This article has been archived and is no longer maintained by ForgeRock.
- OpenAM DAS provided a login interface, which was deployed within network demilitarized zones to limit OpenAM's exposure to the Internet.
- DAS has been removed from the product bundle as of OpenAM 13 see OpenAM Release Notes › Removed Functionality
- The background behind this decision is that reverse proxies are the modern way to provide access to a service such as OpenAM.
- The current interface to OpenAM operates via REST calls, which can function through a reverse proxy.
- The architecture of DAS is generally inconsistent with modern reverse proxy scenarios.
A reverse proxy can be used as a replacement for DAS. More information about this concept can be found in the Deployment Planning Guide › Example Deployment Topology › Reverse Proxies
ForgeRock offers the Identity Gateway product, which can suit this requirement as it can act as an intelligent reverse proxy server between clients and the OpenAM Service. Please refer to the following documentation to learn more about implementing, installing and configuring OpenIG:
- OpenAM 13 Release Notes › What's New in OpenAM 13 › OpenIG as a Replacement for DAS
- Deployment Planning Guide › Example Deployment Topology › OpenIG
- Gateway Guide
If DAS is already being used with an OpenAM 12 installation, then the existing deployed DAS can continue to be used in the case where the OpenAM server itself is upgraded to the 13.x release.
DAS 12.0.4 will not work with OpenAM 13.x due to changes made in OPENAM-9567 (The HttpServletRequest from the DAS can be null at the authentication module level), but DAS 12.0.3 will work with OpenAM 13.
There is a known issue: OPENAM-8551 (J2EE Agent logs 'The user does not have permission to perform the operation' errors during bootstrap), which prevents DAS 12.0.3 working with OpenAM 13.5.
DAS component is covered by the ForgeRock End of Service Life (EOSL) policy for the version of OpenAM that it originally shipped with.