Book

Administering and configuring IDM/OpenIDM

This book provides information on administering and configuring IDM/OpenIDM, including frequently asked questions and known issues.


Printer friendly view

Table of Contents

  • 1 General
    • 1.1 What versions of DS/OpenDJ are compatible with IDM/OpenIDM?
    • 1.2 What versions of AM/OpenAM are compatible with IDM/OpenIDM?
    • 1.3 What Java versions are ForgeRock products supported on?
  • 2 Security
    • 2.1 How do I secure the JWT session cookie used by IDM/OpenIDM (All versions)?
    • 2.2 How do I limit the supported secure protocols and cipher suites in IDM/OpenIDM (All versions)?
    • 2.3 How do I disable TLS Client-Initiated Renegotiation in IDM/OpenIDM (All versions)?
    • 2.4 How do I hash the password for openidm-admin before the first startup of IDM/OpenIDM (All versions)?
    • 2.5 How does IDM/OpenIDM (All versions) use anonymous access?
    • 2.6 How does IDM/OpenIDM (All versions) protect against CSRF attacks?
    • 2.7 How do I remove access to the browser-based UI in IDM/OpenIDM (All versions)?
  • 3 Keystores
    • 3.1 How do I change the symmetric key in IDM/OpenIDM (All versions)?
    • 3.2 How do I change the default keystore password in IDM/OpenIDM (All versions)?
    • 3.3 How do I configure IDM/OpenIDM (All versions) to use my existing CA signed certificate?
    • 3.4 How do I renew my existing CA certificate in use by IDM/OpenIDM (All versions)?
  • 4 Configuration
    • 4.1 How do I run the command-line interface in IDM (All versions) and OpenIDM 4.x if my install and project directories are different?
    • 4.2 How do I load OSGI bundles and JAR files into IDM/OpenIDM (All versions)?
    • 4.3 How do I implement keep-alive functionality for the managed repository in IDM/OpenIDM (All versions)?
    • 4.4 How do I modify the startup parameters for the IDM/OpenIDM (All versions) Windows Service?
    • 4.5 How do I customize authorization rules for http requests in IDM/OpenIDM (All versions)?
    • 4.6 How do I configure specific managed objects to be case insensitive in IDM/OpenIDM (All versions)?
    • 4.7 How do I stop IDM (All versions) prompting users for their current password during password reset?
    • 4.8 How do I manage configuration changes within a cluster in OpenIDM 3.x and 4.x?
    • 4.9 How do I re-create the internal OrientDB repository in IDM 5 and OpenIDM 3.x, 4.x?
    • 4.10 Integration with AM/OpenAM
      • 4.10.1 How does the OIDC authorization flow work when IDM (All versions) is integrated with AM?
      • 4.10.2 How do I correctly configure the OPENAM_SESSION authentication module in OpenIDM 4.5?
      • 4.10.3 How do I invoke the OpenIDM 3.1 and 4.x REST API when OpenIDM is protected by OpenAM?
    • 4.11 Workflows
      • 4.11.1 How do I migrate my existing BPMN workflows after upgrading to IDM 5.5 or applying Security Advisory #201705?
      • 4.11.2 How do I use workflow scripts to make calls back to IDM/OpenIDM (All versions)?
      • 4.11.3 How do I use RequireJS to load dependencies inside a workflow in IDM 5.x, 6 and OpenIDM 4.x?
    • 4.12 Task Scanner
      • 4.12.1 How do I configure the Task Scanner in IDM/OpenIDM (All versions) to find a user's start date between today and n number of days in the future?
      • 4.12.2 How do I convert a date stored in DS/OpenDJ to a format that the Task Scanner in IDM/OpenIDM (All versions) can use?
  • 5 Frequently Asked Questions
    • 5.1 FAQ: General IDM/OpenIDM
    • 5.2 FAQ: Installing and configuring IDM/OpenIDM
    • 5.3 FAQ: Clusters in IDM/OpenIDM
    • 5.4 FAQ: Task Scanner in IDM/OpenIDM
    • 5.5 FAQ: IDM/OpenIDM compatibility with third-party products
  • 6 Known Issues
    • 6.1 AM 5.x and 6.0.0.x, IDM 6.x and Rest2LDAP cannot connect to DS 5.x or 6 after restricting DS cipher suites or Java upgrade
    • 6.2 SSLHandshakeException or ClassCastException when using an HSM and Java 11 with ForgeRock products
    • 6.3 An illegal reflective access operation has occurred when using Java 11 with ForgeRock products
    • 6.4 Property substitutions no longer work in system configuration files in IDM 5.5 and 6.x
    • 6.5 Finding org.forgerock.json.crypto.JsonCryptoException: Decryption failed errors in IDM/OpenIDM
    • 6.6 Resource exception: 500 Internal Server Error keeps happening in IDM/OpenIDM (All versions)
    • 6.7 Given final block not properly padded error when starting IDM/OpenIDM (All versions)
    • 6.8 Login fails for some users with an Access denied, user inactive error when IDM (All versions) is integrated with AM
    • 6.9 Authentication fails with IDM (All versions) integrated AM when session-jwt cookie size exceeds browser limits
    • 6.10 Customizing Java Log Format to use SimpleFormatter fails in IDM/OpenIDM (All versions)
    • 6.11 Configuration invalid, can not start JDBC repository error when starting OpenIDM 4.5.x
    • 6.12 Double-clicks on Self-Service Registration page causes duplicate entries in IDM 5.x, 6 and OpenIDM 4.x
    • 6.13 Link in Password Reset and User Registration emails in IDM/OpenIDM (All versions) does not work in Microsoft Outlook
    • 6.14 Failed to load checksum file from archive error in OpenIDM 4.x
    • 6.15 JobEntity was updated by another transaction concurrently exception when using workflows in OpenIDM 4.x
    • 6.16 Repository password is not encrypted in OpenIDM 3.x or 4.x log and configuration files
  • 7 Patches
    • 7.1 How do I check what patches are installed for ForgeRock products?
    • 7.2 How do I install an IDM/OpenIDM patch (All versions) supplied by ForgeRock support?
Loading...