OpenAM Logo

OpenAM 13.5 – What’s new!

A preview version of an OpenAM service broker for Cloud Foundry is now available!

“All in one” access management that includes authentication, adaptive risk assessment, authorization, federation, single sign-on, social sign-on, basic self-service, privacy and consent, and high performance session management. Feature overview.

Mobile authentication, including Push Authentication feature to verify users without the need for passwords, and multi-factor authentication capabilities with an easy to use mobile app for iOS and Android.

Practical bits


Released Documentation
Draft Documentation
Issue/Bug Tracking (JIRA)

What’s New in OpenAM 13.5 in the release notes has the overview of what’s new and shiny.


Unstable Nightly Builds
Stable Enterprise Builds

Note that the nightly build is work in progress. We also have an archive of older OpenAM releases.

Source code

OpenAM is open source. You can check out the source code here.

The code is licensed under CDDL.

Official project repository
GitHub Mirror
Jenkins CI server

Get involved!

– Join the OpenAM mailing list or forum to ask questions, make suggestions, and tell us what you think of OpenAM.

– Contribute to the development of OpenAM by checking out the source code, the roadmap, add to our issue/bug tracker and hack away on what matters to you.

– Idea; hack out scripts and recipes for OpenAM that work with solutions like JuJu, Vagrant, Ansible, puppet, Docker, CFEngine etc. (and share them here!)

Get started!

The chapter “Getting started with OpenAM” in the documentation will take you through the steps.


OpenAM feature overview

  • 100% Java-based architecture allows deployment across many platforms.
  • Developer and admin friendly, with task based GUI, REST, C and Java developer tools, and comprehensive documentation.
  • Service provider interfaces (SPI’s) provide a framework to extend all service modules such as adding custom authentication modules, federation plug-ins, policy conditions.
  • Easily create federated SSO connections with SaaS apps via a GUI-based wizard or can use out-of-the-box, Google Apps connectors among others.
  • Easily setup social authentication with Google, Facebook, MSN, or any OAuth 2.0 provider.
  • Simple click through setup of Federation IDP and SPs using SAML, OpenID Connect and OAuth 2.0.
  • Full support of OAuth 2.0 and OpenID Connect, modern protocols that provide the most efficient method for developing secure native or HTML5 mobile applications optimized for bandwidth and CPU.
  • Adaptive Authentication including device fingerprinting ensures mobile devices are trusted.
  • REST APIs allow developers to create device agnostic applications. The same API can be used to access OpenAM from a Web or a native mobile application.
  • OATH/Soft Token Generator, MSISDN and HOTP (One Time Password) capabilities enable multifactor and mobile authentication.
  • 2-factor authentication enabled using a mobile phone, hardware token, biometric device, as a second factor, a requirement for highly sensitive applications and sites.
  • Out of the box standard-based solutions such as OATH and HOTP allow use of a mobile phone as a second factor by generating SMS or SOFT-TOKEN.
  • Extensible to 3rd party services providing a second factor or identity proofing is configurable as part the authentication approval chain.
  • Fraud prevention feature assesses risks during the authentication process to determine whether to require the user to present additional credentials.
  • Configurable using a scoring algorithm that calculates a risk score based on an IP address range, geographic location, device fingerprint, account idle time, etc., and apply to the authentication request.
  • OpenAM supports 18+ authentication methods out of the box, along with the ability to add new custom methods.
  • Windows Desktop SSO support enables a seamless heterogeneous OS and Web application SSO environment.
  • Strong Authentication support out of the box with many different options for multi-factor authentication, software and hardware tokens, OATH and HOTP.
  • Provides both a coarse-grained policy engine and a fine-grained entitlements service based on XACML (Extensible Authorization Mark-up Language).
  • XACML entitlements evaluate and enforce access controls for any object or data component, providing consistent entitlement enforcement from presentation to web services to the database.
  • Import and export XML policy files for production environments that use scripts rather than the console.
  • OpenAM exposes functions as simple identity web services, so developers can easily invoke them during the app development process.
  • Provides client application programming interfaces with REST, Java and C APIs.
  • RESTful APIs enable JSON or XML over HTTP, allowing users to access authentication, authorization, and identity services from web applications using simple REST clients.
  • All major federation protocols: SAML 1.x, SAML 2.0 (SP, IdP, ECP, and IdP Proxy), WS-Federation (asserting, relying party).
  • Next gen-federation standards for cloud and mobile include full implementation of OpenID Connect and OAuth 2.0 (consumer, provider, authorization server).
  • All Web Services security standards- Liberty ID-WSF, WS-I Basic Security Profile, WS-Trust (STS), and WS-Policy.
  • FICAM (Federal Identity, Credential, and Access Management) compliant – initiative defined by the U.S. Federal Government to simplify identity and access management across government systems.
  • OATH and HOTP standards that allow a mobile phone to be used as a second factor authentication.
  • XACML for fine-grained authorization policy definition, import, export.
    Support included for IPv6, Java 6 and 7.
  • Supports large-scale implementations with millions of users and thousands of authentications per second.
  • Requires less hardware at scale, decreasing datacenter cost and complexity.
  • High availability with out-of-the-box persistent session failover enables support of complex, multi-site environments.
  • OpenDJ comes embedded as a configuration store and a highly scalable and high-performance session-persistent store.
OpenAM Slides and collateral

OpenAM Introduction

OpenAM blog posts
OpenAM Resources

©2016 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your username and password

Lost your password?

Forgot your details?