Latest
What operating systems are ForgeRock products supported on?
The purpose of this article is to provide a summary of the currently supported operating systems for the latest ForgeRock products: AM 7.2, DS 7.2, IDM 7.2, IG 2023.2 and Agents 5.10.
ForgeRock Production Event Guidance/Checklist
The purpose of this article is to provide general best practices on how to plan and prepare for major events with ForgeRock support. Examples of a major event are: going live with a ForgeRock product, production upgrades, major releases and so on.
How do I check what patches are installed for ForgeRock products?
The purpose of this article is to provide details for checking what patches are installed for AM, DS, IDM and IG.
What Java versions are ForgeRock products supported on?
The purpose of this article is to provide information on the supported Java® versions across the ForgeRock platform (AM, DS, IDM and IG).
Building from source fails with The exception was thrown with the wrong message when system locale is not English
The purpose of this article is to provide assistance if building from source using Apache Maven™ fails with the following exception when the system locale is not English: "FAILURE! org.testng.TestException: The exception was thrown with the wrong message". This article applies to all ForgeRock products (AM, Agents, DS, IDM and IG).
Where can I find useful logs for troubleshooting ForgeRock products?
The purpose of this article is to provide information on finding logs across ForgeRock products (AM, DS, IDM and IG) for troubleshooting purposes. This article shows default log locations, although most of them can be changed.
How do I trace transactions through the audit logs for troubleshooting across ForgeRock products?
The purpose of this article is to provide information on tracing transactions through the audit logs to help with troubleshooting across ForgeRock products. This article covers an IG → AM → DS flow to demonstrate this usage and applies to all AM, DS and IG versions.
SSLHandshakeException or ClassCastException when using an HSM and Java 11 with ForgeRock products
The purpose of this article is to provide assistance if you encounter an SSLHandshakeException or ClassCastException when using a Hardware Security Module (HSM) via the PKCS11 module with Java® 11 (11.0.1 to 11.0.5). This issue affects all ForgeRock products that are compatible with Java 11 (versions 6.5 and later of AM, DS, IDM and IG).
401 Unauthorized error when building ForgeRock Identity Platform from source
The purpose of this article is to provide assistance if building AM, DS, IDM or IG from source fails with a "401 Unauthorized" error stating authentication failed or a "Not Authorized" error. This issue will occur when accessing artifacts in the Maven repositories and will refer to a non-resolvable POM. If you download binaries using a curl command, you will see a 403 "Props Authentication Token not found" response instead.
Very high CPU seen on ForgeRock products running on VMware
The purpose of this article is to provide assistance if you encounter high CPU (either spikes or sustained with CPU usage 100% or greater), and unresponsive servers or slow responses from ForgeRock products running on VMware®. This issue is known to impact DS and AM specifically but the same advice applies to IDM and IG running on VMware.
Books
Replication in DS
This book provides information on configuring, managing, troubleshooting and recovering replication in DS. Known issues are included along with solutions.
Security Advisories
This book provides security advisories for ForgeRock products (AM, DS, IDM and IG).
Upgrading DS
This book provides information on upgrading DS including recommended procedures for upgrading and known issues.
Passwords in DS
This book provides information on passwords in DS and includes a chapter on the Password Synchronization Plugin.
Indexes in DS
This book provides information on indexing in DS and includes information on troubleshooting and known issues (with solutions).
Installing and Administering DS
This book provides information on installing and administering DS, including frequently asked questions and known issues.
Migrating from Oracle DSEE to DS
The purpose of this book is to provide information on migrating from DSEE to DS.
Troubleshooting DS
This book provides information on troubleshooting various issues in DS, including collecting useful troubleshooting information such as heap dumps and stack traces.
SSL in DS
This book provides information on SSL in DS, including connections and certificates.
Performance tuning and monitoring ForgeRock products
This book provides information on performance tuning and monitoring ForgeRock products (AM, DS, IDM and IG).
Security Advisories
Log4j Security Advisory #202111
The purpose of this advisory is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are vulnerable to recent Log4j 2 vulnerabilities: RCE (Remote Code Execution) CVE-2021-44228, DoS (Denial of Service) CVE-2021-45046, DoS CVE-2021-45105 and ACE (Arbitrary Code Execution) CVE-2021-44832. These vulnerabilities allow an attacker to remotely execute code in certain circumstances.
Spring Framework Security Advisory #202203
The purpose of this advisory is to inform our customers that, based on current information, ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are NOT vulnerable to the Spring Framework vulnerabilities: Data Binding Rules CVE-2022-22968, RCE (Remote Code Execution) CVE-2022-22965 (Spring4shell), RCE CVE-2022-22963 and DoS (Denial of Service) CVE-2022-22950.
Java JDK Security Advisory #202109
ForgeRock are aware of a serious vulnerability in the implementation of certain cryptographic operations in Java® JDK versions 15 and later: CVE-2022-21449. This vulnerability affects Oracle® Java and OpenJDK, including other JDKs derived from OpenJDK. You should follow the advice in this advisory to secure your deployments at the earliest opportunity.
DS Security Advisory #202202
A security vulnerability has been discovered in supported versions of Directory Services (DS). This vulnerability only affects versions 7.1.0 and 7.1.1, and is not present in older versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
DS Security Advisory #202108
Security vulnerabilities have been discovered in supported versions of Directory Services (DS). These vulnerabilities affect version 7.1.0 only and are not present in older versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
DS/OpenDJ Security Advisory #202001
ForgeRock has discovered two Medium-level security vulnerabilities and one Low-level security vulnerability present in supported versions of ForgeRock Directory Services (DS) and OpenDJ. The vulnerabilities also affect embedded DS/OpenDJ in AM 5.x, AM 6.x and OpenAM 13.x as well as IDM 6.x.
DS/OpenDJ Security Advisory #201803
ForgeRock has discovered a Medium-level security vulnerability in ForgeRock Directory Services (DS) 5.0.0, 5.5.0, 5.5.1, 6.0.0 and in OpenDJ 3.0.0, 3.5.0, 3.5.1, 3.5.2, 3.5.3. The vulnerability also affects embedded DS/OpenDJ in AM 5.x, AM 6.0 and OpenAM 13.x as well as IDM 6.0.