Latest
FAQ: Push Services in Identity Cloud and AM
The purpose of this FAQ is to provide answers to commonly asked questions regarding the Push service and notifications in ForgeRock Identity Cloud and AM.
AM Security Advisory #202207
A security vulnerability has been discovered in supported versions of Access Management (AM). This vulnerability affects all current versions of AM, and could be present in older unsupported versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
SameSite cookie support in AM and IG
The purpose of this article is to provide information on support for SameSite cookies in AM and IG.
How do I check what MFA devices are registered to a user in Identity Cloud and AM (All versions)?
The purpose of this article is to provide information on checking which multi-factor authentication (MFA) devices are registered to a user in ForgeRock Identity Cloud and AM. This includes devices registered for WebAuthn, Push and OATH.
Does the ForgeRock solution support social authentication?
ForgeRock's social authentication lets your users log in once with their preferred social media account, then gain access to all their applications and services. ForgeRock makes this easy by providing pre-configured social identity integrations that can be included in your user journeys.
How do I understand the underlying REST call being used in web requests in Identity Cloud or AM (All versions)?
The purpose of this article is to provide information on finding out what is included in REST calls being made in ForgeRock Identity Cloud or AM. This technique can be useful to help you formulate REST calls based on an existing web request or to troubleshoot why a REST call is not working as expected.
What types of authorization methods and access controls are offered by the ForgeRock solution?
The ForgeRock solution supports authorization policies from simple, coarse-grained rules to highly advanced, fine-grained entitlements. Organizations can ensure that just the right amount of access control is given to each consumer, workforce or thing in your organization.
How do I know which binding to use for SAML2 federation in Identity Cloud or AM (All versions)?
The purpose of this article is to provide information on using bindings for SAML2 federation in ForgeRock Identity Cloud or AM. There are two different types of bindings in SAML2; the request binding, which is used to send the authentication request and the response binding, which is used when returning the response message.
FAQ: OAuth 2.0 in Identity Cloud and AM
The purpose of this FAQ is to provide answers to commonly asked questions regarding OAuth 2.0 and OpenID Connect 1.0 (OIDC) in ForgeRock Identity Cloud and AM.
Does the ForgeRock solution support secure impersonation?
Several methods are available for achieving secure impersonation in the ForgeRock solution. These include: OAuth 2.0 token exchange, Client Initiated Backchannel Authentication (CIBA), and changing a session's user ID.
Books
Configuring and troubleshooting Kerberos and WDSSO in AM
This book provides information on configuring and troubleshooting Kerberos™ and Windows Desktop SSO (WDSSO) in AM. Known issues are included along with solutions.
Agents and policies in AM
This book provides information on agents and their use in AM. It includes chapters on SSL and policies.
Data stores in AM
This book provides information on the different types of data stores (repositories) in AM, including the configuration store, the user data store (identity repository) and the CTS store.
Customizing AM
This book provides information on customizing AM including customizing the XUI.
Upgrading AM
This book provides information on upgrading AM including best practice advice, recommended procedures for different upgrade scenarios and known issues.
Installing and configuring AM
This book provides information on installing and configuring AM, including frequently asked questions and known issues.
SSL in AM and Agents
This book provides information on SSL in AM and Agents, including connections and certificates.
Using ssoadm in AM
This book provides information on using ssoadm in AM to make configuration changes as well as tips to help you get the most from ssoadm.
Troubleshooting AM and Agents
This book provides information on troubleshooting various issues in AM and Agents, including collecting useful troubleshooting information such as logs, heap dumps and stack traces.
Security Advisories
AM Security Advisory #202207
A security vulnerability has been discovered in supported versions of Access Management (AM). This vulnerability affects all current versions of AM, and could be present in older unsupported versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
AM Security Advisory #202204
Several security vulnerabilities have been discovered in supported versions of Access Management (AM). These vulnerabilities affect versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x, 6.5.3, 6.5.4, 7.0.x, 7.1 and 7.1.1, and could be present in older unsupported versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Log4j Security Advisory #202111
The purpose of this advisory is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are vulnerable to recent Log4j 2 vulnerabilities: RCE (Remote Code Execution) CVE-2021-44228, DoS (Denial of Service) CVE-2021-45046, DoS CVE-2021-45105 and ACE (Arbitrary Code Execution) CVE-2021-44832. These vulnerabilities allow an attacker to remotely execute code in certain circumstances.
Web and Java Agents Security Advisory #202201
A security vulnerability has been discovered in supported versions of Web and Java Agents when using specific configurations. This vulnerability affects versions: Web Agent 5.6.1.0 - 5.9.0, and Java Agent 5.7.1, 5.8.0, 5.8.1 and 5.9.0. It could be present in older unsupported versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Web Agents Security Advisory #201802
A Security vulnerability has been discovered in the AM Web Agent component. This issue is present in the Web Agent 5.0 release. Earlier Web agents, and the community editions, are not affected.
AM Agents Security Advisory #201902
Security vulnerabilities have been discovered in AM Web and Java Agents. These issues are present in Agents 5.x.
AM Agents Security Advisory #201905
Security vulnerabilities have been discovered in the AM Web and Java Agents. These issues are present in Agents 5.x.
AM Java Agents Security Advisory #201903
A Security vulnerability has been discovered in a library used by the AM Java Agent component. This issue is present in the Java Agent 5.x release.
AM Agents Security Advisory #202103
Security vulnerabilities have been discovered in AM Web and Java® Agent components.
Web Agents Security Advisory #202105
Security vulnerabilities have been discovered in supported versions of Web Agents. These vulnerabilities affect versions 5.6.3, 5.7.0, 5.8.0, 5.8.1 and 5.8.2. You should secure your deployments at the earliest opportunity as outlined in this security advisory.