Latest
Best practice for configuring an external DS instance for the Core Token Service (CTS) in AM 5.x and 6
The purpose of this article is to provide best practice advice on configuring an external DS instance for CTS in AM as a non-admin user. CTS is used to provide session failover in AM.
Best practice for migrating Authentication Chains to Trees in AM 6.x
The purpose of this article is to provide some basic concepts that can be used to assist in migrating authentication chains to equivalent functionality in authentication trees.
Best practice for upgrading to AM 6.x
The purpose of this article is to provide best practice advice on upgrading to AM 6.x as there are some known issues regarding the upgrade process and issues that may affect you post-upgrade.
How do I renew expired certificates for a hosted IdP or SP in AM 5.x or 6.x?
The purpose of this article is to provide information on renewing expired X.509 signing certificates for a hosted IdP or SP (entity provider) for SAML2 Federation in AM.
How do I renew expired certificates for a remote IdP or SP in AM (All versions)?
The purpose of this article is to provide information on renewing expired X.509 signing certificates for a remote IdP or SP (entity provider) for SAML2 Federation in AM.
FAQ: Installing and using Amster in AM
The purpose of this FAQ is to provide answers to commonly asked questions regarding installing and using Amster in AM.
How do I update property values in AM (All versions) using Amster?
The purpose of this article is to provide information on using Amster to update property values in AM. You can also use these concepts to help you get started with creating resources via Amster.
Do ForgeRock products run on AWS?
AWS stands for Amazon Web Services and encompasses a range of cloud-based services provided by Amazon. ForgeRock products work well with many AWS offerings. Additionally, ForgeRock has also partnered with AWS to make it even easier for companies to control access to AWS Resources.
What JWTs are generated or accepted in Identity Cloud and AM?
The purpose of this article is to provide information on the JSON Web Tokens (JWTs) used in OAuth 2.0 and OpenID Connect 1.0 (OIDC) that are generated or accepted by ForgeRock Identity Cloud or AM.
What operating systems are ForgeRock products supported on?
The purpose of this article is to provide a summary of the currently supported operating systems for the latest ForgeRock products: AM 7.1, DS 7.1, IDM 7.1 and IG 7.1.
Books
Product Q&As - ForgeRock Identity Platform
This book provides answers to questions when evaluating the ForgeRock Identity Platform and its components (AM, DS, IDM and IG). It assumes that the platform is deployed on-premises or in a private or public cloud rather than ForgeRock-hosted in Identity Cloud.
Platform compatibility
This book provides information on compatibility between ForgeRock products (AM, DS, IDM and IG).
SAML Federation in AM
This book provides information on SAML2 federation in AM and includes help on configuring federation, managing SAML certificates and manipulating metadata for IdPs and SPs.
Performance tuning and monitoring ForgeRock products
This book provides information on performance tuning and monitoring ForgeRock products (AM, DS, IDM and IG).
Authentication trees in AM
This book provides information on authentication trees in AM.
Security Advisories
This book provides security advisories for ForgeRock products (AM, DS, IDM and IG).
Push Services in AM
This book provides information on push services in AM.
OAuth 2.0 and OIDC in AM
This book provides information on OAuth 2.0 and OpenID Connect (OIDC) in AM including UMA, administering access tokens via REST and known issues (with solutions).
Administrator and user accounts in AM
This book provides information on administrator and user accounts in AM including changing passwords, what privileges are available, account lockout and known issues (with solutions).
Customizing SAML2 plugins in AM
This book provides information on customizing the SAML2 plugins in AM. These plugins include account mappers, attribute mappers and adapters for both the IdP and SP.
Security Advisories
Spring Framework Security Advisory #202203
The purpose of this advisory is to inform our customers that, based on current information, ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are NOT vulnerable to the Spring Framework vulnerabilities: Data Binding Rules CVE-2022-22968, RCE (Remote Code Execution) CVE-2022-22965 (Spring4shell), RCE CVE-2022-22963 and DoS (Denial of Service) CVE-2022-22950.
Java JDK Security Advisory #202109
ForgeRock are aware of a serious vulnerability in the implementation of certain cryptographic operations in Java® JDK versions 15 and later: CVE-2022-21449. This vulnerability affects Oracle® Java and OpenJDK, including other JDKs derived from OpenJDK. You should follow the advice in this advisory to secure your deployments at the earliest opportunity.
AM Security Advisory #202110
Security vulnerabilities have been discovered in supported versions of Access Management (AM). These vulnerabilities affect versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x, 6.5.3, 7.0.x and 7.1.0, and could be present in older unsupported versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Web and Java Agents Security Advisory #202201
A security vulnerability has been discovered in supported versions of Web and Java Agents when using specific configurations. This vulnerability affects versions: Web Agent 5.6.1.0 - 5.9.0, and Java Agent 5.7.1, 5.8.0, 5.8.1 and 5.9.0. It could be present in older unsupported versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Log4j Security Advisory #202111
The purpose of this advisory is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are vulnerable to recent Log4j 2 vulnerabilities: RCE (Remote Code Execution) CVE-2021-44228, DoS (Denial of Service) CVE-2021-45046, DoS CVE-2021-45105 and ACE (Arbitrary Code Execution) CVE-2021-44832. These vulnerabilities allow an attacker to remotely execute code in certain circumstances.
AM Security Advisory #202106
Security vulnerabilities have been discovered in supported versions of Access Management (AM). These vulnerabilities affect versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x, 6.5.3, 7.0.0 and 7.0.1, and could be present in older unsupported versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
AM Security Advisory #202104
A security vulnerability has been discovered in supported versions of Access Management (AM). This vulnerability affects versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3; it also affects older unsupported versions: AM 5.x; OpenAM 9.x, 10.x, 11.x, 12.x and 13.x. You should secure your deployments at the earliest opportunity as outlined in this security advisory. NOTE: This does not affect AM 7 and above.
Web Agents Security Advisory #202107
A security vulnerability has been discovered in supported versions of Web Agents. This vulnerability affects versions 5.7.0, 5.7.1, 5.7.2, 5.8.0, 5.8.1, 5.8.2, and 5.8.2.1. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Web Agents Security Advisory #202105
Security vulnerabilities have been discovered in supported versions of Web Agents. These vulnerabilities affect versions 5.6.3, 5.7.0, 5.8.0, 5.8.1 and 5.8.2. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
AM Agents Security Advisory #202103
Security vulnerabilities have been discovered in AM Web and Java® Agent components.