Monday, 19 December 2016

OpenAM in 5 Minutes

At ForgeRock we pride ourselves on how quickly you can get up and running with our technology. So in that spirit I thought I would write a very quick, bare bones guide to getting an instance of OpenAM up and running.

For this exercise I am going to use Tomcat 8 as the web container for OpenAM. I am also going to use the embedded OpenDJ as both the user and configuration store. This is not recommended for production but is ideal for development purposes.

I am going to install locally on my Macbook, but the steps for Windows or Linux deployments are basically the same. I am going to cover the preparation of Tomcat and the installation and initial configuration of OpenAM. Everything you need to get up and running.


For this exercise please:
Feel free to swap in your web container of choice, but in the spirit of getting up and running in under 5 minutes I will be using Tomcat.



Make sure you have a sensible hostname configured with a top level domain.

sudo vi /etc/hosts

If not already present edit with:       localhost


1. Create a directory for the environment, I tend to use: /usr/local/env/fivemins
2. Unzip Tomcat:

mv apache-tomcat-8.5.9 tomcatam

3. Unzip OpenAM:

mv openam/OpenAM-13.5.0.war tomcatam/webapps/openam.war

4. Make Tomcat executable:

cd tomcatam/bin
chmod +x *.sh

5. Start Tomcat:

cd tomcatam/bin

6. Navigate to OpenAM:

Installing OpenAM

1. Select Create Default Configuration. By doing this OpenAM will use an embedded instance of OpenDJ as both a directory and user store with no configuration required. This is not recommended for production environments but is great for development.

2. Accept the license agreement and press Continue

3. Enter default passwords for the administrator and policy agent.

The Default User Password is the password you will use to log in to OpenAM as administrator. Make sure you remember it!

The Policy Agent User Password would be used if we were integrating a policy agent with OpenAM.

4. Press Create Configuration and wait a few moments...

5. Press Proceed to Login
6. Log in as amadmin with the Default User Password from earlier.

7. All being well, you should now be logged in as administrator

8. If you logout, you can also log in as the demo user:

9. Enter the username demo and the password changeit. Demo is a normal, non administrator user and as such can only see the user dashboard.


We have just installed and configured a vanilla instance of OpenAM, in around about 5 minutes. Obviously by itself this doesn't do much but in future blogs we will explore how to quickly implement functionality such as social login or two factor authentication and build on top of this simple exercise.

No comments:

Post a Comment