Latest
Building from source fails with The exception was thrown with the wrong message when system locale is not English
The purpose of this article is to provide assistance if building from source using Apache Maven™ fails with the following exception when the system locale is not English: "FAILURE! org.testng.TestException: The exception was thrown with the wrong message". This article applies to all ForgeRock products (AM, Agents, DS, IDM and IG).
Where can I find useful logs for troubleshooting ForgeRock products?
The purpose of this article is to provide information on finding logs across ForgeRock products (AM, DS, IDM and IG) for troubleshooting purposes. This article shows default log locations, although most of them can be changed.
Checking your product versions are supported
The purpose of this article is to provide EOSL dates for the specific ForgeRock products and versions you are running so you can check that the version you are on is still supported. This also includes dates for Identity Cloud downloadable components.
How do I disable TLS 1.3 when running DS 6.5, 6.5.1 or 6.5.2 with Java 11.0.5 and earlier, or Java 1.8.0_272 and later?
The purpose of this article is to provide information on disabling TLS 1.3 when running DS with Java® 11 (11.0.5 and earlier) or Java 8 (1.8.0_272 and later). It is recommended that you upgrade to at least DS 6.5.3 and Java 11.0.6 if you want to use TLS 1.3. On earlier versions of Java 11, you should disable TLS 1.3 because of known issues with Oracle JDK 11 and OpenJDK 11's implementation of TLS 1.3.
How do I disable TLS 1.0 and TLS 1.1 in DS (All versions)?
The purpose of this article is to provide information on disabling TLS 1.0 and TLS 1.1 in DS. These protocols have been deprecated by the Internet Engineering Task Force (IETF) and are considered insecure.
How do I collect JVM data for troubleshooting DS (All versions)?
The purpose of this article is to provide information on collecting JVM data for troubleshooting DS. JVM data (such as stack traces, heap histograms and heap dumps) can be very useful for troubleshooting DS issues such as slow response times, consistently high CPU usage, Out of Memory errors and suspected memory leaks. This data must be collected before killing the affected process or restarting the server; otherwise the information relating to the affected process is lost forever, which may make it impossible to identify the root cause.
How do I count the number of users in my ForgeRock deployment?
The purpose of this article is to provide information on counting the number of users in DS or IDM. By extension, this also allows you to count the number of users who are protected by AM. Counting the number of users can be useful for monitoring subscription software license usage.
Best practice for JVM Tuning with G1 GC
The purpose of this article is to provide best practice advice on JVM tuning with G1 GC; including understanding heap space and the available JVM options. This best practice advice applies to AM, DS, IDM and IG running on Java® 11. JVM tuning is not an exact science and will vary across individual environments and applications. Consistent load and stress testing of your environment will be the only true way to gauge the effect of changes made.
FAQ: Upgrading DS
The purpose of this FAQ is to provide answers to commonly asked questions regarding upgrading DS.
How do I synchronize hashed passwords from IDM (All versions) to DS (All versions)?
The purpose of this article is to provide information on how to pass pre-hashed passwords values within IDM to DS.
Books
Security Advisories
This book provides all the security advisories for ForgeRock products (AM, DS, IDM and IG).
SSL in DS
This book provides information on SSL in DS, including connections and certificates.
Performance tuning and monitoring ForgeRock products
This book provides information on performance tuning and monitoring ForgeRock products (AM, DS, IDM and IG).
Troubleshooting DS
This book provides information on troubleshooting various issues in DS, including collecting useful troubleshooting information such as heap dumps and stack traces.
Source code in ForgeRock products
This book provides information on source code and binaries in ForgeRock products (AM, DS, IDM and IG).
Upgrading DS
This book provides information on upgrading DS including recommended procedures for upgrading and known issues.
Migrating from Oracle DSEE to DS
The purpose of this book is to provide information on migrating from DSEE to DS.
Passwords in DS
This book provides information on passwords in DS and includes a chapter on the Password Synchronization Plugin.
Indexes in DS
This book provides information on indexing in DS and includes information on troubleshooting and known issues (with solutions).
Replication in DS
This book provides information on configuring, managing, troubleshooting and recovering replication in DS. Known issues are included along with solutions.
Security Advisories
OpenDJ Security Advisory #201703
Two security vulnerabilities have been discovered in OpenDJ versions 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 3.0.0, 3.5.0 and 3.5.1. These versions of OpenDJ are embedded in OpenAM 11.x, 12.x, 13.0.0 and 13.5.0.
DS/OpenDJ Security Advisory #202001
ForgeRock has discovered two Medium-level security vulnerabilities and one Low-level security vulnerability present in supported versions of ForgeRock Directory Services (DS) and OpenDJ. The vulnerabilities also affect embedded DS/OpenDJ in AM 5.x, AM 6.x and OpenAM 13.x as well as IDM 6.x.
OpenDJ Security Advisory #201609
A security vulnerability has been discovered in OpenDJ version 3.0.0 and 3.5.0. These versions of OpenDJ are also embedded in OpenAM 13.0.0 and 13.5.0 respectively. Earlier OpenDJ and OpenAM releases are not affected.
DS/OpenDJ Security Advisory #201803
ForgeRock has discovered a Medium-level security vulnerability in ForgeRock Directory Services (DS) 5.0.0, 5.5.0, 5.5.1, 6.0.0 and in OpenDJ 3.0.0, 3.5.0, 3.5.1, 3.5.2, 3.5.3. The vulnerability also affects embedded DS/OpenDJ in AM 5.x, AM 6.0 and OpenAM 13.x as well as IDM 6.0.
DS/OpenDJ Security Advisory #201706
Security vulnerabilities have been discovered in ForgeRock Directory Services (DS) 5.0, 5.5 and in OpenDJ versions 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 3.0.0, 3.5.0, 3.5.1, 3.5.2. The OpenDJ Community Edition 2.6.4 is also affected.
OpenDJ Security Advisory #201508
Two security vulnerabilities have been discovered in all released versions of OpenDJ.
OpenDJ Security Advisory #201504
A security vulnerability has been discovered in OpenDJ. This issue is present in all versions of OpenDJ including 2.6.x, 2.5.0-Xpress1, 2.4.x, and possibly previous versions.