How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I install an AM patch (All versions) supplied by ForgeRock support?

Last updated Dec 9, 2021

The purpose of this article is to provide information on installing an AM patch that has been supplied by ForgeRock support.


7 readers recommend this article

Overview

This article provides instructions for installing a patch in the following containers/deployments:

Note

Please note the following:

  • Unzipping the patch directly in the openam directory provides a full history of all the patches installed in your AM environment, where each README.X and patchInfo.X.json file indicates a set of installed patches (and the corresponding ticket ID).
  • Installing a patch will overwrite some existing files with new versions. You will see a warning to inform you this is happening but this is expected behavior.
  • In a DevOps deployment model, you cannot apply the provided patch by unzipping it in a running AM pod and restarting the container. This is because when you restart an AM Tomcat server inside a K8's pod, it will re-initialize the entire Kubernetes pod and then redeploy the vanilla AM (with the patch NOT applied). You therefore need to create a custom Docker image that uses an AM WAR that contains the patch.

Apache Tomcat

  1. Back up the /path/to/tomcat/webapps/openam directory where AM is deployed.
  2. Check the /path/to/tomcat/webapps/openam/WEB-INF/classes directory where AM is deployed to ensure that the classes contained in the patch do not already exist in the directory. If one or more classes do already exist, it may mean you have a conflicting patch installed. If this is the case, you should seek advice from ForgeRock support prior to applying the patch.
  3. Stop the web application container in which AM runs.
  4. Go to the /path/to/tomcat/webapps/openam/ directory where AM is deployed: $ cd /path/to/tomcat/webapps/openam/
  5. Extract the patch zip: $ unzip /path/to/patch/X.zip
  6. Restart the web application container in which AM runs.
Note

You can remove the patch by replacing the /openam directory with your backup.

JBoss Application Server and Wildfly AS

The JBoss Application Server and Wildfly AS web application containers deploy applications to different temporary directories each time you restart the container; this means any patches need to be applied directly to the openam.war file as follows: 

  1. Make a backup of the original openam.war file
  2. Stop the web application container in which AM runs.
  3. Unpack the openam.war file to a temporary directory.
  4. Go to the openam/ directory in the unpacked openam.war file: $ cd /tmp/unpacked/openam.war/openam
  5. Extract the patch zip: $ unzip /path/to/patch/X.zip
  6. Repack the openam.war file.
  7. Redeploy the openam.war file and restart the web application container in which AM runs.
Note

You can remove the patch by redeploying your original openam.war file.

ForgeOps (ForgeRock DevOps) Deployments

If you are using the ForgeOps deployment model, you need to create a custom Docker image that uses the AM WAR file containing the AM patch. 

Please see Docker Image Development for instructions; this will require you to test the patch in a non-Kuberenetes environment first. 

See Also

FAQ: Patches in AM

Maintenance Guide › Backing Up Configurations

ForgeRock Maintenance Release Policy

How do I install a DS patch (All versions) supplied by ForgeRock support?

How do I use the patchinfo utility to check what patches are installed for AM or IG (All versions)?

How do I check what patches are installed for ForgeRock products?

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.