Skip to end of metadata
Go to start of metadata

The OpenAM Snapshot 9.5.3 Release Notes provide the following information

OpenAM Snapshot 9.5.3 Hardware and Software Requirements

OpenAM Snapshot 9.5 supports most hardware and software requirements supported by OpenSSO Enterprise 8.0. For information, see the OpenAM Hardware and Software requirements.

Java 6 Required

This release of OpenAM requires Java 6 to run. This is due to the product taking advantage of new features in Java 6.

The OpenAM Client SDK is supported on JDK 1.5 and above.

OpenAM requires a Java Heap size of 1024m to run. Please ensure you start your deployment container with the following JVM options:

-Xmx1024m -XX:MaxPermSize=256m

Getting Started with OpenAM Snapshot 9.5.3

If you have not previously installed OpenAM, here are the basic steps to follow:

  1. If necessary, install, configure, and start one of the supported web containers.
  2. Download and unzip OpenAM snapshot 9.5.3 from the following site:
  3. Deploy the openam.war file to the web container, using the web container administration console or deployment command. Or, if supported by the web container, simply copy the WAR file to the container's autodeploy directory.
  4. Configure OpenAM snapshot 9.5.3 using either the GUI Configurator or the command-line Configurator.
    To launch the GUI Configurator, enter the following URL in your browser: protocol://host.domain:port/deploy_uri.
    For example:
  5. Perform any additional configuration using either the OpenAM Administration Console or the ssoadm command-line utility.
  6. To download a version 3.0 policy agent, refer the ForgeRock download page.

For a more detailed explanation of the OpenAM installation process, have a read of this deployment howto.

Important notes on this release

The fix for OPENAM-678 means that the application shutdown hooks are no longer registered by default. This change only has an effect on applications that use the OpenAM Client SDK in standalone or web applications; there are no changes to OpenAM, the Dist Auth Server or the J2EE Agents. 

For J2EE applications; to ensure the OpenAM client SDK shuts down successfully the following context listener should be included in your applications web.xml file.


For standalone applications; the following JVM property should be set for the application.


This property only needs to be set for standalone applications.

Issues Resolved in this Snapshot

Snapshot 9.5.3 is an incremental release with a number of improvements and features, as listed in the following sections.


  • OPENAM-298: Distributed authentication UI not able to do resource based authentication
  • OPENAM-615: Session upgrade does not work if the second login is on a different server
  • OPENAM-639: DAUI shutdown is not releasing resources correctly
  • OPENAM-642: amsessiondb does not recover from db errors and can break the MQ
  • OPENAM-643: amsessiondb does not shutdown properly if the DB/MQ is broken
  • OPENAM-644: amsessiondb error messages are going to System.err and are getting lost
  • OPENAM-652: amsessiondb should run with tx no sync in bdb
  • OPENAM-656: jaxrpc xml parser can introduce corruption in the output when parsing
  • OPENAM-664: OpenAM complains about invalid character when the FedCOTMemberName has '=' in it
  • OPENAM-667: Persistent Cookie should only be set on success and not on AMAuthCookie
  • OPENAM-668: AuthClientUtils::sendAuthRequestToOrigServer does not handle server errors
  • OPENAM-675: updateSiteNameToIDMappings will leave siteNameToIdTable null if sites are not configured
  • OPENAM-684: LDAPv3EventServicePolling can enter RetryTask loop if LDAP encounters a problem at the same time as the persistent searches are restarted
  • OPENAM-685: LDAPv3EventService should debug at error level when an issue with persistent searches is encountered
  • OPENAM-688: REOPEN -LDAP Error 80 can result in build up of LDAPv3EventService::RetryTask objects
  • OPENAM-711: OpenAM Installer URLEncodes the messages for openDS installation
  • OPENAM-733: JDBC authentication module fails to initialize in JNDI mode


  • OPENAM-641: amsessiondb stat are rather basic and should be improved
  • OPENAM-676: SiteStatusCheckThreadImpl default URI should be openam
  • OPENAM-691: Improve the debugging and error handling in AuthClientUtils::isServerMemberOfLocalSite
  • OPENAM-759: Allow ClusterStateService to work with HTTPS endpoints

New Features

  • OPENAM-678: Make runtime shutdown hooks optional
    This new shutdown handling feature requires that you change each every standalone ClientSDK application to start using the JVM property -Dopenam.runtime.shutdown.hook.enabled=true to ensure that client applications can shut down gracefully.
  • OPENAM-686: Remove legacy Sun legal documentation
  • OPENAM-736: Copy request headers in case of proxied auth

Known Issues in This Release

OpenAM Snapshot 9.5.3 contains a number of outstanding issues that have been noted in the OpenAM bug tracker. Please check bugster for open bugs.

OpenAM Documentation

There is a substantial quantity of documentation available for OpenAM available on this Wiki, with ForgeRock continuing to work on providing an up to date documentation for the current release of OpenAM. For additional documentation you can check the OpenSSO Enterprise 8.0 documentation, which is mostly applicable to OpenAM.

How to Report Problems and Provide Feedback

If you have questions regarding OpenAM which are not answered by the documentation, there is a lively mailing list which can be found at where you are likely to find an answer.

If you have found issues or reproducible bugs within OpenAM Snapshot 9.5.3, report them in

If you are requesting help for a problem, please include the following information:

  • Description of the problem, including when the problem occurs and its impact on your operation
  • Machine type, operating system version, web container and version, JDK version, and OpenAM release version, including any patches or other software that might be affecting the problem
  • Steps to reproduce the problem
  • Any error logs or core dumps
  • No labels