Latest
Where can I find useful logs for troubleshooting ForgeRock products?
The purpose of this article is to provide information on finding logs across ForgeRock products (AM, DS, IDM and IG) for troubleshooting purposes. This article shows default log locations, although most of them can be changed.
What do I need to consider when planning a migration from Oracle DSEE to DS?
The purpose of this article is to provide information on what you must consider when planning a migration from Oracle® Directory Server Enterprise Edition (ODSEE).
Can the ForgeRock Identity Platform be deployed to provide high availability (HA) and failover?
Yes. The ForgeRock Identity Platform provides telco-grade scalability and availability, with the ability to respond to spikes in demand. By eliminating single points of failure, application uptime requirements can easily meet customer expectations, helping to maintain customer loyalty, and drive organizational growth.
Does the ForgeRock Identity Platform include an audit logging service?
The ForgeRock Identity Platform includes a REST-based Audit Logging Service that captures all auditing events critical for system security, troubleshooting, usage analytics and regulatory compliance.
Is the ForgeRock Identity Platform FIPS 140-2 compliant?
ForgeRock can make use of a FIPS 140-2 certified cryptographic module through a standard PKCS#11 interface.
Does the ForgeRock Identity Platform support HSMs?
Hardware Security Modules (HSMs) can be used in various places across the ForgeRock Identity Platform to store and protect private and secret keys. ForgeRock uses HSMs through standard PKCS#11 interfaces and supports the use of compliant cryptographic algorithms.
Does the ForgeRock Identity Platform provide an identity store?
This article provides answers to frequently asked questions regarding the identity store when evaluating the ForgeRock Identity Platform.
Do ForgeRock products run on AWS?
AWS stands for Amazon Web Services and encompasses a range of cloud-based services provided by Amazon. ForgeRock products work well with many AWS offerings. Additionally, ForgeRock has also partnered with AWS to make it even easier for companies to control access to AWS Resources.
What versions of DS are compatible with AM?
The purpose of this article is to provide compatibility information between DS and AM versions. This includes the embedded DS versions shipped with AM and, the supported Java® versions for each combination.
What versions of DS are compatible with IDM?
The purpose of this article is to provide compatibility information between DS and IDM versions. This includes connecting to DS as an external resource (LDAP connector), the embedded DS repositories shipped with later versions of IDM and the supported Java® versions for each combination.
Books
Product Q&As - ForgeRock Identity Platform
This book provides answers to questions when evaluating the ForgeRock Identity Platform and its components (AM, DS, IDM and IG). It assumes that the platform is deployed on-premises or in a private or public cloud rather than ForgeRock-hosted in Identity Cloud.
Platform compatibility
This book provides information on compatibility for the ForgeRock products (AM, DS, IDM and IG).
Troubleshooting DS
This book provides information on troubleshooting various issues in DS, including collecting useful troubleshooting information such as heap dumps and stack traces.
Performance tuning and monitoring ForgeRock products
This book provides information on performance tuning and monitoring ForgeRock products (AM, DS, IDM and IG).
Security Advisories
This book provides security advisories for ForgeRock products (AM, DS, IDM and IG).
Replication in DS
This book provides information on configuring, managing, troubleshooting and recovering replication in DS. Known issues are included along with solutions.
Migrating from Oracle DSEE to DS
The purpose of this book is to provide information on migrating from DSEE to DS.
Installing and Administering DS
This book provides information on installing and administering DS, including frequently asked questions and known issues.
Indexes in DS
This book provides information on indexing in DS and includes information on troubleshooting and known issues (with solutions).
Passwords in DS
This book provides information on passwords in DS and includes a chapter on the Password Synchronization Plugin.
Security Advisories
Spring Framework Security Advisory #202203
The purpose of this advisory is to inform our customers that, based on current information, ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are NOT vulnerable to the Spring Framework vulnerabilities: Data Binding Rules CVE-2022-22968, RCE (Remote Code Execution) CVE-2022-22965 (Spring4shell), RCE CVE-2022-22963 and DoS (Denial of Service) CVE-2022-22950.
Java JDK Security Advisory #202109
ForgeRock are aware of a serious vulnerability in the implementation of certain cryptographic operations in Java® JDK versions 15 and later: CVE-2022-21449. This vulnerability affects Oracle® Java and OpenJDK, including other JDKs derived from OpenJDK. You should follow the advice in this advisory to secure your deployments at the earliest opportunity.
DS Security Advisory #202202
A security vulnerability has been discovered in supported versions of Directory Services (DS). This vulnerability only affects versions 7.1.0 and 7.1.1, and is not present in older versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
DS Security Advisory #202108
Security vulnerabilities have been discovered in supported versions of Directory Services (DS). These vulnerabilities affect version 7.1.0 only and are not present in older versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Log4j Security Advisory #202111
The purpose of this advisory is to provide information on whether ForgeRock products (Identity Cloud, AM, DS, IDM, IG, Agents and Autonomous Identity) are vulnerable to recent Log4j 2 vulnerabilities: RCE (Remote Code Execution) CVE-2021-44228, DoS (Denial of Service) CVE-2021-45046, DoS CVE-2021-45105 and ACE (Arbitrary Code Execution) CVE-2021-44832. These vulnerabilities allow an attacker to remotely execute code in certain circumstances.
DS/OpenDJ Security Advisory #202001
ForgeRock has discovered two Medium-level security vulnerabilities and one Low-level security vulnerability present in supported versions of ForgeRock Directory Services (DS) and OpenDJ. The vulnerabilities also affect embedded DS/OpenDJ in AM 5.x, AM 6.x and OpenAM 13.x as well as IDM 6.x.
DS/OpenDJ Security Advisory #201803
ForgeRock has discovered a Medium-level security vulnerability in ForgeRock Directory Services (DS) 5.0.0, 5.5.0, 5.5.1, 6.0.0 and in OpenDJ 3.0.0, 3.5.0, 3.5.1, 3.5.2, 3.5.3. The vulnerability also affects embedded DS/OpenDJ in AM 5.x, AM 6.0 and OpenAM 13.x as well as IDM 6.0.
DS/OpenDJ Security Advisory #201706
Security vulnerabilities have been discovered in ForgeRock Directory Services (DS) 5.0, 5.5 and in OpenDJ versions 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 3.0.0, 3.5.0, 3.5.1, 3.5.2. The OpenDJ Community Edition 2.6.4 is also affected.