Deprecated
The functionality listed here is deprecated, and likely to be removed in a future release.
Deprecated since AM 7.5
- Secret label mappings
-
The following secret label mappings are deprecated in this release:
-
am.global.services.session.clientbased.encryption
-
am.global.services.session.clientbased.signing
Learn more about changes to secret label mappings in Support for storing secrets in secret stores.
-
- Configuration replaced by secret labels
Feature | Deprecated field |
---|---|
|
|
|
|
Encrypted device storage services: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- Changes to
org.forgerock.openam.auth.node.api.Action
-
The following
org.forgerock.openam.auth.node.api.Action
methods are deprecated in this release:-
public ActionBuilder withUniversalId(String universalId)
-
public ActionBuilder withUniversalId(Optional<String> universalId)
Use the new
public ActionBuilder withIdentifiedIdentity(String username, IdType identityType)
andpublic ActionBuilder withIdentifiedIdentity(AMIdentity identity)
methods instead.The
Optional <String> universalId
field is also deprecated, and is replaced byOptional<IdentifiedIdentity> identifiedIdentity
. -
- Legacy Social Provider node
-
The Legacy Social Provider Handler node has been marked as deprecated and will be removed in a future release. This node is replaced by a new Social Provider Handler node that resolves issues related to reentry cookies. The legacy node remains supported in existing journeys. If you’re creating new journeys, use the new Social Provider Handler node instead.
Deprecated since AM 7.3
- Changes to SAML v2.0 classes
-
The following classes are deprecated and will be removed in a future release:
Deprecated Replacement com.sun.identity.saml2.plugins.FedletAdapter
org.forgerock.openam.saml2.plugins.FedletAdapter
com.sun.identity.saml2.plugins.SAML2IDPFinder
org.forgerock.openam.saml2.plugins.IDPFinder
com.sun.identity.saml2.plugins.SAML2IdentityProviderAdapter
org.forgerock.openam.saml2.plugins.IDPAdapter
com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter
org.forgerock.openam.saml2.plugins.SPAdapter
The following methods are deprecated and will be removed in a future release:
-
InitializePlugin.java
:default void initialize(String, String)
Use
initialize(Map)
instead. -
IDPAuthnContextMapper.java
:public IDPAuthnContextInfo getIDPAuthnContextInfo(AuthnRequest, String, String) throws SAML2Exception
Use
getIDPAuthnContextInfo(AuthnRequest, String, String, String)
instead.
-
- SNMP monitoring
-
Support for SNMP monitoring is deprecated in this release.
AM provides better options for monitoring servers, including support for Prometheus, Graphite, and JMX. For details, refer to Monitor AM instances.
Deprecated since AM 7.2
- Legacy audit logging service
-
The legacy audit logging service is deprecated. Support for its use will be removed in a future AM release. Use the Common REST-based audit logging service instead.
org.forgerock.openidconnect.Claim
class-
The
org.forgerock.openidconnect.Claim
class has been deprecated. Support for its use will be removed in a future AM release. Its functionality is replaced by theorg.forgerock.oauth.clients.oidc.Claim
class, in the OpenAM commons library.For more information about the new class, refer to Changes to the OIDC claim classes.
user_id
field in the OAuth 2.0 introspection response-
The
user_id
field, which is part of the JSON response returned by the/oauth2/introspect
endpoint, is deprecated, and will be removed in a future release. It is replaced by theusername
field, in compliance with RFC 7662. - Legacy CAPTCHA node
-
The CAPTCHA node has been rewritten. The previous version of the node has been deprecated, and is now shown as Legacy CAPTCHA in the UI. For information on the new node, refer to CAPTCHA node.
org.forgerock.oauth2.core.ScopeValidator
interface-
The AM API now includes new interfaces, each with a single responsibility. When building plugins, use these interfaces from the
org.forgerock.oauth2.core.plugins
package instead:For examples, refer to Customize OAuth 2.0 with plugins.
- Command-line tools:
ssoadm
,ampassword
,configurator.jar
, andupgrade.jar
-
The
ssoadm
command and theconfigurator.jar
,upgrade.jar
, andampassword
tools remain deprecated. They will be removed in a future release of AM. - Access Token Enricher plugin for OAuth2 provider
-
The Access Token Enricher plugin interface is deprecated and will be removed in a future release of AM. The functionality of the access token enricher is superseded by the new AccessTokenModifier extension point.
- JAXRPC endpoint URL
-
The JAXRPC endpoint URL, used by the remote IDM/SMS APIs, is deprecated and will be removed in a future AM release.
- SAML2IdentityProviderAdapter method
-
The following method is deprecated and will be removed in a future AM release: preSendFailureResponse(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,java.lang.String,java.lang.String)
If you have a custom implementation of the
SAML2IdentityProviderAdapter
interface, you should now plan to replace the deprecated method with the new implementation: preSendFailureResponse(java.lang.String,java.lang.String,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,java.lang.String,java.lang.String).
Deprecated since AM 7.1
- Elasticsearch and Splunk audit handlers
-
AM 7.1 supports both file-based audit handlers and logging to standard output, which Elasticsearch and Splunk can consume.
For information, refer to Implement the audit logging service.
isAlive
JSP page-
Using the
isAlive.jsp
to determine if an instance is alive is deprecated.AM 7.1 includes new endpoints to determine if an instance is alive, and ready to process requests.
For information, refer to Monitor AM instances.
- Existing
getIDPAuthnContextInfo
signature -
The existing signature for the
getIDPAuthnContextInfo
method of theIDPAuthnContextMapper
interface is deprecated.AM 7.1 includes a new signature for the getIDPAuthnContextInfo method, which includes an additional parameter for the entity ID of the service provider (SP).
The deprecated method still works in AM 7.1, but you should update any code that uses it to the new four-parameter signature. The deprecated three-parameter signature will be removed in a future release. - Social authentication nodes
-
The following authentication nodes have been deprecated in favor of the Social Provider Handler node:
As part of this change, the Social Authentication Implementations Service is also deprecated. For information about using the Social provider node, refer to social registration.
- Direct access to the transient, secure, and shared state of authentication trees
-
Direct access to authentication trees' transient, secure, and shared states using the TreeContext class has been deprecated.
As part of this change:
-
Use of the
sharedState
and thetransientState
bindings for reading and updating state with the Scripted Decision Node API are deprecated.Use the
nodeState
binding instead. -
Use of the
getState
method from the TreeContext class, used to read state in authentication nodes, is deprecated.Use the
getStateFor
method instead.
For more information, refer to Store values in a tree’s node states and Access shared state data.
-
Deprecated since AM 7.0
- SOAP STS service
-
This service is deprecated and will be removed in a future release. Installing instances of this service in AM 7.0.1 is not supported. However, upgrading existing instances is.
- Embedded DS instance in production
-
You can use the embedded DS instance for evaluation and demonstration purposes only.
The embedded DS server will be removed in a future release. If you are still using the embedded DS server, change to an external DS server instead.
- Authentication chains and modules
-
You should migrate your environments to Intelligent Access using authentication trees and nodes.
- Unused authentication methods in hosted IDP authentication context mapping
-
Support for the following authentication methods in the authentication context table, when configuring a hosted identity provider, is deprecated:
-
User
-
Role
-
Resource URL
The other authentication methods are not deprecated, and can be used to achieve the same results as the deprecated options.
For information about configuring SAML v2.0 authentication context mappings, refer to authentication context.
-
Deprecated since AM 6.5
getIDPAuthnContextInfo
signature-
The signature for the
getIDPAuthnContextInfo
method of theIDPAuthnContextMapper
interface is deprecated.AM 6.5.4 included a new signature for the
getIDPAuthnContextInfo
method, with an additional parameter for the entity ID of the service provider (SP).The deprecated three-parameter signature still works in AM 6.5.4, but you should update any code that uses it to the new four-parameter signature.
user_id
member in the OAuth 2.0 introspection response-
The
user_id
member, returned by the/oauth2/introspect
endpoint, is deprecated. - Oracle WebLogic Server
-
Support for installing AM in an Oracle WebLogic Server is deprecated.
- Windows NT authentication module
-
Support for the Windows NT authentication module is deprecated.
- SAML 1.0
-
Support for SAML 1.0 is deprecated.
-
ssoadm
,ampassword
,configurator.jar
andupgrade.jar
tools These tools are deprecated and will be removed in a future release.
-