Latest
OpenSSL 3.0 vulnerability and ForgeRock products
The purpose of this article is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Autonomous Identity and the SDKs) are vulnerable to the OpenSSL 3.0 vulnerability (CVE-2022-3602 and CVE-2022-3786). This vulnerability allows a buffer overrun to be triggered in X.509 certificate verification, which could result in a crash (causing a denial of service) or potentially remote code execution in certain circumstances.
How do I connect to Google Cloud with a proxy server to download Docker images for Autonomous Identity?
The purpose of this article is to provide information on downloading Docker® images for Autonomous Identity from ForgeRock's Google Cloud® Registry (gcr.io) repository when you are using a proxy server.
How do I integrate Microsoft Azure AD with Autonomous Identity for SSO?
The purpose of this article is to provide the steps for configuring Single Sign-On (SSO) using Microsoft Azure Active Directory® (AD) as the IdP for Autonomous Identity.
How do I get the Autonomous Identity product version?
The purpose of this article is to provide the instructions on getting the version of Autonomous Identity.
How do I change the Cassandra password for zoran_dba and zoranuser in Autonomous Identity 2021.8.x?
The purpose of this article is to provide instructions on changing the password of the zoran-dba Cassandra database user in Autonomous Identity.
Log4j Security Advisory #202111
The purpose of this advisory is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are vulnerable to recent Log4j 2 vulnerabilities: RCE (Remote Code Execution) CVE-2021-44228, DoS (Denial of Service) CVE-2021-45046, DoS CVE-2021-45105 and ACE (Arbitrary Code Execution) CVE-2021-44832. These vulnerabilities allow an attacker to remotely execute code in certain circumstances.
Spring Framework Security Advisory #202203
The purpose of this advisory is to inform our customers that, based on current information, ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are NOT vulnerable to the Spring Framework vulnerabilities: Data Binding Rules CVE-2022-22968, RCE (Remote Code Execution) CVE-2022-22965 (Spring4shell), RCE CVE-2022-22963 and DoS (Denial of Service) CVE-2022-22950.
Security Advisories
Log4j Security Advisory #202111
The purpose of this advisory is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are vulnerable to recent Log4j 2 vulnerabilities: RCE (Remote Code Execution) CVE-2021-44228, DoS (Denial of Service) CVE-2021-45046, DoS CVE-2021-45105 and ACE (Arbitrary Code Execution) CVE-2021-44832. These vulnerabilities allow an attacker to remotely execute code in certain circumstances.
Spring Framework Security Advisory #202203
The purpose of this advisory is to inform our customers that, based on current information, ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are NOT vulnerable to the Spring Framework vulnerabilities: Data Binding Rules CVE-2022-22968, RCE (Remote Code Execution) CVE-2022-22965 (Spring4shell), RCE CVE-2022-22963 and DoS (Denial of Service) CVE-2022-22950.