ForgeRock Blog

Should You Deploy the Latest Policy Agents ?

By Markus Weber, @MWAtForgeRock

In short: yes, you should.

OpenAM is ForgeRock’s “all-in-one” access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements, Adaptive Authentication, Strong Authentication, and Web Services Security, in a single, unified product.

On top of context-aware single sign-on access it enables a personalized experience on any digital channel, whether a mobile device, connected car, home appliance, or whatever the next connected innovation might be.

In its most basic function, OpenAM enables you to protect all your web applications. Especially if you manage a large amount of such applications (whether they are internally-facing employee-centric apps, or externally-facing revenue-generating apps for your customers or citizens), OpenAM allows you scale easily by simply deploying agents onto your existing web or application containers, while centrally managing all authentication and authorization policies.

We just released new versions of two of the most commonly deployed policy agents:

  • OpenAM Web Agents 3.3.4

  • OpenAM Java EE Agents 3.5.0

Should you upgrade to these version as soon as you can?

Peter Major, one of our very experienced sustaining engineers, thinks YES:


Maintenance releases for all of our products, developed and thoroughly tested by our fantastic engineering team, provide crucial security and bug fixes, new functionality, and usually support for latest software and platforms.

Check the web policy agent release notes and the Java EE policy agent release notes for more information.

As always, policy agents can be downloaded from the OpenAM section of the backstage download page.

But what if my application or application container, or my operating system is not supported by a policy agent?’, you may ask. In this case, you can use the ForgeRock Identity Gateway, or OpenIG, which allows you to protect access to applications not suited for a policy agent.