Install ForgeRock on a Windows Machine

This section of the SAML 2.0 Single Sign-On Integration Guide explains how to install ForgeRock (OpenAm) on a Windows Machine.

Prerequisites

The Windows machine must have a fully qualified domain name (FQDN).

Configuration

Step 1: Get Java

Download and install the latest Java JRE or JDK.

Tomcat (see Step 2 of configuration) uses Java Runtime Environment (JRE) and is a part of Java Development Kit (JDK). JDK is used for the development of the Java app. Either JRE or JDK will work.

Step 2: Get Tomcat

Download and install Tomcat 9.0.

Step 3: Get OpenAm

1. Download OpenAm distributive.
   
   
2. Unzip the file.
   
   
3. Find the file with the .war extension, which has a name similar to AM-5.x.x. Eval.
   
   
4. Rename the file openam.

Step 4: Verify that Tomcat is running

Check it in the Windows Services option.

Step 5: Create ForgeRock directory

1. Copy the openam.war file to your computer in /Program Files/Apache Software Foundation/Tomcat 9.0/webapps.
   
   
2. Wait until Tomcat creates the directory "openam"

Step Q: Create default configuration

1. Go to http://<FQDN>:8080/openam
   
   
2. Set the password for "amadmin".
   
   
3. Wait until the configuration is created.
   
   
4. Go to http://<FQDN>:8080/openam/XUI/#login/ and then enter the login and password for "amadmin" user.
   
   
5. Create a user in the Top Level Realms > Subjects section (i.e., user1:password).

In the sections that follow, you will learn how to create an Identity Provider (IdP) at your ForgeRock Instance, which involves creating a hosted identity provider, enabling SAML 2.0, adding the entity provider, and changing your NameID service options. These steps need to be followed before you can configure Bright Pattern to use ForgeRock single sign-on.