OpenAM in 5 Minutes

At ForgeRock we pride ourselves on how quickly you can get up and running with our technology. So in that spirit I thought I would write a very quick, bare bones guide to getting an instance of OpenAM up and running.

For this exercise I am going to use Tomcat 8 as the web container for OpenAM. I am also going to use the embedded OpenDJ as both the user and configuration store. This is not recommended for production but is ideal for development purposes.

I am going to install locally on my Macbook, but the steps for Windows or Linux deployments are basically the same. I am going to cover the preparation of Tomcat and the installation and initial configuration of OpenAM. Everything you need to get up and running.


For this exercise please:

Feel free to swap in your web container of choice, but in the spirit of getting up and running in under 5 minutes I will be using Tomcat.



Make sure you have a sensible hostname configured with a top level domain.

sudo vi /etc/hosts

If not already present edit with:       localhost


1. Create a directory for the environment, I tend to use: /usr/local/env/fivemins
2. Unzip Tomcat:

mv apache-tomcat-8.5.9 tomcatam

3. Unzip OpenAM:

mv openam/OpenAM-13.5.0.war tomcatam/webapps/openam.war

4. Make Tomcat executable:

cd tomcatam/bin
chmod +x *.sh

5. Start Tomcat:

cd tomcatam/bin

6. Navigate to OpenAM:

Installing OpenAM

1. Select Create Default Configuration. By doing this OpenAM will use an embedded instance of OpenDJ as both a directory and user store with no configuration required. This is not recommended for production environments but is great for development.

2. Accept the license agreement and press Continue

3. Enter default passwords for the administrator and policy agent.

The Default User Password is the password you will use to log in to OpenAM as administrator. Make sure you remember it!

The Policy Agent User Password would be used if we were integrating a policy agent with OpenAM.

4. Press Create Configuration and wait a few moments…

5. Press Proceed to Login

6. Log in as amadmin with the Default User Password from earlier.

7. All being well, you should now be logged in as administrator

8. If you logout, you can also log in as the demo user:

9. Enter the username demo and the password changeit. Demo is a normal, non administrator user and as such can only see the user dashboard.



We have just installed and configured a vanilla instance of OpenAM, in around about 5 minutes. Obviously by itself this doesn’t do much but in future blogs we will explore how to quickly implement functionality such as social login or two factor authentication and build on top of this simple exercise.


Comments are closed.

  1. eurekaaj 6 years ago

    I’m getting 500 on POST /openam/json/authenticate. Using OpenAM-13.0.0 and apache-tomcat-8.5.11. JDK is 1.8.0_121

  2. tangudukishore1 6 years ago

    I have good configuration of opendj and AM. Today unfortunately I removed entire openDJ data in the userDefined backend.
    During this process it washed out all the realms inopenAM. I imported my rootentries to opendj. Now I am trying to create realms in openAM from ssoadm command. It is failing with the below reason.
    Bootstrap.getConfiguration :Message:Service does not exist : iPlanetAMPlatformService

    Cannot bootstrap. Check to see that the configuration directory server is running.
    Bootstrap.getConfiguration :Message:Service does not exist : iPlanetAMPlatformService

    Can you help me to get rid of this problem?

    Thank you
    kishore tangudu.

  3. cegonya_sbp 6 years ago

    @eurekaaj I have the same issue

    0:0:0:0:0:0:0:1 – – [23/Feb/2017:13:04:37 -0500] “GET /openam/XUI/ HTTP/1.1” 200 882
    0:0:0:0:0:0:0:1 – – [23/Feb/2017:13:04:37 -0500] “GET /openam/json/serverinfo/* HTTP/1.1” 304 –
    0:0:0:0:0:0:0:1 – – [23/Feb/2017:13:04:37 -0500] “POST /openam/json/users?_action=idFromSession HTTP/1.1” 401 73
    0:0:0:0:0:0:0:1 – – [23/Feb/2017:13:04:37 -0500] “POST /openam/json/authenticate? HTTP/1.1” 500 5

    Can someone help us ?

  4. eurekaaj 6 years ago

    Using tomcat 8.0 instead of 8.5 solved the problem

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?