How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I export configuration details for the Agent (All versions)?

Last updated Jan 11, 2023

The purpose of this article is to provide information on exporting configuration details for the Agent (Web or Java). Exporting configuration details for the agent is a common step in troubleshooting as it allows you (or someone else) to check all your configuration settings.

1 reader recommends this article

Exporting Agent configuration details

You can export the agent configuration details using different methods:


It is not possible to use the exported agent configuration as the basis for creating a local configuration file for an agent.



Please observe the following when constructing REST calls:

  • Make the REST call to the actual AM server URL (not lb).
  • Change the name of the iPlanetDirectoryPro header to the name of your actual session cookie.
  • Set this session cookie header to the token returned when you authenticated.
  • Ensure the Accept-API-Version header contains valid resource versions.

See How do I avoid common issues with REST calls in AM (All versions)? for further information.

You can use REST to obtain the agent's profile as follows:

  1. Authenticate as an admin user. For example:$ curl -X POST -H "X-OpenAM-Username: amadmin" -H "X-OpenAM-Password: cangetinam" -H "Content-Type: application/json" -H "Accept-API-Version: resource=2.1" response: { "tokenId": "AQIC5wM2LY4SfcxsuvGEjcsppDSFR8H8DYBSouTtz3m64PI.*AAJTSQACMDIAAlNLABQtNTQwMTU3NzgxODI0NzE3OTIwNAEwNDU2NjE0*", "successUrl": "/am/console", "realm": "/" }
  2. Return the agent's profile using the following curl command, where myAgent in the URL is replaced with the name of your agent:$ curl -X GET -H "iPlanetDirectoryPro: AQIC5wM2LY4Sfcxs...EwNDU2NjE0*" -H "Content-Type: application/json"


You can export configuration details for all agents using the export-config command in Amster. For example:

  • Export configuration for all Web agents in the top level realm: am> export-config --path /path/to/export --realm / --realmEntities 'WebAgents'
  • Export configuration for all Java agents in the employees realm: am> export-config --path /path/to/export --realm employees --realmEntities 'J2eeAgents'

Configuration details for each agent will be written to a separate JSON file in the WebAgents or J2eeAgents directory within /path/to/export/realms/[realmName].


You can use ssoadm to return the agent's configuration. Enter the following command:

$ ./ssoadm show-agent -e [realmname] -b [agentname] -u [adminID] -f [passwordfile] -o [outputfile]

replacing [realmname], [agentname], [adminID], [passwordfile] and [outputfile] with appropriate values.

See Also


Related Training

ForgeRock Access Management Deep Dive (AM-410)

Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.