AM 7.2.0

Deprecated functionality

Functionality listed here has been deprecated and will be removed in a future release of AM.

Deprecated in AM 7.2

org.forgerock.openidconnect.Claim class

The org.forgerock.openidconnect.Claim class has been deprecated. Support for its use will be removed in a future AM release. Its functionality is replaced by the org.forgerock.oauth.clients.oidc.Claim class, in the OpenAM commons library.

For more information about the new class, see Changes to the OIDC claim classes.

user_id field in the OAuth 2.0 introspection response

The user_id field, which is part of the JSON response returned by the /oauth2/introspect endpoint, is deprecated, and will be removed in a future release. It is replaced by the username field, in compliance with RFC 7662.

Legacy CAPTCHA node

The CAPTCHA node has been rewritten. The previous version of the node has been deprecated, and is now shown as Legacy CAPTCHA in the UI. For information on the new node, see CAPTCHA node.

org.forgerock.oauth2.core.ScopeValidator interface

The AM API now includes new interfaces, each with a single responsibility. When building plugins, use these interfaces from the org.forgerock.oauth2.core.plugins package instead:

For examples, see Customize OAuth 2.0 with plugins.

Command-line tools: ssoadm, ampassword, configurator.jar, and upgrade.jar

The ssoadm command and the configurator.jar, upgrade.jar, and ampassword tools remain deprecated. They will be removed in a future release of AM.

Access Token Enricher plugin for OAuth2 provider

The Access Token Enricher plugin interface is deprecated and will be removed in a future release of AM. The functionality of the access token enricher is superseded by the new AccessTokenModifier extension point.

JAXRPC endpoint URL

The JAXRPC endpoint URL, used by the remote IDM/SMS APIs, is deprecated and will be removed in a future AM release.

SAML2IdentityProviderAdapter method

The following method is deprecated and will be removed in a future AM release: preSendFailureResponse(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,java.lang.String,java.lang.String)

If you have a custom implementation of the SAML2IdentityProviderAdapter interface, you should now plan to replace the deprecated method with the new implementation: preSendFailureResponse(java.lang.String,java.lang.String,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,java.lang.String,java.lang.String).

Deprecated in AM 7.1.1

  • No features or functionality have been deprecated in this release.

Deprecated in AM 7.1.0

  • Deprecated Elasticsearch and Splunk Audit Handlers

    Using the Elasticsearch and Splunk audit handlers is deprecated.

    AM 7.1 supports both file-based audit handlers and logging to standard output, which Elasticsearch and Splunk can consume.

    For more details, see Implement the audit logging service.

  • Deprecated isAlive JSP Page

    Using the isAlive.jsp to determine if an instance is alive is deprecated.

    AM 7.1 includes new endpoints to determine if an instance is alive, and ready to process requests.

    For more details, see Monitor AM instances.

  • Deprecated Existing getIDPAuthnContextInfo Signature

    The existing signature for the getIDPAuthnContextInfo method of the IDPAuthnContextMapper interface is deprecated.

    AM 7.1 includes a new signature for the getIDPAuthnContextInfo method, which includes an additional parameter for the entity ID of the service provider (SP).

    Note that the deprecated method still works in AM 7.1, but you should update any code that uses it to the new four-parameter signature. The deprecated three-parameter signature will be removed in a future version of AM.

  • Deprecated Social Authentication Nodes

    The following authentication nodes have been deprecated in favor of the Social Provider Handler node:

    As part of this change, the Social Authentication Implementations Service is also deprecated.

    + For more information about using the Social Provider Handler node, see Social authentication.

  • The ssoadm, ampassword, configurator.jar and upgrade.jar Tools Remain Deprecated

    The ssoadm command and the configurator.jar, upgrade.jar, and ampassword tools remain deprecated. They will be removed in a future release of AM.

  • Deprecated Direct Access to the Transient, Secure, and Shared State of Authentication Trees

    Direct access to authentication trees' transient, secure, and shared states using the TreeContext class has been deprecated.

    As part of this change:

Deprecated in AM 7.0.1

  • The SOAP STS service is deprecated and will be removed in a future release. Installing instances of this service in AM 7.0.1 is not supported. However, upgrading existing instances is.

Deprecated in AM 7.0

  • Deprecated Embedded Directory Services

    Support for the embedded DS instance in production is deprecated in AM 7. You can use the embedded DS instance for evaluation and demonstration purposes only.

    The embedded DS server will be removed in a future version of AM. You should switch to external DS servers.

    For more information, see Prepare external stores.

  • Deprecated Authentication Chains and Modules

    Authenticating by using authentication chains and modules is deprecated in AM 7, and they will be removed in a future version of AM.

    You should migrate your environments to Intelligent Access using authentication trees and nodes.

    For more information, see Authentication nodes and trees.

  • Deprecated Unused Authentication Methods in Hosted IDP Authentication Context Mapping

    Support for the following authentication methods in the Authentication Context table when configuring a hosted identity provider has been deprecated in AM 7:

    • User

    • Role

    • Resource URL

    The other authentication methods are not deprecated, and can be used to achieve the same results as the deprecated options.

    + For more information about configuring SAML v2.0 authentication context mappings, see Authentication Context.

Copyright © 2010-2022 ForgeRock, all rights reserved.