Book
ForgeRock Identity Platform
Does not apply to Identity Cloud

Administering and configuring IDM

This book provides information on administering and configuring IDM, including frequently asked questions and known issues.


Printer friendly view

Table of Contents

  • 1 General
    • 1.1 What versions of DS are compatible with IDM?
    • 1.2 What versions of AM are compatible with IDM?
    • 1.3 What Java versions are ForgeRock products supported on?
  • 2 Security
    • 2.1 How do I disable TLS Client-Initiated Renegotiation in IDM (All versions)?
    • 2.2 How does IDM (All versions) use anonymous access?
    • 2.3 How do Identity Cloud and IDM (All versions) protect against CSRF attacks?
    • 2.4 How do I remove access to the browser-based UI in IDM (All versions)?
    • 2.5 How do I limit the supported secure protocols and cipher suites in IDM 5.x and 6.x?
    • 2.6 How do I hash the password for openidm-admin before the first startup of IDM 5.x and 6.x?
  • 3 Keystores
    • 3.1 How do I renew my existing CA certificate in use by IDM (All versions)?
    • 3.2 How do I change the symmetric key in IDM 5.x and 6?
  • 4 Clusters
    • 4.1 Best practice for clustering in IDM
    • 4.2 FAQ: Clusters in IDM
  • 5 Configuration
    • 5.1 How do I run the command-line interface in IDM (All versions) if my install and project directories are different?
    • 5.2 How do I load OSGI bundles and JAR files into IDM (All versions)?
    • 5.3 How do I implement keep-alive functionality for the managed repository in IDM (All versions)?
    • 5.4 How do I modify the startup parameters for the IDM (All versions) Windows Service?
    • 5.5 How do I customize authorization rules for http requests in IDM 5.x and 6.x?
    • 5.6 How do I configure specific managed objects to be case insensitive in IDM (All versions)?
    • 5.7 How do I stop IDM (All versions) prompting users for their current password during password reset?
    • 5.8 How do I disable audit logging in IDM 6.5 and 7.x?
    • 5.9 Integration with AM/OpenAM
      • 5.9.1 How does the OIDC authorization flow work when IDM 5.5.x, 6.x or 7.x is integrated with AM?
    • 5.10 Workflows
      • 5.10.1 How do I use workflow scripts to make calls back to IDM 5.x and 6.x?
      • 5.10.2 How do I use RequireJS to load dependencies inside a workflow in IDM 5.x and 6?
    • 5.11 Task Scanner
      • 5.11.1 How do I configure the Task Scanner in IDM (All versions) to find a user's start date between today and n number of days in the future?
      • 5.11.2 How do I convert a date stored in DS to a format that the Task Scanner in IDM (All versions) can use?
      • 5.11.3 FAQ: Task Scanner in IDM
  • 6 Frequently Asked Questions
    • 6.1 FAQ: General IDM
    • 6.2 FAQ: Installing and configuring IDM
    • 6.3 FAQ: IDM compatibility with third-party products
    • 6.4 How do I count the number of users in my ForgeRock deployment?
  • 7 Known Issues
    • 7.1 Keystores
      • 7.1.1 Public key not found error and cannot log in to Admin UI after upgrading to IDM 7.1
      • 7.1.2 Finding org.forgerock.json.crypto.JsonCryptoException: Decryption failed errors in IDM
      • 7.1.3 Resource exception: 500 Internal Server Error keeps happening in IDM (All versions)
      • 7.1.4 Given final block not properly padded error when starting IDM (All versions)
    • 7.2 AM 5, 5.5, 5.5.1 and 6.0.0.x, IDM 6.x and Rest2LDAP cannot connect to DS 5, DS 5.5, DS 5.5.1, DS 5.5.2 or 6 after restricting DS cipher suites or Java upgrade
    • 7.3 Configuration
      • 7.3.1 Failure to query configurations error when accessing Admin UI in IDM (All versions)
      • 7.3.2 Property substitutions no longer work in system configuration files in IDM 5.5, 6.x or 7.x
      • 7.3.3 Failed to update repo instance state during failed instance recovery warning in IDM (All versions)
      • 7.3.4 Login fails for some users with an Access denied, user inactive error when IDM 5.x or 6.x is integrated with AM
      • 7.3.5 Authentication fails with IDM 5.x or 6.x integrated with AM when session-jwt cookie size exceeds browser limits
      • 7.3.6 Customizing Java Log Format to use SimpleFormatter fails in IDM (All versions)
    • 7.4 Java 11
      • 7.4.1 SSLHandshakeException or ClassCastException when using an HSM and Java 11 with ForgeRock products
      • 7.4.2 An illegal reflective access operation has occurred when using Java 11 with ForgeRock products
    • 7.5 Self-Service
      • 7.5.1 Link in Password Reset and User Registration emails does not work in Microsoft Outlook with IDM 5.x, 6 - 6.0.0.4 and 6.5.0
      • 7.5.2 Password reset link is invalid error when resetting password via Self-Service in IDM 5.x or 6.x
      • 7.5.3 Double-clicks on Self-Service Registration page causes duplicate entries in IDM 5.x and 6
  • 8 Patches
    • 8.1 How do I check what patches are installed for ForgeRock products?
    • 8.2 How do I install an IDM patch (All versions) supplied by ForgeRock support?