Knowledge Partner
Knowledge Partner

OpenAM vs NAM comparison

I've not used OpenAM, but based upon what I can see in their docs, it
SEEMS like it's more of just a SAML/federation/SSO product probably more
closely related to CA SiteMinder (agent-based) vs. a proxy-based (NAM)

I don't see any SSL VPN support (like NAM has)
It LOOKS like you install agents onto your webservers (similar to J2EE
agents that NAM can use) but since they don't mention proxy/dedicated
hardware, I'd say it sounds much more similar to Siteminder in that

Most WAM products are either proxy-based or agent-based and have their
pros/cons. Proxy-based requires more hardware, but (IMO) offers more
protection in the sense that you don't actually hit/access the origin
web server until AFTER you've passed through NAM (ie, it's a

Agent-based has the plus of not requiring more hardware, but it also
ties you into software updates/upgrades to the agents and the web server
its on (ie, if you're on WAS, then every time you want to update WAS,
you have to re-deploy the agents usually and if you need to update the
agents, you have to re-deploy to the WAS server, etc.) Plus, the user
actually has to "access" the origin web server, authenticate and then
they can access the other components, which (IMO) isn't quite as secure
as proxy-based.

But given that enough people use CA Siteminder it may not be that big
of an issue.

I'm not sure if their product sheet is 100% complete, but it states:
OpenAM allows you to view and retrieve user information without making
changes to an existing user data. Supported directory servers include
Directory Server 5.1, 5.2 &
6.2, IBM Tivoli Directory 6.1, Microsoft Active Directory 2003 and
2008, OpenDS 2.0 and 2.2, and OpenDJ 2.4.

I see no mention of eDirectory or OpenLDAP or SunOne, but I'm not sure
if the above list is all inclusive.

The opinions expressed are my own.
Check out my OES2 Guides:
Installing OES2 SP2:
Upgrading to OES2 with ID Transfer:
GroupWise Migration with OES2 ID Transfer:
kjhurni's Profile:
View this thread:

3 Replies
ssripathy251 Absent Member.
Absent Member.

OpenAM vs NAM comparison

I am tasked with looking at OpenAM (by ForgeRock) as a SSO option.
I would like a dispassionate comparison between NAM and OpenAM,
specifically performance, features, support and ease of configuration.
Someone who has used both of these products at a client can give me an
insight on the pros and cons.

I reviewed OpenAM documentation wiki and their mailing list but that
hasn't given me good comparison point. OpenAM is still has low adoption
rate compared to NAM plus I have always worked with NAM and have been
happy with it, especially with support and great forum.
OpenAM is uncharted territory for me. Any help is appreciated! Thanks
in advance.

ssripathy25's Profile:
View this thread:

ssripathy251 Absent Member.
Absent Member.

Re: OpenAM vs NAM comparison

Thanks kjhurni for the quick response. I agree with you on advantage of
the access proxy vs agent based pro.
A major headache with the OpenAM is the inconsistent documentation even
though ForgeRock has tried to consolidate it. With some links pointing
to the old Sun wiki, some just deleted by Oracle or outdated. Plus most
of the install/configure is very manual from what I see, especially
after having gotten used to the NAM admin console.

ssripathy25's Profile:
View this thread:

Anonymous_User Absent Member.
Absent Member.

Re: How to insert a semicolon before every 1st <br>eakline in every <p>aragraphs

The problems are not yet solved.
The 1st problem is much trickier than it seems.
Gimme some advice please.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.