AM release notes

Removed

The functionality listed here was removed.

AM 7.3

Removal of CTS worker pool

The org.forgerock.services.cts.async.queue.size and org.forgerock.services.cts.async.queue.timeout advanced configuration properties were removed.

For details, refer to: Removal of CTS worker thread pool.

AM 7.2

No features or functionality were removed in this release.

AM 7.1

No features or functionality were removed in this release.

AM 7.0

AM 7.0.1

SOAP STS service installation

Installing instances of the SOAP STS service in AM 7.0.1 is not supported. However, upgrading existing instances is.

AM 7.0.0

Authentication through /UI/login endpoint

Authentication through the /UI/login has been removed. Rewrite your clients to use the /XUI/#login/ endpoint instead.

/openam/cdservlet

The cdservlet servlet, which was used by Web Agents and Java Agents earlier than version 5 to accomplish CDSSO, was removed from AM 7.

As a result, the following were also removed:

  • The classic CDSSO mode.

  • The following AM advanced server properties:

    • com.iplanet.services.cdc.invalidGotoStrings

    • org.forgerock.openam.cdc.validLoginURIs

  • The com.sun.identity.federation.services.idpLoginURL JVM property.

IDFF cdservlet-related legacy audit log events are no longer logged.

Support for SAML v1.x

Support for SAML v1.x was removed from AM 7. However, AM 7 does support SAML v2.0.

For more information about SAML v2.0, refer to the SAML v2.0 Guide.

Supported APIs

AM 7 removes the following APIs from the com.sun.identity.authentication.AuthContext class, to allow AM to support Java 11:

  • constructor: public AuthContext(String orgName, String nickName) throws AuthLoginException

  • constructor: public AuthContext(String orgName, String nickName, URL url) throws AuthLoginException

  • method: public static void setCertDBPassword(String password)

The following APIs were also removed:

  • Deprecated SAE_PARAM_APPID field removed from the SecureAttrs class.

  • Deprecated SiteAttributeMapper and PartnerSiteAttributeMapper interfaces removed.

    Instead, use the ConsumerSiteAttributeMapper interface.

  • Deprecated getAttributeMapForFedlet method removed.

    Instead, use the getAttributesForFedlet method.

SAML v2.0 service configurations service

This service was removed by realm. The metadata and signing aliases were removed from the global service configuration, since the providers now use secret stores.

CTS Reaper property org.forgerock.services.cts.reaper.search.pageSize

This advanced server property was removed.

Dashboard wizards

The wizards in the Dashboard of the administrative users have been removed. They were using the JATO implementation of the UI, which is not supported with Java 11.

Advanced server property org.forgerock.openam.audit.access.attempt.enabled

This property was replaced by the org.forgerock.openam.audit.identity.activity.events.blacklist advanced server property.

For more information, refer to Advanced properties.

AM 6.5

AM 6.5.4

/identity

Access to the legacy /identity endpoints was removed.

AM 6.5.3

Advanced server property org.forgerock.openam.audit.access.attempt.enabled

This property was replaced by the org.forgerock.openam.audit.identity.activity.events.blacklist advanced server property.

For more information, refer to Advanced Properties in the Reference guide.

AM 6.0

Agents 2.2 XUI pages

The XUI pages for the deprecated agents 2.2 have been removed. Use the Amster command to configure or modify agent 2.2 instances.

AM 5.5

JWT as authorization grant bearer type

AM has removed support for the JWT authorization grant bearer type as specified in Section 2.1 of RFC 7523, Using JWTs as Authorization Grants.

AM continues to support Section 2.2, Using JWTs for Client Authentication, of RFC 7523. For more information, refer to JWT Bearer Profile in the OAuth 2.0 Guide.

Crosstalk-related properties

The following system configuration properties have been removed from AM:

  • com.iplanet.am.session.failover.cluster.stateCheck.period

  • com.iplanet.am.session.failover.cluster.stateCheck.timeout

UrlAccessAgent

The UrlAccessAgent user was removed from AM and Amster.

AM SDK

The AM SDK was removed. This includes the Java com.iplanet.am.sdk package, which has been deprecated since Sun Java System Access Manager 7.1. The client detection service has also been removed.

When you upgrade AM software, the following settings are removed:

  • Settings for running in coexistence mode with Sun Access Manager

  • com.iplanet.am.domaincomponent property settings

  • com.iplanet.am.sdk.ldap.debugFileName property settings

  • com.iplanet.am.sdk.userEntryProcessingImpl property settings

  • com.sun.identity.amsdk.cache.enabled property settings

Client SDK software

Deprecated client SDK examples and libraries were removed.

Client applications can use the AM REST APIs instead, as documented in Developing with the REST API in the Development Guide.

Support for JDK 7

AM 5.5.0 supports JDK 8 only. For more information, refer to Java Requirements.

Support for several data store versions

AM 5.5.0 does not support the following data store versions:

Support for Amazon Linux 2016.09

AM now supports Amazon Linux AMI 2017.03. For more information, refer to Operating System Requirements.

ssoadm.jsp

The deprecated ssoadm.jsp page was removed.

UrlAccessAgent

The default agent, UrlAccessAgent, was removed. Therefore, you need only to provide the amAdmin user password during AM installation.

The --PolicyAgentPwd option was also removed from the ssoadm command.

Copyright © 2010-2023 ForgeRock, all rights reserved.