OpenIDM: Trying the new Admin UI

openidm-logo One of the cool features in the upcoming release of OpenIDM is the new Admin UI. Jake Feasel demonstrated this to several people last week. It already looks like a major improvement for newbies over editing configuration files.

If like me you have been out of the loop for a while, it is reassuring to see that OpenIDM still installs a dream when you are just getting started. Download, unzip, and ./

Here is how you might start OpenIDM with an existing sample. This uses sample2, which is one-way synchronization with OpenDJ. You are not required to start with the samples, but they can quickly bootstrap your evaluation, without requiring you to read much doc or to think through the initial configuration.

$ cd /path/to && mv ~/Downloads/openidm . && cd openidm
$ ./ -p samples/sample2
Executing ./
Using OPENIDM_HOME:   /path/to/openidm
Using PROJECT_HOME:   /path/to/openidm/samples/sample2
Using OPENIDM_OPTS:   -Xmx1024m -Xms1024m
Using LOGGING_CONFIG: -Djava.util.logging.config.file=/path/to/openidm/samples/sample2/conf/
Using boot properties at /path/to/openidm/samples/sample2/conf/boot/
OpenIDM version "3.1.0-RC3-SNAPSHOT" (revision: 4297) jenkins-OpenIDM-3746 null
-> OpenIDM ready

OpenIDM’s web based UI is ready for HTTPS out of the box, but it seems you can still use HTTP for evaluation.

For example, you can visit http://localhost:8080/openidmui/ and login as openidm-admin:openidm-admin.

OpenIDM’s UI helps prevent default passwords by prompting you to change your password the first time you login.


You find the Admin UI at http://localhost:8080/admin/. This shows the view when running with the sample2 configuration.


The new Admin UI offers a wizard-like approach to setting up provisioning. If you follow sample2, set up OpenDJ with some sample data before you get started. The sample comes with a mapping from OpenDJ accounts to managed/user.


The sample also comes with a configuration for what to do in different situations during synchronization. Most of the policies are defaults.


To run reconciliation and synchronize your source and target, either click the Reconcile Now or schedule reconciliation on the Sync Tab of the Mappings page. When reconciliation completes, you should have a bunch of new managed users. If you schedule reconciliation, subsequent runs might not encounter any changes.


Click the User View link at the upper left of the page and then the Users tab to view all your managed users.


When you change a mapped attribute in the source, in this case OpenDJ, reconciliation updates it in the target, in this case the managed/user. For example, Babs Jensen’s original mail address is


After changing the mail address in OpenDJ to, reconciliation updates her corresponding managed/user in OpenIDM’s repo. Refreshing the page after reconciliation, you can see the change.


The OpenIDM Admin UI is quite a leap forward, and promises to make it much easier for all of us to create and edit resources and mappings, and to arrange and schedule synchronization. Hats off to the OpenIDM team!

Searching ForgeRock Community Sites

ForgeRock Community Logo Someone said it is hard to find the search box on the * community sites. Also, the searches were scoped too narrowly to look in the mailing lists.

Before the changes the search box is tucked away in the left menu, and scoped to site:<project>

OpenDJ site before the change
OpenDJ Before: Search box in left menu

The new, improved version has a more obvious search box. Searches now cover everything at

OpenAM after improving the search box
OpenAM After: Search box top right, now with colors

ForgeRock welcomes Lana Frost

ForgeRock Community Logo Welcome to Lana Frost who joined the ForgeRock documentation team Monday. Glad you decided to work for ForgeRock, Lana.

Lana has worked as Lead Writer at Sun Microsystems on the Directory Services team, and more recently at Oracle. While helping other writers meet their deadlines and keeping the projects on track, she also wrote a big share of the directory documentation herself. Furthermore, Lana was instrumental in setting up the rigorous documentation review process that first lifted the quality of the directory documentation, and was later adopted by other middleware documentation teams.

Lana will help with OpenDJ docs at ForgeRock. Her main focus however is the leadership role for identity documentation with the OpenIDM and OpenICF projects. Good news for the ForgeRock directory and identity communities!

OpenIDM: Trying the UI

OpenIDM community logoOne feature starting to take shape in the OpenIDM is the browser-based UI. What’s there is no doubt going to change a lot before the next release. It’s not hard to get a sneak preview of what might be coming soon.

Update: The OpenIDM dev team has made your life easier. Now you no longer need to deal with the profile. Just start OpenIDM, and then browse to http://localhost:8080/openidmui/. You can login as openidm-admin:openidm-admin, or you can register (create a new account).

  1. Unzip a nightly build of OpenIDM.
    cd /path/to
    unzip ~/Downloads/
  2. Apply the ria-ui-default profile.
    cd openidm/profiles
    python ./ria-ui-default
  3. Add the users from profiles/ria-ui-default/README.
    vi ria-ui-default/README # Comment out extra lines
    sh ria-ui-default/README
  4. This gives you one administrator and one user, so you can login and try the UI.
  5. Browse to http://localhost:8080/openidmui/, and login.
    If you used the README as is without editing users, then your users are &, both with password CCxxaa11!!.


OpenIDM: 2.0.3 Now Available

OpenIDM is ForgeRock’s open source, open standards based identity management solution. Today we released OpenIDM 2.0.3, which is the latest update release on the 2.0.x branch.

Download OpenIDM 2.0.3 from Also see the release notes, which include a the long list of improvements and fixes that have gone onto the 2.0.x branch.

If you just want to kick the tires and get started with OpenIDM, see the install guide, which describes how to set up the samples that you get with the download.

The system integrator’s guide will help you move beyond the basics.

ForgeRock: We’re Hiring

Perhaps you know people who would like to join us full time at ForgeRock. If so, please let them know that we’re hiring for a variety of jobs in sales, business development, support, and engineering. The web page behind the link has instructions on how to apply.

Why work at ForgeRock? ForgeRock has a healthy attitude, flat hierarchy, and a huge potential for growth. The work keeps you interested and engaged, with strong software and a lots of good things coming up on the roadmap. The people are at the top of their game, smart, effective, open-minded, motivated. (Not just people who work for ForgeRock, but community members, customers, and partners, too.)

ForgeRock: Updating Community Sites

ForgeRock Community Logo Thanks to Laszlo and Stein, the ForgeRock community sites for OpenAM, OpenDJ, OpenIDM, OpenICF can now be deployed thorugh Jenkins.

Jenkins redeploys sites after changes are made, so all you have to do is make sure your work does not break the build. (A broken build results in no changes to the site.)

I updated the Core Documentation Author’s Guide to reflect the change.