Skip to end of metadata
Go to start of metadata

The OpenAM Snapshot 9.5.4 Release Notes provide the following information

OpenAM Snapshot 9.5.4 Hardware and Software Requirements

OpenAM 9.5.4 supports most hardware and software requirements supported by OpenSSO Enterprise 8.0. For information, see the OpenAM Hardware and Software requirements.

Java 6 Required

This release of OpenAM requires Java 6 to run. This is due to the product taking advantage of new features in Java 6.

The OpenAM Client SDK is supported on JDK 1.5 and above.

OpenAM requires a Java Heap size of 1024m to run. Please ensure you start your deployment container with the following JVM options:

-Xmx1024m -XX:MaxPermSize=256m

Getting Started with OpenAM Snapshot 9.5.4

If you have not previously installed OpenAM, here are the basic steps to follow:

  1. If necessary, install, configure, and start one of the supported web containers.
  2. Download and unzip OpenAM snapshot 9.5.4 from the following site:
  3. Deploy the openam.war file to the web container, using the web container administration console or deployment command. Or, if supported by the web container, simply copy the WAR file to the container's autodeploy directory.
  4. Configure OpenAM snapshot 9.5.4 using either the GUI Configurator or the command-line Configurator.
    To launch the GUI Configurator, enter the following URL in your browser: protocol://host.domain:port/deploy_uri.
    For example:
  5. Perform any additional configuration using either the OpenAM Administration Console or the ssoadm command-line utility.
  6. To download a version 3.0 policy agent, refer the ForgeRock download page.

For a more detailed explanation of the OpenAM installation process, have a read of this deployment howto.

Important notes on this release

The fix for OPENAM-678 means that the application shutdown hooks are no longer registered by default. This change only has an effect on applications that use the OpenAM Client SDK in standalone or web applications; there are no changes to OpenAM, the Dist Auth Server or the J2EE Agents. 

For J2EE applications; to ensure the OpenAM client SDK shuts down successfully the following context listener should be included in your applications web.xml file.


For standalone applications; the following JVM property should be set for the application.


This property only needs to be set for standalone applications.

Issues Resolved in this Snapshot

Snapshot 9.5.4 is an incremental release with a number of improvements and features, as listed in the following sections.


  • OPENAM-191: Remote SessionRequest.setProperty causes HTTP 500 for null property/value
  • OPENAM-269: Blank in form can break fedlet creation
  • OPENAM-586: Certificate module has a problem with OCSP validation if JCE is used
  • OPENAM-608: javax.servlet.ServletException: missing jspFile on start up
  • OPENAM-622: changing the debug level from message to error is ignored by the entitlements engine
  • OPENAM-716: Shutting down DS when "sun-idrepo-ldapv3-config-idletimeout" is other than 0 (zero) can result in loop
  • OPENAM-723: amsfo start results in repeat /t Wait for the broker to start properly messages
  • OPENAM-726: Multi-threaded entitlement evaluation gives wrong result
  • OPENAM-730: LDAPConnectionPool has risk of dead lock
  • OPENAM-735: REST/SOAP API leaks information about users by returning an InvalidPassword exception when the users password is wrong.
  • OPENAM-738: Endless recursion in CachedRemoteServicesImpl
  • OPENAM-767: Radius auth module typo (wrong server configuration check)
  • OPENAM-775: When a SAML2 Request does not contain an Authentication Context, the Default Authentication Context mapper maps a level=0
  • OPENAM-777: Missing steps in ssoAdminTools install doc.
  • OPENAM-787: amtune fails to interpret ls -l output
  • OPENAM-788: Combination of referral policy, self evaluation and super resource match fails to follow referral
  • OPENAM-789: amverifyarchive throws an NPE
  • OPENAM-790: LDAPFilter conditions are not using the correct Policy config when used in a sub-realm policy definition.
  • OPENAM-792: SAML2 Metadata for a remote service provider with Extensions breaks the console and Entity Providers no longer list under Federation
  • OPENAM-794: Successful access to LoginViewBean still creates a new session
  • OPENAM-807: In case of session upgrade requesting the page again can cause Session Timeout errors
  • OPENAM-811: AMIdentityMembershipCondition is missing information about who the user is which is required to make the decision
  • OPENAM-812: LDAPFilterCondition will try to bind using LDAPv2 even with LDAPv3 only servers
  • OPENAM-813: Session timeout branding is not working
  • OPENAM-814: Setup progress page is never closing the stream
  • OPENAM-817: ShutdownManager gets stuck in waiting state causing the server to be unavailable
  • OPENAM-818: SFO scripts don't work on Debian GNU/Linux, because of /bin/awk path
  • OPENAM-824: LoginViewBean UI does not implement new_org.jsp functionality
  • OPENAM-827: Creating a Identity Membership Condition in a sub-realm does not use the correct Datastore
  • OPENAM-828: L10NMessageImpl can lose initCause
  • OPENAM-832: Character encoding problem on the password reset page
  • OPENAM-839: LDAP Auth Module doesn't remove terminated LDAP connection from pool and returns 401 error via REST interface
  • OPENAM-841: Inconsistent formatting on OpenDS page.
  • OPENAM-843: Exception handling in the REST interface
  • OPENAM-878: new_org.jsp doesn't work, when the second auth request contains extra parameters
  • OPENAM-891: Relative (goto) redirects don't work with proxied requests
  • OPENAM-895: Access to root realm after console deploy timeout occurs
  • OPENAM-906: ServiceTypeManager can return invalid tokens
  • OPENAM-909: SAML2Exception when fetching SP AuthnRequestInfo in multi server setup when IDP response is not sent to origin server.
  • OPENAM-923: IdRepo log is spammed with agent attributes


  • OPENAM-800: Increased flexibility in the REST interface around session idle time out validation
  • OPENAM-801: Fetch additional SSOToken attributes from the REST interface

New Features

  • OPENAM-496: Implement a simple LDAP connection monitoring for 9.5.x
  • OPENAM-894: Backport to sustaining branch

Known Issues in This Release

OpenAM Snapshot 9.5.4 contains a number of outstanding issues that have been noted in the OpenAM bug tracker. Please check bugster for open bugs.

OpenAM Documentation

There is a substantial quantity of documentation available for OpenAM available on this Wiki, with ForgeRock continuing to work on providing an up to date documentation for the current release of OpenAM. For additional documentation you can check the OpenSSO Enterprise 8.0 documentation, which is mostly applicable to OpenAM.

How to Report Problems and Provide Feedback

If you have questions regarding OpenAM which are not answered by the documentation, there is a lively mailing list which can be found at where you are likely to find an answer.

If you have found issues or reproducible bugs within OpenAM Snapshot 9.5.4, report them in

If you are requesting help for a problem, please include the following information:

  • Description of the problem, including when the problem occurs and its impact on your operation
  • Machine type, operating system version, web container and version, JDK version, and OpenAM release version, including any patches or other software that might be affecting the problem
  • Steps to reproduce the problem
  • Any error logs or core dumps
  • No labels