ForgeRock doc tools 2.1.0 released

ForgeRock community logo Today we released ForgeRock doc tools 2.1.0. This maintenance release includes a couple of new features, a few improvements, and some bug fixes. See the release notes for details.

As described on the ForgeRock developer community Wiki, the Maven doc build plugin relies on a lot of great open source technologies to generate output. A little bit below the tip of the iceberg, we stand on the shoulders of these giants:

Big thanks to all the maintainers of these tools, and to all the people answering questions on their mailing lists. Recursive thanks to all the giants holding up these projects, too. :-)

When you upgrade to use the latest plugin, also take these compatibility changes into account:

  • Add a <projectVersion> setting to your configuration when executing forgerock-doc-maven-plugin (required)
  • Update <screen> examples to use continuation characters when folding user input lines, and make use of <userinput> and <computeroutput> markup (optional). Here’s an example:
    $ <userinput>ldapsearch \
     --baseDN "" \
     --searchScope base \
     --port 1389 \
     "(objectclass=*)" supportedExtension</userinput>

1 Comment

Filed under Docs, Tools

ForgeRock welcomes Gene Hirayama

ForgeRock Logo Welcome to Gene Hirayama who joined the ForgeRock documentation team today. Happy you have joined us, Gene!

Gene has been writing directory and identity management documentation since he joined Sun Microsystems in 2006, and more recently at UnboundID Corp. Gene has worked as a technical writer for 17 years, before that maintaining and monitoring computer systems. Gene’s domain knowledge not only of UNIX and LDAP but also of REST, SCIM, XACML, and OAuth 2.0 will help him quickly to write useful documentation on all components of the ForgeRock stack.

Gene’s initial focus at ForgeRock will be access management documentation for OpenAM, policy agents, and OpenIG. This is good news for ForgeRock and good news for the community, as Gene ramps up in the new year to fix, improve, and extend core documentation.

Leave a comment

Filed under Access Management, Docs

ForgeRock doc tools 2.0.0 released

ForgeRock Community Logo Today marked the release of ForgeRock doc tools 2.0.0. This release includes changes for 32 issues. Some were bug fixes, others issues and improvements, still others investigations into a future reimplementation of

You can read the release announcement sent to the docs list. You might also want to read the HTML version of the release notes. Some new features and improvements:

  • Integrated support for text-based UML image sources, thanks to PlantUML
  • Support for olinks in PDF
  • DPI set automatically on PNGs
  • ↪ on mouseover in HTML for all titles with anchors, making it easier to send the link to a procedure, example, or table
  • Support for Maven properties in XML attribute values
  • Branding and common content moved to separate Maven projects, enabling use of custom branding and boilerplate
  • Support for a basic .zip of release docs

When you upgrade to this version of the plugin, you must not only change the version number in your POM, but also adjust the configuration. After you read the release notes, also see the README for more information.

Leave a comment

Filed under Docs, Tools

Rockbox rescued my Sansa Clip Zip

Rockbox logo Let me confess up front. I am typing this on a Mac, not a Linux box. What put me on the slippery slope a few years ago was GarageBand. I tried it on my wife’s laptop. Surely Linux-based recording software has advanced since then, but at the time recording simple tunes with the Mac was far easier. Recording on Linux left me thinking, “Yeah, this would probably be fantastic if I were a recording engineer already and/or was more interested in the software than in writing a few songs.”

We tend to prefer open source software as long as we can still do what we set out to do. At work we build a lot of open source software using mostly open source software. There are, however, cases where closed software is more expedient… for now.

On the other end of the spectrum, there’s the Sansa Clip Zip. This is a case where the decision has gone in favor of proprietary software even though the free software alternative actually works better!

In the beginning I had an iPod Shuffle. A bit overpriced for 2 GB, but good when running or skiing, nice integration with iTunes, and Apple has replaced them without comment when they break down. (I’m on my third, having paid for the first. Don’t their testers go running when it rains?)

But I’m tired of loading and unloading stuff on the Shuffle, due to the lack of capacity. So I bought a microSD card. I loaded most of my music in iTunes onto the microSD card, and put it in an Android phone. The phone choked. It flashed low memory when booted with the microSD card. Then it ground gradually to a halt.

I saw the Sansa Clip Zip. I hoped the Sansa Clip Zip could handle the music, since after all it is a dedicated device. I bought it thinking, “So I can get this for less than $50 and it has a microSD slot. Or I can spend hundreds to get enough capacity on a fragile device that is probably no better for what I want to do.”

The Sansa Clip Zip is a dedicated device, all right. Yet with the original firmware it also chokes on the microSD card full of music. Furthermore, I could not find a log file or other indication of what exactly it chokes on. Anyone want to add 32 GB of music one file at a time, rebooting and reloading the device database after every file? Not me.

I thought maybe it was the microSD card. Now I have two microSD cards… both full of music and both causing the same symptoms on the Android phone and also on the Sansa Clip Zip with original firmware.

Rockbox on Sansa Clip Zip Then I came across Rockbox, Free Music Player Firmware, which installed fine onto the Sansa Clip Zip. It looks like it could be uninstalled, too, with roll back to the original firmware.

After installing Rockbox, I inserted the microSD card, and rebuilt the database…

…and it just works. I have not checked every single song, but they all seem to be there.

Rockbox rescued my Sansa Clip Zip.

There has to be somebody at SanDisk or a SanDisk contractor who is paid to maintain the Sansa firmware. On the surface, their firmware does look different from Rockbox. I would not consider it the next Android or iOS, though. Maybe some people would say it is more intuitive. But it’s broken. Who cares how intuitive it is if you would have to set aside a few days of your life just to figure out which half of your iTunes music collection it can load?

How bad would it be for SanDisk if instead of maintaining their own firmware, they contributed to Rockbox?


Filed under Music

OpenDJ: Contact Manager Mobile App

OpenDJ Community Logo

OpenDJ directory services give modern mobile applications easy access to directory data through a ForgeRock common REST interface.

OpenDJ Contact Manager is an Android application that Violette has developed. Contact Manager demonstrates use of OpenDJ directory server’s REST interface to search for and to read user resources.

Contact Manager lets you do the following based on a user’s resource:

  • Add the user to your Android address book.
  • Place a call to the user.
  • Send email to the user.
  • Send a text message (SMS) to the user.
  • Geolocate the user’s address.
  • Get the resource for the user’s manager.

For instructions on how to build and try OpenDJ Contact Manager, see

Leave a comment

Filed under Directory Services and LDAP

OpenAM: Getting Started Guide

OpenAM Community LogoOne guide added for the OpenAM 11 release is Getting Started With OpenAM. This guide is written for people who have heard something about OpenAM, but have not gotten around to trying it out.

If you have not yet tried OpenAM because you do not have time, this 20-page guide is for you. There are only two chapters:

  • The first chapter starts off with the expectation that you have a Linux laptop or Linux VM, an Internet connection, and a minimum of command-line experience. It takes you step-by-step through the process of setting up OpenAM to protect a web page. Once you have successfully followed the instructions, you should have a basic understanding of what OpenAM does.
  • The second chapter is a short introduction to OpenAM’s main capabilities, from self-service features to SSO, to federation and the different APIs that OpenAM offers for developers.

Leave a comment

Filed under Access Management


OpenAM Community Logo If you have been following the development of OpenAM, you know that OpenAM offers new REST APIs, built on the same underlying CRUDPAQ model used in OpenDJ (and now in the latest builds of OpenIDM as well).

Over time the new REST APIs will replace the old REST APIs, providing more uniform design and responses for modern web client applications, and providing additional access. A table in the draft release notes lists which new URIs are taking over from the old.

You access the new APIs under /json where you deployed OpenAM (for example,

  • /json/agents — CRUD and query for policy agent profiles
  • /json/authenticate — Authenticate (including callbacks, modules, chains, etc.)
  • /json/dashboard — Read cloud dashboard profiles
  • /json/groups — CRUD and query for OpenAM groups
  • /json/realms — CRUD for OpenAM realms
  • /json/serverinfo/cookieDomains — Get cookie domains that the server supports
  • /json/sessions?_action=logout — Log a user out based on SSO Token
  • /json/users — CRUD and query for user profiles
  • /json/users?_action=forgotPassword — Help users reset forgotten passwords
  • /json/users?_action=register — Help new users sign up

You can find a load of examples in the chapter on Using RESTful Web Services.

It all starts with authentication. Although the new OpenAM REST API for authentication also lets you do callback-based authentication to take advantage of auth modules that do something other than username/password-based authentication, a simple way to get a token ID is to use zero page login.

$ curl --request POST \
 --header "X-OpenAM-Username: demo" \
 --header "X-OpenAM-Password: changeit" \
 --header "Content-Type: application/json" \

  "successUrl": "/openam/console"

The JSON you get back, pretty-printed here, shows the tokenId that corresponds to the user session. The successUrl is the URI to which the user would normally be redirected.

Once you have authenticated, then you can use the tokenId to access other resources. For example, you can read attributes of your user profile.

$ curl --header "iPlanetDirectoryPro: AQIC5wM2LY4SfcwyCO2rILBLpB93G7k4yHM-NN9OJL5zqEU.*AAJTSQACMDEAAlNLABQtMjU0NTQwOTU4Mjg0MTA2MDYyOA..*" \\&_fields=realm,uid,sn,cn,inetuserstatus

  "realm" : "/",
  "uid" : [ "demo" ],
  "sn" : [ "demo" ],
  "cn" : [ "demo" ],
  "inetuserstatus" : [ "Active" ]

After you are done, you can logout.

$ curl --request POST \
 --header "iPlanetDirectoryPro: AQIC5wM2LY4SfcwyCO2rILBLpB93G7k4yHM-NN9OJL5zqEU.*AAJTSQACMDEAAlNLABQtMjU0NTQwOTU4Mjg0MTA2MDYyOA..*" \

{"result":"Successfully logged out"}

This post only starts to scratch the surface. There really are lots of possibilities. See the chapter, Using RESTful Web Services, for more.

Leave a comment

Filed under Access Management