Latest
What versions of AM are compatible with IDM?
The purpose of this article is to provide compatibility information between AM and IDM versions. This includes the supported Java® versions for each combination.
FAQ: Upgrading AM
The purpose of this FAQ is to provide answers to commonly asked questions regarding upgrading AM.
SSLHandshakeException or ClassCastException when using an HSM and Java 11 with ForgeRock products
The purpose of this article is to provide assistance if you encounter an SSLHandshakeException or ClassCastException when using a Hardware Security Module (HSM) via the PKCS11 module with Java® 11 (11.0.1 to 11.0.5). This issue affects all ForgeRock products that are compatible with Java 11 (versions 6.5 and later of AM, DS, IDM and IG).
Does the ForgeRock solution support secure impersonation?
Several methods are available for achieving secure impersonation in the ForgeRock solution. These include: OAuth 2.0 token exchange, Client Initiated Backchannel Authentication (CIBA), and changing a session's user ID.
502 Bad Gateway error when an Amster (All versions) command fails
The purpose of this article is to provide assistance if an Amster command fails and you see an "Unhandled server error: [Status: 502 Bad Gateway]".
content length too large error when sending and receiving SAML requests in Identity Cloud or AM (All versions)
The purpose of this article is to provide assistance if you encounter a "content length too large" error when sending and receiving SAML requests in AM. You may also see a "HTTP Status 400 - Content length of the SOAP request is too long" message in the browser.
Access to Java class is prohibited error with scripts running in Identity Cloud and AM (All versions)
The purpose of this article is to provide assistance if you encounter a "java.lang.SecurityException: Access to Java class "class.name" is prohibited" error when using functionality that is based on a script in ForgeRock Identity Cloud or AM. This issue might occur when validating or processing a script such as an OIDC claims script, a script used by the Scripted Decision node or a policy condition script.
401 Unauthorized error when building ForgeRock Identity Platform from source
The purpose of this article is to provide assistance if building AM, DS, IDM or IG from source fails with a "401 Unauthorized" error stating authentication failed or a "Not Authorized" error. This issue will occur when accessing artifacts in the Maven repositories and will refer to a non-resolvable POM. If you download binaries using a curl command, you will see a 403 "Props Authentication Token not found" response instead.
How do I enable account lockout in AM (All versions)?
The purpose of this article is to provide information on enabling account lockout in AM and conversely, unlocking the user's account. It also discusses the different types of account lockout.
Do ForgeRock products work with Microsoft Azure?
Microsoft Azure is Microsoft's cloud platform, which provides a range of cloud-based products and services. ForgeRock products work well with many Azure services.
Books
Security Advisories
This book provides security advisories for ForgeRock products (AM, DS, IDM and IG).
Product Q&As - ForgeRock Identity Platform
This book provides answers to questions when evaluating the ForgeRock Identity Platform and its components (AM, DS, IDM and IG). It assumes that the platform is deployed on-premises or in a private or public cloud rather than ForgeRock-hosted in Identity Cloud.
User Self-Service in AM
This book provides information on the User Self-Service in AM including customizations and known issues (with solutions).
Using the REST API in AM
This book provides information on using the REST API in AM and includes known issues (including solutions).
Authentication trees in AM
This book provides information on authentication trees in AM.
Authentication modules in AM
This book provides information on authentication modules in AM, including how to configure and troubleshoot.
Using Amster in AM
This book provides information on using Amster in AM to make configuration changes as well as detailing known issues (with solutions).
Platform compatibility
This book provides information on compatibility for the ForgeRock products (AM, DS, IDM and IG).
SAML Federation in AM
This book provides information on SAML2 federation in AM and includes help on configuring federation, managing SAML certificates and manipulating metadata for IdPs and SPs.
Performance tuning and monitoring ForgeRock products
This book provides information on performance tuning and monitoring ForgeRock products (AM, DS, IDM and IG).
Security Advisories
Log4j Security Advisory #202111
The purpose of this advisory is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are vulnerable to recent Log4j 2 vulnerabilities: RCE (Remote Code Execution) CVE-2021-44228, DoS (Denial of Service) CVE-2021-45046, DoS CVE-2021-45105 and ACE (Arbitrary Code Execution) CVE-2021-44832. These vulnerabilities allow an attacker to remotely execute code in certain circumstances.
Web and Java Agents Security Advisory #202201
A security vulnerability has been discovered in supported versions of Web and Java Agents when using specific configurations. This vulnerability affects versions: Web Agent 5.6.1.0 - 5.9.0, and Java Agent 5.7.1, 5.8.0, 5.8.1 and 5.9.0. It could be present in older unsupported versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Web Agents Security Advisory #201802
A Security vulnerability has been discovered in the AM Web Agent component. This issue is present in the Web Agent 5.0 release. Earlier Web agents, and the community editions, are not affected.
AM Agents Security Advisory #201902
Security vulnerabilities have been discovered in AM Web and Java Agents. These issues are present in Agents 5.x.
AM Agents Security Advisory #201905
Security vulnerabilities have been discovered in the AM Web and Java Agents. These issues are present in Agents 5.x.
AM Java Agents Security Advisory #201903
A Security vulnerability has been discovered in a library used by the AM Java Agent component. This issue is present in the Java Agent 5.x release.
AM Agents Security Advisory #202103
Security vulnerabilities have been discovered in AM Web and Java® Agent components.
Web Agents Security Advisory #202105
Security vulnerabilities have been discovered in supported versions of Web Agents. These vulnerabilities affect versions 5.6.3, 5.7.0, 5.8.0, 5.8.1 and 5.8.2. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Web Agents Security Advisory #202107
A security vulnerability has been discovered in supported versions of Web Agents. This vulnerability affects versions 5.7.0, 5.7.1, 5.7.2, 5.8.0, 5.8.1, 5.8.2, and 5.8.2.1. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
AM/OpenAM Web Agents Security Advisory #201904
Security vulnerabilities have been discovered in AM/OpenAM Web agents.