Latest
How does AM (All versions) bind to the configuration store on startup?
The purpose of this article is to provide information on how AM binds to the configuration store on startup, and the purpose of boot.json and the keystore file in this process.
How do I export configuration details for the Agent (All versions)?
The purpose of this article is to provide information on exporting configuration details for the Agent. Exporting configuration details for the agent is a common step in troubleshooting as it allows you (or someone else) to check all your configuration settings.
Authentication fails with Internal Server Error (500) after installing or upgrading the Agent (All versions)
The purpose of this article is to provide assistance if you cannot log in to the resource being protected by the agent after installing or upgrading the agent. You will see an HTTP 500 response when this happens with a corresponding "Internal Server Error (500)" error and NPE. This issue affects both Web and Java Agents.
How do I silently remove a Web Agent (All versions)?
The purpose of this article is to provide information on performing a silent, non-interactive removal of a Web Agent.
How do I collect all the data required for troubleshooting AM and Agents (All versions)?
The purpose of this article is to provide assistance with collecting troubleshooting data and diagnostics for debugging AM and Agents on a variety of issues; includes performance, upgrade, configuration, policies, SSL, SAML federation and WDSSO / Kerberos™ issues. You can capture the data to troubleshoot issues yourself or include it when you raise a ticket to enable us to help you more effectively.
The information you're about to submit is not secure warning in Chrome when end-users attempt to authenticate to AM (All versions)
The purpose of this article is to provide assistance if end-users see "The information you're about to submit is not secure" warnings in the Chrome™ browser when they are trying to authenticate to AM.
Unable to find the "User" entry in the httpd.conf file error when installing the Apache Web Agent (All versions)
The purpose of this article is to provide assistance if you receive errors about users and groups when installing the Apache™ Web agent. You will see "Unable to find the "User" entry in the httpd.conf file, will try APACHE_RUN_USER environment variable" and/or "Unable to find the "Group" entry in the httpd.conf file, will try APACHE_RUN_GROUP environment variable" errors.
Apache Web Agent does not start after installing it on RHEL or CentOS configured with SELinux
The purpose of this article is to provide assistance if the Apache web agent does not start after installing it on a Red Hat® Enterprise Linux® (RHEL) or CentOS system configured with SELinux in Enforcing mode. You will see messages about the "httpd.service failed" and "Failed to start The Apache HTTP Server".
Installing a Web Agent (All versions) fails with a no ssl/library support error
The purpose of this article is to provide assistance if you receive a "no ssl/library support" error when trying to install a Web agent.
Apache and IIS Web Agent (All versions) repeatedly reports failed to load SSL errors
The purpose of this article is to provide assistance if the Apache™ or IIS Web Agent repeatedly reports SSL errors such as "failed to load OPENSSL_init_ssl" (Apache) or "failed to load SSL_library_init" (IIS).
Books
Security Advisories
This book provides all the security advisories for ForgeRock products (AM, DS, IDM and IG).
Agents and policies in AM
This books provides information on agents and their use in AM. It includes chapters on SSL and policies.
Performance tuning and monitoring ForgeRock products
This book provides information on performance tuning and monitoring ForgeRock products (AM, DS, IDM and IG).
OAuth 2.0 in AM
This book provides information on OAuth 2.0 in AM including OIDC and UMA, administering access tokens via REST and known issues (with solutions).
Using Amster in AM
This book provides information on using Amster in AM to make configuration changes as well as detailing known issues (with solutions).
Core Token Service (CTS) and sessions in AM
This book provides information on the CTS and sessions in AM, including best practice advice for configuring CTS.
SAML Federation in AM
This book provides information on SAML2 federation in AM and includes help on configuring federation, managing SAML certificates and manipulating metadata for IdPs and SPs.
Push Services in AM
This book provides information on push services in AM.
Troubleshooting AM and Agents
This book provides information on troubleshooting various issues in AM and Agents, including collecting useful troubleshooting information such as logs, heap dumps and stack traces.
Source code in ForgeRock products
This book provides information on source code and binaries in ForgeRock products (AM, DS, IDM and IG).
Security Advisories
Web Agents Security Advisory #202107
A security vulnerability has been discovered in supported versions of Web Agents. This vulnerability affects versions 5.7.0, 5.7.1, 5.7.2, 5.8.0, 5.8.1, 5.8.2, and 5.8.2.1. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
AM Security Advisory #202106
Security vulnerabilities have been discovered in supported versions of Access Management (AM). These vulnerabilities affect versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x, 6.5.3, 7.0.0 and 7.0.1, and could be present in older unsupported versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Web Agents Security Advisory #202105
Security vulnerabilities have been discovered in supported versions of Web Agents. These vulnerabilities affect versions 5.6.3, 5.7.0, 5.8.0, 5.8.1 and 5.8.2. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
AM Security Advisory #202104
A security vulnerability has been discovered in supported versions of Access Management (AM). This vulnerability affects versions 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3; it also affects older unsupported versions: AM 5.x; OpenAM 9.x, 10.x, 11.x, 12.x and 13.x. You should secure your deployments at the earliest opportunity as outlined in this security advisory. NOTE: This does not affect AM 7 and above.
AM Agents Security Advisory #202103
Security vulnerabilities have been discovered in AM Web and Java® Agent components.
OpenAM Web Policy Agent Security Advisory #201402
Security vulnerabilities have been discovered in a third-party library used by OpenAM Web Policy Agents. These issues are present in versions of the OpenAM Web Policy Agents including 3.3.1, 3.3.0 and 3.0.x.
AM/OpenAM Security Advisory #201801
Security vulnerabilities have been discovered in AM/OpenAM components. These issues may be present in AM 5.0, AM 5.1.x and OpenAM 12.0.x, 13.0.0 and 13.5.0. The OpenAM Community Edition 11.0.3 may also affected.
OpenAM Security Advisory #201601
Security vulnerabilities have been discovered in OpenAM components. These issues may be present in versions of OpenAM including 12.0.x, 11.0.x, 10.1.0-Xpress, 10.0.x, 9.x, and possibly previous versions.
AM Java Agents Security Advisory #201903
A Security vulnerability has been discovered in a library used by the AM Java Agent component. This issue is present in the Java Agent 5.x release.
AM Agents Security Advisory #201905
Security vulnerabilities have been discovered in the AM Web and Java Agents. These issues are present in Agents 5.x.