ForgeRock Identity Platform 7.5

Upgrade

Platform upgrade complexity depends on the deployment. Upgrades for heavily customized deployments using many advanced features require far more care and planning than an upgrade for a sample evaluation deployment.

Make sure you plan and test appropriately before attempting to upgrade a production deployment.

Upgrade process

To upgrade your sample deployment from 7.4 to 7.5, follow these high-level steps:

  1. Upgrade the platform UIs.

    Use the new UIs described in Set up the platform UIs.

  2. Upgrade IG.

    For details, refer to Upgrade in the IG documentation.

  3. Upgrade DS.

    For details, refer to Upgrade in the DS documentation.

  4. Upgrade AM.

    For details, refer to Upgrade in the AM documentation.

  5. Upgrade IDM.

    For details, refer to Upgrade in the IDM documentation.

When upgrading from earlier versions of the sample deployment, read the earlier upgrade instructions and Migration and customization.

Changes from 7.4 to 7.5

  • Use Java 17.

  • The sample deployments now require IG.

    The Platform UI component applications don’t all run on the same host and port. This means cookies and iframes don’t always share the same host and origin, a potential problem for modern browsers.

    IG protects access to the platform and ensures a single host and port for all browser-based interactions.

  • The procedures to configure AM now demonstrate how to use DS as an external token store.

  • The IG config.json configuration file has changed. IG 2024.3 requires you to declare objects directly in the heap before referencing them.

Changes from 7.3 to 7.4

  • The Amster .zip file Amster-7.5.0.zip now includes a root folder named amster.

  • The Platform UI Docker image version format has changed. For details, refer to Run Docker images.

  • The procedures for configuring IDM now include:

    • A new ui-themerealm.json file to enable theming for hosted UI pages.

      This addition makes it possible to edit authentication journeys through the Platform Admin UI.

    • An update to the repo.ds.json file to support password policies with Force Password Change enabled.

      This update adds the following settings to dsconfig/passwordPolicies > properties:

      {
        "allowExpiredPasswordChanges": {
          "type": "simple",
          "ldapAttribute": "ds-cfg-allow-expired-password-changes"
        },
        "expirePasswordsWithoutWarning": {
          "type": "simple",
          "ldapAttribute": "ds-cfg-expire-passwords-without-warning"
        },
        "passwordExpirationInterval": {
          "type": "simple",
          "ldapAttribute": "ds-cfg-password-expiration-warning-interval"
        }
      }

      You can find the Force Password Change option in the Platform Admin UI under Security > Password Policy.