Is OpenDJ, OpenAM and OpenIAM free software



What has been the experience of folks who have already been using OpenDJ and OpenAM? Older versions seem free to use but the new releases don’t seem to be free for use. How do they compare to the existing commercial offerings? They look like a better option than using OpenLDAP with CAS but don’t look free.





Below you can find answers depending on when this question was asked just for the sake of history.

ANSWER AFTER April 3rd, 2017

With the recent changes made to the business model here you can find the key details you will need to know:

  • The latest versions of the main products have been firstly renamed, but secondly has been re-versioned to match ForgeRock’s Identity Platform views:
    • OpenAM 14.0.0 -> Access Manager 5.0.0
    • OpenDJ 4.0.0 -> Directory Services 5.0.0
    • OpenIDM 5.0.0 -> Identity Management 5.0.0
    • OpenIG 5.0.0 -> Identity Gateway 5.0.0
  • The products listed above were all released under a commercial licence, meaning:
    • The ForgeRock contributed source code (i.e. ForgeRock’s intellectual property) is not licensed under an open source licence.
    • All source code that does not solely belong to ForgeRock (e.g. original source code that belonged to Sun, or source that had open source contributor’s work associated with them) will be still available under the CDDL licence and can be obtained as detailed under
    • All ForgeRock IP is licensed under a non open source licence.
  • The products released under the commercial licence can be evaluated for 60 days only.
  • At the same time of the official release of the new products, community editions have been released for the Open* products:
    • The community editions are essentially the latest maintenance releases of the last EOL’d versions of the products.
    • Since these are maintenance releases, they are meant to be firstly more stable, but secondly slightly more secure (only slightly since these versions have not been updated to include the security fixes that have been issued since these versions’ original release date).
    • The community editions can be found under
    • With these new releases every community member will have to make a decision themselves: do they want to go for the latest, but EOL’d stable version of the product, or do they want to try their luck with the latest public, but likely to be less mature software versions (like OpenAM 13.0.0 that was released before the business model change).
  • Whether community versions will be released/updated by ForgeRock in the upcoming years is currently unknown, no such information has been publicly provided.

Short of an official announcement from ForgeRock, please have a look at this topic in the ForgeRock forum for more details.

To summarize:

The Open* products are still open source and freely available, however they are no longer being publicly developed by ForgeRock. Whether new community versions will be made available is yet unknown, but given the current example, each year the community would get access to an EOL’d version of the product..

ANSWER BEFORE April 3rd, 2017

Here are some facts about the projects and the licensing in general:

  • Only major releases are made publicly available, which means the source code is available in the format of an SVN tag, whilst the binary that can be downloaded from BackStage will have the binary license on it.
  • The binary license allows people to test out the product, but it prevents them from using those binaries in production environments without support subscription.
  • Maintenance versions are not available publicly neither in source nor in binary format.
  • Each project’s trunk (or master) is publicly available, which means that in one shape or form every single bugfix is available, so with some luck it should be possible to cherry-pick important fixes from trunk onto your own special maintenance version.
  • Each product is relatively simple to build (except maybe the web agents), and as such it shouldn’t pose much of a risk to your deployment (ForgeRock does have customers who are building their own artifacts for their deployments, so it is really not a rocket science).
  • Downloading the artifacts from BackStage only requires some skills on working with agent protected applications, here is an example curl command:

$ curl -O -H "Cookie: fr_sso_sess_prod=AQIC5w..."

  • Unfortunately it is common that the major releases have some annoying bugs, for those, backporting is relatively simple, since the difference between trunk and the latest major release shouldn’t be too big, so you should be able to handle those by manually backporting the fixes. Since major releases happen every ~year or so, you don’t have to live with these local changes for too long fortunately.
  • The projects have active community, and getting help with any kind of issues shouldn’t be too difficult (let it be a deployment issue or how to build the projects locally)

Probably I should mention that I’m a ForgeRock employee, so take my comments as you please.

Just to clarify: when you build trunk on your own, you do not have to buy subscription. Only ForgeRock enterprise builds should include the binary license. When building your own stuff, it is you who creates the binaries, hence you can simply decide to leave the binary license out of it.


Facebook Comments

Post a comment