April 24, 2020 at 11:48 am #27836
I was wondering what is the latest version of the OpenAM Enterprise?
And do we need to subscribe (pay monthly, yearly) to get Enterprise OpenAM installers?
I noticed that in github, the latest version available is already 14.5.
Is there a lot of significant differences from 13.5 and 14.5?
I plan to test install OpenAM free version to see how we can adapt this to our business environment, as we use mostly opensource products only. Can I use the OpenAM 13.5 installation guide from ForgeRock to install and configure the 14.5 version? Or is 14.5 not compatible with 13.5 anymore?
anaApril 24, 2020 at 12:53 pm #27837
I read the documentation of the specs required before installation (centos, jdk, tomcat version), and seems like OpenAM 13.5 still uses tomcat 8.0 and only OracleJDK.
In this case, seems like OpenAM 14.0.0 (AM 5) is more suited to our environment, as it uses newer version of tomcat, like tomcat 8.5.x, and also supports OpenJDK, which we normally use. Although this is a good solution, I am thinking long term, and tomcat 9.0.34 is now the latest stable version to use. Tomcat 8.5.X might become EOL within a couple of years maybe? Because of this AM 6.5 seems more suitable, however is this available as open source? If yes which one is it?
And even in Forgerock “Enterprise” download page, when I search AM 6.5, I only get “Amster” in the first few pages.
Thanks in advance.April 24, 2020 at 12:59 pm #27838FatBlokeParticipant
The latest version of Access Management (AM) is 18.104.22.168 and you can download for free from https://backstage.forgerock.com/downloads/browse/am/latest
(To explain the versioning, 14.x was reset to 5.x to fit with rest of platform)
CheersApril 24, 2020 at 5:25 pm #27839Jatinder SinghParticipant
You can find the community edition of Access Management or OpenAM at the below link. The version was released back in 2017 and released as v11 under CDDL licensing. So, you may be able to use this as an open-source solution but please keep in mind this is an ancient version (5 or more years old) and it’s enterprise equivalent is already marked EOSL (2017).
As far as I know, beside this version ForgeRock has not released any additional community editions. The latest available version is
v22.214.171.124and is an enterprise focused product. That said, you can download the complete binary for evaluation using the following link:
Hope this helps!April 28, 2020 at 1:03 pm #27851
Thank you all for your suggestions. Managed to download AM 6.5.23.
I have setup the server, and can successfully see the “Apache-Tomcat-9.0.34” page.
I have also successfully deployed the openam.war file in <mytomcatdir>/webapps, and can see the “openam” folder.
However, now the main problem looms.
When I open the page :
I get “404 The requested URL is not found”
I thought it was a permission issue, and thus checked the permissions of the tomcat directory, the webapps folder and all other sub-folders within the tomcat directory. They were all 750. I changed all of them to 755, and I still get the same problem.
I tried simply assigning an FQDN like testsso.example.com as the server name, and when I open the page now, it is even worse than before – “Server Not Found”.
I am not sure if I can assign an FQDN to the server as mentioned in the guide; as my machine is a virtual machine (Built in VMWare Workstation Player for non-commercial use). Thus, the IP address that is assigned is only via DHCP.
Please advise what to do next.April 28, 2020 at 5:12 pm #27854Jatinder SinghParticipant
404indicates the container unable to find
/openamcontext. I would suggest check the
catalina.outlogs to ensure
openam.warwas correctly exploded. Perhaps it’s a permission issue or tomcat misconfiguration. It’s hard to tell without logs. Once that’s resolved you can look into FQDN set-up. AM requires that you provide a FQDN, so it’s a prerequisite. As long as you have root access you can set-up one in your sandbox by editing >
/etc/hostswith the following entry in your case:
127.0.0.1 localhost testsso.example.com
Hope this helps!April 30, 2020 at 7:59 am #27862
I can successfully open the link with port 8080, and so I started configuration using this port for now.
For port 8443 I will try later, I believe the configuration for tomcat has to be edited in server.xml for this port.
I manage to successfully configure openam, and have reached the “Realm” page. I click on New Realm to create a new realm to access a database (postgres) for storing user login info.
Since I could not find any other user guide to help me with the DB config part, I found and article for DB config for OpenAM 14.0.0. All the steps are OK, until the step for “Data Store” configuration. I do not see that option in the New Realm I have configured, instead I only see “Identity Store”. And even in that, I do not see the option “Database Repository (Early Access)” for the Type of Identity Store to use. I can, however see the options Active Directory, Active Directory Application Mode (ADAM), Generic LDAPv3, OpenDJ, Sun DS with OpenAM schema, and Tivoli Directory Server.
I have setup the pre-requisites to configure the DB before the setup of OpenAM, which is putting the Postgres JDBC jar (postgresql-42.2.12.jar) in <mytomcathome>/lib; and adding the line below in <mytomcathome>/conf/context.xml :
<Resource name="jdbc/opensso" type="javax.sql.DataSource" driverClassName="org.postgresql.Driver" url="jdbc.postgresql://localhost:5432/paybills" username="postgres" password="postgres" maxActive="20" maxIdle="10" maxWait="-1"/>
I restarted tomcat after the changes above.
How do I resolve this problem?April 30, 2020 at 9:34 am #27863April 30, 2020 at 9:32 pm #27874Scott HegerParticipant
Relational Database Identity Repository (Early Access) was removed in AM version 5.1. See: https://backstage.forgerock.com/docs/am/5.1/release-notes/#removed. You would need some sort of SQL to LDAP gateway if you wanted to use your DB as an Identity Repository in your 126.96.36.199 version. Then you would choose Generic LDAPv3 as the type. Best best, however, would be to migrate or synchronize your DB users to an actual LDAP store like DS and point AM to that.May 2, 2020 at 9:58 am #27882
Thank you for the info @Scott.
I now am trying install and configure OpenAM-14.0.0.
Managed to download the zip file from github.
Unzipped it in my working directory, and ran the command “mvn clean package”. Get this error now :
[[email protected] OpenAM-14.0.0]# mvn clean package [INFO] Scanning for projects... Downloading: http://maven.forgerock.org/repo/releases/org/forgerock/forgerock-parent/2.0.8/forgerock-parent-2.0.8.pom Downloading: http://maven.forgerock.org/repo/openam-dependencies/org/forgerock/forgerock-parent/2.0.8/forgerock-parent-2.0.8.pom Downloading: http://maven.forgerock.org/repo/maven.restlet.org/org/forgerock/forgerock-parent/2.0.8/forgerock-parent-2.0.8.pom Downloading: http://download.oracle.com/maven/org/forgerock/forgerock-parent/2.0.8/forgerock-parent-2.0.8.pom Downloading: https://repo.maven.apache.org/maven2/org/forgerock/forgerock-parent/2.0.8/forgerock-parent-2.0.8.pom [ERROR] The build could not read 1 project -> [Help 1] [ERROR] [ERROR] The project org.forgerock.openam:openam:14.0.0-SNAPSHOT (/usr/local/src/OpenAM-14.0.0/pom.xml) has 1 error [ERROR] Non-resolvable parent POM: Could not transfer artifact org.forgerock:forgerock-parent:pom:2.0.8 from/to forgerock-staging-repository (http://maven.forgerock.org/repo/releases): Not authorized , ReasonPhrase:. and 'parent.relativePath' points at wrong local POM @ line 42, column 13 -> [Help 2] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/ProjectBuildingException [ERROR] [Help 2] http://cwiki.apache.org/confluence/display/MAVEN/UnresolvableModelException
You must be logged in to reply to this topic.