FAQ
ForgeRock Identity Platform
Does not apply to Identity Cloud

FAQ: Installing and configuring IDM

Last updated Jan 27, 2022

The purpose of this FAQ is to provide answers to commonly asked questions regarding installing and configuring IDM.


Frequently asked questions

Q. Is IDM compatible with Oracle Java Development Kit (JDK) 11?

A. Yes, as of IDM 6.5, Oracle JDK 11 is supported. You should only use supported versions to prevent compatibility issues.

Q. Can IDM be used with OpenJDK?

A. Yes, OpenJDK is supported in IDM. See Before You Install (Java Requirements) for details of versions.

Q. How do I integrate IDM, AM and DS?

A. You should refer to Platform Setup Guide for further information.

Q. Do I need to change the default symmetric encryption key for production (Pre-IDM 6.5)?

A. No, you do not. IDM generates a symmetric key and a private key the first time the server is started. See How do I change the symmetric key in IDM 5.x and 6? for further information.

However, you should change the default keystore password as detailed in Change the Default Keystore Password.

Q. Does IDM support encryption keys with 256-bit AES encryption?

A. Yes, IDM does support keys with 256-bit AES encryption and as of Java 9, so does Java. With earlier versions of Java, you must install the Oracle Java JCE unlimited strength jars if you want to use keys with 256-bit AES encryption. See Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files Download for further information and links to download the jars.

Q. How do I configure IDM for case insensitive searching?

A. IDM is case-sensitive, but this can cause issues where valid entries are not found due to their case. This issue also affects queries done using queryFilter as the case-sensitivity of queryFilter depends on the repository's collation. You can resolve this by configuring the repository for case sensitivity as detailed in Reconcile With Case-Insensitive Data Stores.

Q. Can IDM be configured to use multiple OpenICF Connector servers and failover with Active Directory Domain Controllers?

A. No, IDM can only use one OpenICF Connector server at a time. For failover purposes, you should have two or more Active Directory Domain Controllers (DC) with the OpenICF Connector server installed and if one becomes unavailable, your system administrator should change the target IP to another available DC.

See Also

FAQ: General IDM

FAQ: IDM compatibility with third-party products

FAQ: Upgrading IDM

FAQ: Scripts in IDM

Installation Guide

Setup Guide

Related Training

ForgeRock Identity Management Core Concepts (IDM-400)


Copyright and Trademarks Copyright © 2022 ForgeRock, all rights reserved.