Latest
SecurID authentication module login fails in AM (All versions) with java.lang.NoClassDefFoundError
The purpose of this article is to provide assistance if you receive a "java.lang.NoClassDefFoundError: com/rsa/authagent/authapi/AuthAgentException" when attempting to log into the SecurID® authentication module in AM.
FAQ: SecurID authentication module in AM
The purpose of this FAQ is to provide answers to commonly asked questions regarding the SecurID® authentication module in AM. The SecurID module allows AM to authenticate users with RSA® Authentication Manager software and RSA SecurID authenticators. This article also includes information for troubleshooting failed authentication attempts to the SecurID authentication module.
FAQ: AM compatibility with third-party products
The purpose of this FAQ is to provide answers to commonly asked questions regarding AM compatibility with third-party products.
How do I configure a list of valid goto URL resources in AM 5.x, 6.0.0.x, 6.5.0.x, 6.5.1 and 6.5.2.x?
The purpose of this article is to provide information on configuring a list of valid goto URL resources to which users can be redirected after authentication in AM. This is good practice to increase security against possible phishing attacks through open redirect. When you specify a URL resource list, the resource of the URL stated in the goto or gotoOnFail parameter must exist on the URL resource list for the user to be redirected. If you do not specify a URL resource list, all resources included in URLs specified in the goto or gotoOnFail parameter are considered valid.
Where can I find useful logs for troubleshooting ForgeRock products?
The purpose of this article is to provide information on finding logs across ForgeRock products (AM, DS, IDM and IG) for troubleshooting purposes. This article shows default log locations, although most of them can be changed.
What Java versions are ForgeRock products supported on?
The purpose of this article is to provide information on the supported Java® versions across the ForgeRock platform (AM, DS, IDM and IG).
FAQ: Upgrading AM
The purpose of this FAQ is to provide answers to commonly asked questions regarding upgrading AM.
Log4j Security Advisory #202111
The purpose of this advisory is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are vulnerable to recent Log4j 2 vulnerabilities: RCE (Remote Code Execution) CVE-2021-44228, DoS (Denial of Service) CVE-2021-45046, DoS CVE-2021-45105 and ACE (Arbitrary Code Execution) CVE-2021-44832. These vulnerabilities allow an attacker to remotely execute code in certain circumstances.
No secret with id storepass for purpose storepass errors after upgrading to AM 6.5.x or 7.x
The purpose of this article is to provide assistance if you encounter "No secret with id storepass for purpose storepass" or "No secret configured for purpose am.global.services.saml2.client.storage.jwt.encryption" errors after upgrading or installing AM. You may notice these errors after starting AM, when trying to retrieve an OIDC token or an OAuth2 access token, or when SAML2 federation fails.
How do I set up Kerberos authentication in AM (All versions)?
The purpose of this article is to provide information that will help guide you through understanding and configuring the Kerberos™ authentication node or the Windows Desktop SSO (WDSSO) authentication module in AM. This functionality uses the Kerberos™ capabilities of Active Directory®.
Books
Security Advisories
This book provides security advisories for ForgeRock products (AM, DS, IDM and IG).
Installing and configuring AM
This book provides information on installing and configuring AM, including frequently asked questions and known issues.
SAML Federation in AM
This book provides information on SAML2 federation in AM and includes help on configuring federation, managing SAML certificates and manipulating metadata for IdPs and SPs.
Authentication modules in AM
This book provides information on authentication modules in AM, including how to configure and troubleshoot.
Platform compatibility
This book provides information on compatibility between ForgeRock products (AM, DS, IDM and IG).
Data stores in AM
This book provides information on the different types of data stores (repositories) in AM, including the configuration store, the user data store (identity repository) and the CTS store.
Upgrading AM
This book provides information on upgrading AM including best practice advice, recommended procedures for different upgrade scenarios and known issues.
Using ssoadm in AM
This book provides information on using ssoadm in AM to make configuration changes as well as tips to help you get the most from ssoadm.
Using the REST STS in AM
This book provides information on using the REST STS (Secure Token Service) in AM.
SSL in AM and Agents
This book provides information on SSL in AM and Agents, including connections and certificates.
Security Advisories
Log4j Security Advisory #202111
The purpose of this advisory is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are vulnerable to recent Log4j 2 vulnerabilities: RCE (Remote Code Execution) CVE-2021-44228, DoS (Denial of Service) CVE-2021-45046, DoS CVE-2021-45105 and ACE (Arbitrary Code Execution) CVE-2021-44832. These vulnerabilities allow an attacker to remotely execute code in certain circumstances.
AM Security Advisory #202110
Security vulnerabilities have been discovered in supported versions of Access Management (AM). These vulnerabilities affect versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x, 6.5.3, 7.0.x and 7.1.0, and could be present in older unsupported versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Java JDK Security Advisory #202109
ForgeRock are aware of a serious vulnerability in the implementation of certain cryptographic operations in Java JDK versions 15 and later. This affects Oracle® Java® and OpenJDK, including other JDKs derived from OpenJDK. You should follow the advice in this advisory to secure your deployments at the earliest opportunity.
AM Security Advisory #202106
Security vulnerabilities have been discovered in supported versions of Access Management (AM). These vulnerabilities affect versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x, 6.5.3, 7.0.0 and 7.0.1, and could be present in older unsupported versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
AM Security Advisory #202104
A security vulnerability has been discovered in supported versions of Access Management (AM). This vulnerability affects versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3; it also affects older unsupported versions: AM 5.x; OpenAM 9.x, 10.x, 11.x, 12.x and 13.x. You should secure your deployments at the earliest opportunity as outlined in this security advisory. NOTE: This does not affect AM 7 and above.
Web Agents Security Advisory #202107
A security vulnerability has been discovered in supported versions of Web Agents. This vulnerability affects versions 5.7.0, 5.7.1, 5.7.2, 5.8.0, 5.8.1, 5.8.2, and 5.8.2.1. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Web Agents Security Advisory #202105
Security vulnerabilities have been discovered in supported versions of Web Agents. These vulnerabilities affect versions 5.6.3, 5.7.0, 5.8.0, 5.8.1 and 5.8.2. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
AM Agents Security Advisory #202103
Security vulnerabilities have been discovered in AM Web and Java® Agent components.
AM/OpenAM Security Advisory #201801
Security vulnerabilities have been discovered in AM/OpenAM components. These issues may be present in AM 5.0, AM 5.1.x and OpenAM 12.0.x, 13.0.0 and 13.5.0. The OpenAM Community Edition 11.0.3 may also affected.
AM Java Agents Security Advisory #201903
A Security vulnerability has been discovered in a library used by the AM Java Agent component. This issue is present in the Java Agent 5.x release.