MySQL Database as Identity Repository for ForgeRock OpenAM

ForgeRock OpenAM has three types of repositories:

(i) Configuration Repository that stores the OpenAM configuration data (ForgeRock OpenDJ)
(ii) Authentication Repository that’s used by OpenAM to Perform User Authentication (has more than 20 options out of the box)
(iii) Identity Repository that stores the User Profiles (has several options like LDAP v3, OpenDJ, AD, IBM’s Directory Server and Database [Eary Access])

Someone asked me the details on configuring a Database as the Identity Repository for ForgeRock OpenAM, so as soon as I got a chance, created the following screen-cast to demonstrate the use of MySQL Database as an Identity Repository for ForgeRock OpenAM. It’s fairly straightforward.



Comments are closed.

  1. pgupta6 7 years ago

    Hi Rajesh

    Nice illustration! Is this OpenAM 13?

    Also, Authentication repository, I am assuming this is where OpenAM keeps user sessions for logged in users?

    And is this right, Data Store is where you configure Identity repository, Authentication module where you configure authenticaiton repository and Policy configuration under Services where you keep configuration repository and all of these can be different for a particular realm?


  2. Albert.Ayoub 7 years ago

    Hi Rajesh ,
    Do you think if it possible to be reused to authenticate database application where credentials are stored in database ( like many ERP in the markets) ?
    Thanks ;

  3. Rajesh R 7 years ago

    @pgupta6 Thanks for your kind comments. I’m using OpenAM 13 in the demonstration. But it works the same way in OpenAM 12 as well.

    Authentication or Credential repository is used only to verify the user’s identity. Once authenticated, the user’s session is maintained in the Memory. If Session Failover is enabled, the user’s session can be stored in OpenDJ (Core Token Service), which can be an Identity Repository or a separate instance.

    If you want to use the Identity Repository (that has the user profile) also to authenticate the users, then you identify the same as ‘Data Store’ in the ‘Authentication’ section of a specific realm. All the configuration data of OpenAM are stored in the Configuration repository (can be embedded OpenDJ or an external OpenDJ)

  4. Rajesh R 7 years ago

    @Albert.Ayoub I’d believe that it will in turn be possible to use OpenAM to authenticate users for the Database Application that stores its credentials in a Database instance.

  5. Manchanda, P 7 years ago

    Thanks @Rajesh,

    Do you see any performance differences in using a RDBMS like MySql, Oracle as Identity Repository vis a vis using OpenDJ. E.g. Will the OpenAM’s performance remain same, improve or deteriorate if we use a RDBMS.

    Thanks and regards
    P Manchanda

  6. krishraj19 6 years ago

    Hello Rajesh, this is Rajesh here from Dallas TX, Our company is planning to use ForgeRock application for Identity tracking activities. I work in data base side and i would like to know if we can link all 3 data?

    Like Identity,configuration and Authentication.

    Appreciate your response.


©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?