Featured
How do I make session properties from a journey available in the OIDC ID token in Identity Cloud?
The purpose of this article is to provide assistance with making session properties from a journey available in the OpenID Connect (OIDC) ID token. This can be achieved by adding custom claims to the OIDC claims script in Identity Cloud. For example, this allows you to capture specific information when a user logs in, store that in a journey session property, retrieve it in the OIDC claims script and then add it to a custom claim within the JWT ID token for use elsewhere.
Using the ForgeRock Knowledge Base
The purpose of this article is to provide information on using the ForgeRock Knowledge Base. The ForgeRock Knowledge Base is designed to help you use ForgeRock products more effectively.
Latest
Web and Java Agents Security Advisory #202201
A security vulnerability has been discovered in supported versions of Web and Java Agents when using specific configurations. This vulnerability affects versions: Web Agent 5.6.1.0 - 5.9.0, and Java Agent 5.7.1, 5.8.0, 5.8.1 and 5.9.0. It could be present in older unsupported versions. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Amazon SSO integration with Identity Cloud for social authentication/registration
The purpose of this article is to provide information on configuring Identity Cloud to integrate with Amazon™ as a social provider using OpenID Connect (OIDC) for Single Sign-On (SSO).
How do I set up a scripted SQL connector using the Remote Connector Server (RCS) with Identity Cloud?
The purpose of this article is to demonstrate how to set up a scripted SQL connector using the RCS with Identity Cloud.
How do I integrate Identity Cloud with Shopify using the Remote Connector Server (RCS) and a scripted REST Connector?
The purpose of this article is to provide information on integrating Identity Cloud with Shopify® to synchronize customer accounts.
How do I update email templates in Identity Cloud to include images and HTML formatting?
The purpose of this article is to provide further information on updating email templates in Identity Cloud to include images and HTML tags. By default, email templates use markdown for formatting.
FAQ: Journeys in Identity Cloud
The purpose of this FAQ is to provide answers to commonly asked questions regarding end-user journeys in Identity Cloud.
Best practice for raising an Identity Cloud ticket with ForgeRock Support
The purpose of this article is to help us solve your issue as soon as possible if you are raising a ticket for Identity Cloud. We are here to help and opening a Support Ticket is the best way to connect with our ForgeRock experts! Adhering to these guidelines will help reduce time to resolution.
FAQ: Identity Cloud hosted End User UI
The purpose of this FAQ is to provide answers to commonly asked questions regarding the Identity Cloud hosted End User UI.
How do I make session properties from a journey available in the OIDC ID token in Identity Cloud?
The purpose of this article is to provide assistance with making session properties from a journey available in the OpenID Connect (OIDC) ID token. This can be achieved by adding custom claims to the OIDC claims script in Identity Cloud. For example, this allows you to capture specific information when a user logs in, store that in a journey session property, retrieve it in the OIDC claims script and then add it to a custom claim within the JWT ID token for use elsewhere.
How do I implement a Remote Connector Server (RCS) for Identity Cloud?
The purpose of this article is to provide information on implementing an RCS for Identity Cloud and includes troubleshooting steps.
Books
Single Sign-On Integrations for Identity Cloud
This book provides information on Single Sign-on (SSO) Integrations for the Identity Cloud. SSO integrations allow end-users to authenticate to the Identity Cloud through third-party identity providers or external services such as Google or Salesforce.
Troubleshooting IG
This book provides information on troubleshooting various issues in IG including collecting useful troubleshooting information such as logs, heap dumps and stack traces.
Installing and configuring IG
This book provides information on installing and configuring IG including frequently asked questions.
SAML federation in IG
This book provides information on SAML federation in IG and includes help on configuring federation and debug logging.
RCS in Identity Cloud
This book provides information on using the Remote Connector Server (RCS) in the Identity Cloud, including implementing and upgrading the RCS.
SAML2 Federation in Identity Cloud
This book provides information on SAML2 federation in Identity Cloud and includes common Single Sign-On (SSO) integrations.
Getting started with ForgeRock Support (Identity Cloud)
This book provides you with a single reference to all the information you will need to get started with ForgeRock Support if you are using the Identity Cloud, including using the knowledge base, understanding your environments, raising a ticket and sending data for troubleshooting. Additionally, information is also given on subscriptions, administering your account, using BackStage and downloading software.
Identity Gateway
How do I check if IG (All versions) is up and running?
The purpose of this article is to provide a way to check if IG is up and running when it is behind a load balancer.
FAQ: Upgrading from Microgateway to Identity Gateway Standalone
The purpose of this FAQ is to provide answers to commonly asked questions about upgrading from Microgateway to Identity Gateway (IG) standalone.
SAML2 federation fails with a SSO Failed: Invalid Assertion Consumer Location specified error in IG (All versions)
The purpose of this article is to provide assistance if the SAML2 federation flow fails with an "SSO Failed: Invalid Assertion Consumer Location specified" error in IG.
How do I set up signing and encryption for IG 6.x and 7 when it is acting as the SAML 2.0 SP?
The purpose of this article is to provide information on configuring signing and encryption in IG when it is acting as the Service Provider (SP) for SAML federation. You can either do this via the fedletEncode.jsp or scripting.
How do I create a HAR file for troubleshooting IG (All versions)?
The purpose of this article is to provide information on creating a HAR file (HTTP ARchive) for troubleshooting IG.
How do I generate more detailed debug logs to diagnose an issue in IG (All versions)?
The purpose of this article is to provide strategies for increasing the information contained in the logs and collecting debug logs when troubleshooting IG issues. This includes collecting message level SAML logs if you are using IG for SAML federation.
How do I configure IG (All versions) to load properties from multiple configuration files?
The purpose of this article is to provide information on configuring IG to load properties from multiple JSON configuration files.
FAQ: The AmService in IG routes
The purpose of this FAQ is to provide answers to commonly asked questions regarding the AmService in IG routes.
FAQ: IG performance and tuning
The purpose of this FAQ is to provide answers to commonly asked questions regarding performance and tuning for IG.
How do I configure an idle timeout in IG (All versions)?
The purpose of this article is to provide information on configuring IG to automatically expire sessions after a set period of time.
Agents
Web Agents Security Advisory #202105
Security vulnerabilities have been discovered in supported versions of Web Agents. These vulnerabilities affect versions 5.6.3, 5.7.0, 5.8.0, 5.8.1 and 5.8.2. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
Web Agents Security Advisory #202107
A security vulnerability has been discovered in supported versions of Web Agents. This vulnerability affects versions 5.7.0, 5.7.1, 5.7.2, 5.8.0, 5.8.1, 5.8.2, and 5.8.2.1. You should secure your deployments at the earliest opportunity as outlined in this security advisory.
FAQ: Configuring Agents in Identity Cloud and AM
The purpose of this FAQ is to provide answers to commonly asked questions regarding configuring Agents in Identity Cloud and AM.
FAQ: Configuring policies in Identity Cloud and AM
The purpose of this FAQ is to provide answers to commonly asked questions regarding configuring policies and policy evaluation in Identity Cloud and AM.
How do I reduce the number of policy matches in Identity Cloud or AM (All versions)?
The purpose of this article is to provide information on changes you can make to your policy rules to reduce the number of policy matches, which in turn reduces the time it takes for Identity Cloud or AM to evaluate policies.
Apache and IIS Web Agent (All versions) repeatedly reports failed to load SSL errors
The purpose of this article is to provide assistance if the Apache™ or IIS Web Agent repeatedly reports SSL errors such as "failed to load OPENSSL_init_ssl" (Apache) or "failed to load SSL_library_init" (IIS).
Installing a Web Agent (All versions) fails with a no ssl/library support error
The purpose of this article is to provide assistance if you receive a "no ssl/library support" error when trying to install a Web agent.
Unable to find the "User" entry in the httpd.conf file error when installing the Apache Web Agent (All versions)
The purpose of this article is to provide assistance if you receive errors about users and groups when installing the Apache™ Web agent. You will see "Unable to find the "User" entry in the httpd.conf file, will try APACHE_RUN_USER environment variable" and/or "Unable to find the "Group" entry in the httpd.conf file, will try APACHE_RUN_GROUP environment variable" errors.
Best practice for installing IIS Web Agents (All versions)
The purpose of this article is to provide best practice advice on installing IIS Web Agents.
How does Post Data Preservation work for Web Agents (All versions)?
The purpose of this article is to provide information on Post Data Preservation (PDP) and how it affects the Web Agent.