Is OpenDJ, OpenAM and OpenIAM free software

Asked 25/12, 2014 at 7:57 Answered 14/1, 2015 at 17:51

What has been the experience of folks who have already been using OpenDJ and OpenAM? Older versions seem free to use but the new releases don't seem to be free for use. How do they compare to the existing commercial offerings? They look like a better option than using OpenLDAP with CAS but don't look free.

Dalia answered 25/12, 2014 at 7:57 Comment(1)

I am not sure why this question is marked negative but as i am getting more into the installation on linux based system, I am getting a feel that all the released version are not free to use as the wget is fetching empty jar files for all the enterprise version even if username and password is provided.only community version are available for download and most of them are end of life as marked in enterprise version. Only way I can use the software is to take to head version(WIP). I feel the question is relevant and will help anybody who are trying to evaluate for production – Dalia 7/1, 2015 at 15:48

Below you can find answers depending on when this question was asked just for the sake of history.

ANSWER AFTER April 3rd, 2017

With the recent changes made to the business model here you can find the key details you will need to know:

The latest versions of the main products have been firstly renamed, but secondly has been re-versioned to match ForgeRock's Identity Platform views:
- OpenAM 14.0.0 -> Access Manager 5.0.0
- OpenDJ 4.0.0 -> Directory Services 5.0.0
- OpenIDM 5.0.0 -> Identity Management 5.0.0
- OpenIG 5.0.0 -> Identity Gateway 5.0.0
The products listed above were all released under a commercial licence, meaning:
- The ForgeRock contributed source code (i.e. ForgeRock's intellectual property) is not licensed under an open source licence.
- All source code that does not solely belong to ForgeRock (e.g. original source code that belonged to Sun, or source that had open source contributor's work associated with them) will be still available under the CDDL licence and can be obtained as detailed under forgerock.org.
- All ForgeRock IP is licensed under a non open source licence.
The products released under the commercial licence can be evaluated for 60 days only.
At the same time of the official release of the new products, community editions have been released for the Open* products:
- The community editions are essentially the latest maintenance releases of the last EOL'd versions of the products.
- Since these are maintenance releases, they are meant to be firstly more stable, but secondly slightly more secure (only slightly since these versions have not been updated to include the security fixes that have been issued since these versions' original release date).
- The community editions can be found under forgerock.github.io
- With these new releases every community member will have to make a decision themselves: do they want to go for the latest, but EOL'd stable version of the product, or do they want to try their luck with the latest public, but likely to be less mature software versions (like OpenAM 13.0.0 that was released before the business model change).
Whether community versions will be released/updated by ForgeRock in the upcoming years is currently unknown, no such information has been publicly provided.

Short of an official announcement from ForgeRock, please have a look at this topic in the ForgeRock forum for more details.

To summarize:

The Open* products are still open source and freely available, however they are no longer being publicly developed by ForgeRock. Whether new community versions will be made available is yet unknown, but given the current example, each year the community would get access to an EOL'd version of the product..

ANSWER BEFORE April 3rd, 2017

Here are some facts about the projects and the licensing in general:

Only major releases are made publicly available, which means the source code is available in the format of an SVN tag, whilst the binary that can be downloaded from BackStage will have the binary license on it.
The binary license allows people to test out the product, but it prevents them from using those binaries in production environments without support subscription.
Maintenance versions are not available publicly neither in source nor in binary format.
Each project's trunk (or master) is publicly available, which means that in one shape or form every single bugfix is available, so with some luck it should be possible to cherry-pick important fixes from trunk onto your own special maintenance version.
Each product is relatively simple to build (except maybe the web agents), and as such it shouldn't pose much of a risk to your deployment (ForgeRock does have customers who are building their own artifacts for their deployments, so it is really not a rocket science).
Downloading the artifacts from BackStage only requires some skills on working with agent protected applications, here is an example curl command:

$ curl -O -H "Cookie: fr_sso_sess_prod=AQIC5w..." https://backstage.forgerock.com/downloads/enterprise/openam/openam12/12.0.0/OpenAM-12.0.0.war

Unfortunately it is common that the major releases have some annoying bugs, for those, backporting is relatively simple, since the difference between trunk and the latest major release shouldn't be too big, so you should be able to handle those by manually backporting the fixes. Since major releases happen every ~year or so, you don't have to live with these local changes for too long fortunately.
The projects have active community, and getting help with any kind of issues shouldn't be too difficult (let it be a deployment issue or how to build the projects locally)

Probably I should mention that I'm a ForgeRock employee, so take my comments as you please.

Just to clarify: when you build trunk on your own, you do not have to buy subscription. Only ForgeRock enterprise builds should include the binary license. When building your own stuff, it is you who creates the binaries, hence you can simply decide to leave the binary license out of it.

Living answered 14/1, 2015 at 17:51 Comment(4)

Peter, Thanks for the comprehensive answer. I am working in a consulting setup where FOSS software is more preferred. Your answer outlined quite clearly how bug fixes are handled. Also good point that we can build from the trunk but even doing so I will have to buy subscription as mentioned in the licensing clause.Though there are following old archive which I found can be used freely in production(both are marked as eosl in forgerock's site)forgerock.org/downloads/openam-archive forgerock.org/downloads/opendj-archive. – Dalia 16/1, 2015 at 3:54

Just to clarify: when you build trunk on your own, you do not have to buy subscription. Only ForgeRock enterprise builds should include the binary license. When building your own stuff, it is you who creates the binaries, hence you can simply decide to leave the binary license out of it. – Living 16/1, 2015 at 6:49

Looks like Forgerock has fooled the open source community by suddenly restricting its releases. Be more cautious in trusting companies like Forgerock. – Imparisyllabic 18/7, 2017 at 10:20

Don't think ForgeRock has fooled anyone. If you buy a binary license, you can still get the source code. If you don't want to pay, you can go with the community version. This is pretty normal and most companies in this space follow this approach. – Gustative 20/7, 2017 at 19:29

I'll answer your question in two parts:

First as it compares to existing commercial it's actually a very good solution, as it scales, and it's very feature rich. You can go to the site and read all about the features.

The second part of newer version requiring subscription is somewhat wrong. Mainly because there are subscription downloads from forgerock.com. I assume this are for support service contract reasons that one must purchace. If you want to run the latest version just download the nightly builds forgerock.org, and you will be running the latest version. Lastly I will echo Ludovic's comments about the confusion of free.

[Community] - https://forgerock.org/
[Commercial Support] - https://forgerock.com/

PS. I'm in no way associated with forgerock.

Sato answered 29/12, 2014 at 18:23 Comment(2)

Truely saying that I see all the newer released binary are maked as Enterprise and does not get downloaded(binary) via wget. I can surely create my binary by building from source code but that is not a release and not what i have been doing for production releases for other software which I am using. Most of them will have two version Enterprise and community with same version number. – Dalia 7/1, 2015 at 14:13

As far as I understand, there is no open source "binary" version available. Both forgerock.com and forgerock.org point to the same location for download. – Tharpe 30/4, 2015 at 9:29

I think you are confusing free as in Free beer and the freedom of open source. This said OpenAM and OpenDJ are enterprise ready products, mature and used in a large number of mission critical environments including governments, telecom operators, financial institutions, insurances...

Polyhedron answered 26/12, 2014 at 9:13 Comment(3)

question arose as the newer version is not free to download without subscription. Older version are free for download – Dalia 29/12, 2014 at 5:33

I disagree... All versions are free to download, install and play with. The ForgeRock license only restrict the use for Production. – Polyhedron 6/1, 2015 at 22:15

Eventually I have to use a version which I can use in production. but I got the point, I have to choose a version which i can use in production and also got the point that not all the new version may be needing subscription thus I have to choose accordingly. I am happy to know that as the developement will happen on these product and there will be future version which will be available without subscription thus upgrades in future is possible. – Dalia 7/1, 2015 at 7:46

Recommended topics

Hot tags