Featured
How do I install a CA-signed certificate for use in DS 7.x?
The purpose of this article is to provide information on generating and installing a CA-signed certificate for use in DS if you want to use your own SSL certificate instead of the default one. This article also includes configuring the LDAPS connector and replication port to use your CA-signed certificate.
Latest
How do I prevent the use of weak SSL cipher suites on the DS (All versions) administration port?
The purpose of this article is to provide administrative guidance to improve security on the DS administration interface.
How do I prevent the use of weak SSL cipher suites on the DS (All versions) replication port?
The purpose of this article is to provide administrative guidance to improve security on the DS replication channels.
How do I install a CA-signed certificate for use in DS 7.x?
The purpose of this article is to provide information on generating and installing a CA-signed certificate for use in DS if you want to use your own SSL certificate instead of the default one. This article also includes configuring the LDAPS connector and replication port to use your CA-signed certificate.
Backend goes offline due to Latch timeouts in DS (All versions)
The purpose of this article is to provide assistance if the backend database goes offline due to "Latch timeouts" in DS. You may experience high CPU usage, general performance issues or replication problems when this occurs. Login and registration failures will also be noticed in AM if you are using DS as the Core Token Service (CTS) store and/or Identity store.
How do I count the number of objects in my ForgeRock deployment?
The purpose of this article is to provide information on counting the number of objects (such as users) in DS or IDM. By extension, this also allows you to count the number of users who are protected by AM. The process described in this article should not be used to determine licensing compliance with ForgeRock. Please contact your ForgeRock Sales representative so they can provide guidance with regard to compliance.
How do I trace transactions through the audit logs for troubleshooting across ForgeRock products?
The purpose of this article is to provide information on tracing transactions through the audit logs to help with troubleshooting across ForgeRock products. This article covers an IG → AM→ DS flow to demonstrate this usage and applies to all AM, DS and IG versions.
How do I replace the certificates (key pair) used for replication in DS 6.x?
The purpose of this article is to provide assistance on replacing the certificates used for replication. This article covers various scenarios including replacing the self-signed ads-truststore certificates with external or CA signed certificates (both when replication is setup and before it is enabled) and also renewing self-signed certificates.
OpenSSL 3.0 vulnerability and ForgeRock products
The purpose of this article is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Autonomous Identity and the SDKs) are vulnerable to the OpenSSL 3.0 vulnerability (CVE-2022-3602 and CVE-2022-3786). This vulnerability allows a buffer overrun to be triggered in X.509 certificate verification, which could result in a crash (causing a denial of service) or potentially remote code execution in certain circumstances.
How do I upgrade DS (All versions) if I have the DS Password Sync Plugin for IDM installed?
The purpose of this article is to provide information on upgrading DS if you have the DS Password Sync Plugin for IDM installed. This article refers to the DS server where you have installed the DS Password Sync Plugin.
Blocked mirror for repositories error when building from source using Maven 3.8.1 or later
The purpose of this article is to provide assistance if you encounter "Blocked mirror for repositories" errors when building from source using Apache Maven™ 3.8.1 or later. This affects any source relating to pre-7.1 releases of ForgeRock products.
Books
SSL in DS
This book provides information on SSL in DS, including connections and certificates.
Replication in DS
This book provides information on configuring, managing, troubleshooting and recovering replication in DS. Known issues are included along with solutions.
Security Advisories
This book provides security advisories for ForgeRock products (AM, DS, IDM and IG).
Product Q&As - ForgeRock Identity Platform
This book provides answers to questions when evaluating the ForgeRock Identity Platform and its components (AM, DS, IDM and IG). It assumes that the platform is deployed on-premises or in a private or public cloud rather than ForgeRock-hosted in Identity Cloud.
Platform compatibility
This book provides information on compatibility for the ForgeRock products (AM, DS, IDM and IG).
Troubleshooting DS
This book provides information on troubleshooting various issues in DS, including collecting useful troubleshooting information such as heap dumps and stack traces.
Performance tuning and monitoring ForgeRock products
This book provides information on performance tuning and monitoring ForgeRock products (AM, DS, IDM and IG).
Migrating from Oracle DSEE to DS
The purpose of this book is to provide information on migrating from DSEE to DS.
Installing and Administering DS
This book provides information on installing and administering DS, including frequently asked questions and known issues.
Indexes in DS
This book provides information on indexing in DS and includes information on troubleshooting and known issues (with solutions).
Security Advisories
Log4j Security Advisory #202111
The purpose of this advisory is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are vulnerable to recent Log4j 2 vulnerabilities: RCE (Remote Code Execution) CVE-2021-44228, DoS (Denial of Service) CVE-2021-45046, DoS CVE-2021-45105 and ACE (Arbitrary Code Execution) CVE-2021-44832. These vulnerabilities allow an attacker to remotely execute code in certain circumstances.
Spring Framework Security Advisory #202203
The purpose of this advisory is to inform our customers that, based on current information, ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are NOT vulnerable to the Spring Framework vulnerabilities: Data Binding Rules CVE-2022-22968, RCE (Remote Code Execution) CVE-2022-22965 (Spring4shell), RCE CVE-2022-22963 and DoS (Denial of Service) CVE-2022-22950.
Java JDK Security Advisory #202109
ForgeRock are aware of a serious vulnerability in the implementation of certain cryptographic operations in Java® JDK versions 15 and later: CVE-2022-21449. This vulnerability affects Oracle® Java and OpenJDK, including other JDKs derived from OpenJDK. You should follow the advice in this advisory to secure your deployments at the earliest opportunity.
DS Security Advisory #202202
A security vulnerability has been discovered in supported versions of Directory Services (DS). This vulnerability only affects versions 7.1.0 and 7.1.1, and is not present in older versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
DS Security Advisory #202108
Security vulnerabilities have been discovered in supported versions of Directory Services (DS). These vulnerabilities affect version 7.1.0 only and are not present in older versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
DS/OpenDJ Security Advisory #202001
ForgeRock has discovered two Medium-level security vulnerabilities and one Low-level security vulnerability present in supported versions of ForgeRock Directory Services (DS) and OpenDJ. The vulnerabilities also affect embedded DS/OpenDJ in AM 5.x, AM 6.x and OpenAM 13.x as well as IDM 6.x.
DS/OpenDJ Security Advisory #201803
ForgeRock has discovered a Medium-level security vulnerability in ForgeRock Directory Services (DS) 5.0.0, 5.5.0, 5.5.1, 6.0.0 and in OpenDJ 3.0.0, 3.5.0, 3.5.1, 3.5.2, 3.5.3. The vulnerability also affects embedded DS/OpenDJ in AM 5.x, AM 6.0 and OpenAM 13.x as well as IDM 6.0.