Configure ForgeRock Identity Cloud as a SAML Identity Provider using ForgeRock Identity Gateway as SAML Service Provider.


This article will guide you through configuring IG as a SAML 2.0 Service Provider (SP), delegating authentication to ForgeRock Identity Cloud, our Identity Provider (IDP). This solution uses SP-Initiated Single Sign On. Specifically, we aim to address two commonly requested ForgeRock use cases

Use case 1: Use ForgeRock Identity Cloud as a SAML 2.0 IDP

ForgeRock Identity Cloud Provides the full power of ForgeRocks Identity Platform as a service. Most of the configuration described is relevant for an on-prem deployment of Access Management (AM), however our focus here will be Identity Cloud.

Use case 2: Use Identity Gateway as a SAML 2.0 SP

Identity Gateway (IG ) can act in numerous personas while protecting API’s, microservices, modern, as well as legacy applications. IG…

ForgeRock Identity Platform 7 allows you to use an external Directory Server (DS) as shared repository between ForgeRock Access Management (AM) and ForgeRock Identity Management (IDM). This deployment means no synchronisation is required between IDM and DS. As illustrated in the ForgeRock Platform Setup Guide, and illustrated below, both IDM and AM talk to the same DS instance.

Shared Identity Store

This is very different from the more traditional architecture where IDM’s repository is a database like MySQL, Oracle or PostgreSQL. In the traditional architecture, changes are synced to AM’s repository in a similar method that IDM talks to all its external sources…

A quick guide to monitor your Java applications JVM’s and Garbage Collection in Java 11 using VisualVM

It’s a very common requirement to have to monitor a remote running Java application’s JVM. You may need to see how the CPU is performing or monitor the threads. Also common, is to monitor the JVM’s Garbage Collection for a JVM tuning or problem diagnosis exercise.

Each time I need to do this I seem to end up down the rabbit hole trying to remember how I solved the problem last time. So I thought I might document this here for future use. I hope this helps us both!

There are quite a few tools you might use for these…

A Garbage-First Garbage Collector approach for your ForgeRock applications


In order to successfully tune your JVM you must have clearly defined performance targets. This is your definition of success, and, without a definition of success, you cannot succeed. The goal of performance tuning is to meet these goals, no more, no less.

This paper will discuss some concepts to help understand and tune your ForgeRock applications JVM’s to meet your goals. The correct values to select for your organisation depends entirely on your performance targets.

There has been significant work in the field of garbage collection in the last few years and this is ongoing. At the time of…

It’s a relatively common requirement to need to integrate the products that make up the ForgeRock Identity Platform. The IDM Samples Guide contains a good working example of just how to do this. Each version of the ForgeRock stack has slight differences, both in the products themselves, as well as the integrations. As such this blog will focus on version 6.5 of the products and will endeavour to include as much useful information to speed integrations for readers of this blog, including sample configuration files, REST calls etc.

In this integration IDM acts as an OIDC Relying Party, talking to…


Our aim is to set up an integration to provide Multi-Factor Authentication (MFA) to the Linux (Ubuntu) platform using ForgeRock Access Manager. The integration uses pluggable authentication module (PAM) to point to a RADIUS server. In this case AM is configured as a RADIUS server.

We achieve the following:

  1. Outsource Authentication of Linux to ForgeRock Access Manager.
  2. Provide an MFA solution to the Linux Platform.
  3. Configure ForgeRock Access Manager as a RADIUS Server.
  4. Configure PAM on Linux server point to our new RADIUS Server.


  • ForgeRock Access Manager 6.5.2 Installed and configured.
  • OS — Ubuntu 16.04.
  • PAM exists on your your…

Mark Nienaber

Principal Technical Consultant at ForgeRock

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store