ForgeRock Identity Platform
Does not apply to Identity Cloud

Property substitutions no longer work in system configuration files in IDM 5.5, 6.x or 7.x

Last updated Feb 24, 2021

The purpose of this article is to provide assistance if property substitutions do not work in system configuration files after upgrading to IDM 5.5 or later.

1 reader recommends this article


Variables that have been defined in are no longer resolved when configuration data is retrieved with REST calls or For example, using an call with the variable in the form &{} does not result in the expected property value being substituted and instead the literal &{} is returned.

Recent Changes

Upgraded to IDM 5.5 or later.


Changes have been made to how system properties are read and variables are no longer automatically substituted. This change makes it easier to administer configurations via REST since you can now configure one server, retrieve the configuration and push it to another server (previously this was not possible since the variables were automatically substituted meaning what you retrieved could not be applied to other servers). Additionally, this change improves security as there is no longer a risk of exposing substituted values over REST, which could contain sensitive data such as passwords.


This issue can be resolved by using the identityServer.getProperty method to resolve variables in system configuration files.

Refer to the following links for further information:

See Also

Administering and configuring IDM

Setup Guide › Configure the Server

Related Training


Related Issue Tracker IDs

OPENIDM-8523 (ConfigBootstrapHelper should not read system properties directly)

OPENIDM-8521 (Create an EnvironmentVariablePropertyAccessor)

Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.