stability Label Definitions
Stability LabelDefinition


This documented feature or interface is expected to undergo backwards-compatible changes only for major releases. Changes may be announced at least one minor release before they take effect.


This documented feature or interface is continuing to evolve and so is expected to change, potentially in backwards-incompatible ways even in a minor release. Changes are documented at the time of product release.

While new protocols and APIs are still in the process of standardization, they are Evolving. This applies for example to recent Internet-Draft implementations, and also to newly developed functionality.


This feature or interface has been replaced with an improved version, and is no longer receiving development effort from ForgeRock.

You should migrate to the newer version, however the existing functionality will remain.

Legacy features or interfaces will be marked as Deprecated if they are scheduled to be removed from the product.


This feature or interface is deprecated and likely to be removed in a future release. For previously stable features or interfaces, the change was likely announced in a previous release. Deprecated features or interfaces will be removed from ForgeRock products.


This feature or interface was deprecated in a previous release and has now been removed from the product.

Technology Preview

Technology previews provide access to new features that are considered as new technology that is not yet supported. Technology preview features may be functionally incomplete and the function as implemented is subject to change without notice. DO NOT DEPLOY A TECHNOLOGY PREVIEW INTO A PRODUCTION ENVIRONMENT.

Customers are encouraged to test drive the technology preview features in a non-production environment and are welcome to make comments and suggestions about the features in the associated forums.

ForgeRock does not guarantee that a technology preview feature will be present in future releases, the final complete version of the feature is liable to change between preview and the final version. Once a technology preview moves into the completed version, said feature will become part of the ForgeRock platform. Technology previews are provided on an “AS-IS” basis for evaluation purposes only and ForgeRock accepts no liability or obligations for the use thereof.


Internal and undocumented features or interfaces can change without notice. If you depend on one of these features or interfaces, contact ForgeRock support or email to discuss your needs.

Appendix B. Getting Support

ForgeRock provides support services, professional services, training through ForgeRock University, and partner services to assist you in setting up and maintaining your deployments. For a general overview of these services, see

ForgeRock has staff members around the globe who support our international customers and partners. For details, visit, or send an email to ForgeRock at

ForgeRock publishes comprehensive documentation online:

  • The ForgeRock Knowledge Base offers a large and increasing number of up-to-date, practical articles that help you deploy and manage ForgeRock software.

    While many articles are visible to community members, ForgeRock customers have access to much more, including advanced information for customers using ForgeRock software in a mission-critical capacity.

  • ForgeRock product documentation, such as this document, aims to be technically accurate and complete with respect to the software documented. It is visible to everyone and covers all product features and examples of how to use them.

Read a different version of :