Prepare the Java environment
AM software depends on a Java runtime environment.
Check the output of the java -version command to make sure your version is supported
according to the Java requirements.
|
Keep your Java software up-to-date with the latest supported version.
Make sure that your |
The following table summarizes the high-level tasks required to configure your Java environment:
| Task | Resources |
|---|---|
Prepare your JDK. The suggestions in these sections pertain to AM deployments with the following characteristics:
|
|
Tune the JVM for AM ForgeRock provides guidance on how to tune the JVM for production, but you must also tune it for garbage collection based on your environment. |
|
To configure JVM properties for proxy support, see Configuring AM for Outbound Communication. |
Settings for Oracle Java environments
When using an Oracle Java environment, set at least the following options:
-Xmx1g(minimum)-
AM requires at least a 1 GB heap. If you are including the embedded DS, AM requires at least a 2 GB heap, as 50% of that space is allocated to DS. Higher volume and higher performance deployments require additional heap space.
-XX:MetaspaceSize=256m-
Set the metaspace memory size to 256 MB.
-XX:MaxMetaspaceSize=256m-
Set the maximum metaspace memory size to 256 MB.
For additional JVM tuning and security recommendations, see Tune JVM settings.
Settings for OpenJDK Java environments
When using an OpenJDK Java environment, set at least the following options.
-Xmx1024m(minimum)-
AM requires at least a 1 GB heap. If you are including the embedded DS, AM requires at least a 2 GB heap, as 50% of that space is allocated to DS. Higher volume and higher performance deployments require additional heap space.
Recommended:
-Xmx2048m. -XX:MetaspaceSize=256m-
Set the initial metadata space size to 256 MB.
Tune JVM settings
This section gives some initial guidance on configuring the JVM for running AM when the deployment has a dedicated CTS token store, and AM is configured to use server-side sessions.
These settings provide a strong foundation to the JVM before a more detailed garbage collection tuning exercise, or as best practice configuration for production:
| JVM parameters | Suggested value | Description |
|---|---|---|
|
At least 1 GB (2 GB with embedded DS), in production environments at least 2 GB to 3 GB. This setting depends on the available physical memory, and on whether a 32- or 64-bit JVM is used. |
|
|
Set both to 256 MB |
Controls the size of the metaspace in the JVM |
|
60000 |
Controls the read timeout in the Java HTTP client implementation. This applies only to the Sun/Oracle HotSpot JVM. |
|
High setting: 30000 (30 seconds) |
Controls the connect timeout in the Java HTTP client implementation When you have hundreds of incoming requests per second, reduce this value to avoid a huge connection queue. This applies only to the Sun/Oracle HotSpot JVM. |
| JVM parameters | Suggested value | Description |
|---|---|---|
|
|
Controls the protocols used for outbound HTTPS connections from AM. Specify one or more of the following values, separated by commas:
This setting applies only to Sun/Oracle Java environments. |
|
|
Controls the protocol AM uses to connect to affected external resources. Specify one or more of the following values, separated by commas:
This setting overrides the default server value. For details, refer to advanced properties. |
| JVM parameters | Suggested value | Description |
|---|---|---|
|
Verbose garbage collection reporting. |
|
|
|
Logs detailed information about garbage collection.
When using the |
|
Out of Memory errors generate a heap dump automatically. |
|
|
|
Location of the heap dump. |
|
Prints a heap histogram when the JVM receives a SIGTERM signal. |
| Module flag | Suggested value | Description |
|---|---|---|
|
|
When running AM with JRE 17, SAML Artifact flows (or any flows that use Xerces SOAP libraries) can fail with the following error:
Set this module flag to avoid this error. |