Deprecation

The following features are deprecated and likely to be discontinued in a future release:

The Splunk and Elasticsearch audit event handlers are deprecated.

IDM 7.1 supports both file-based audit handlers and logging to standard output, which Elasticsearch and Splunk can consume.

Access Configuration in access.js

In previous releases, access rules were configured in the access.js script. This script has been replaced by an access.json configuration file, that performs the same function. Existing deployments that use customized access.js files are still supported for backward compatibility. However, support for access rules defined in access.js is deprecated, and will be removed in a future release. You should move these access rules to a conf/access.json file. For more information, see Authorization and Access Control.

Actions on scheduler Endpoint

The action parameter on the scheduler endpoint was deprecated in Version 1 of the endpoint and is not supported in Version 2.

To validate a cron expression, use the validateQuartzCronExpression action on the scheduler/job endpoint, as described in Validate Cron Trigger Expressions.

Health Endpoints

The health endpoints, used to monitor system activity have been deprecated in this release, as their functionality was not considered to be of much use.

The information available on health/recon was node-specific. Instead, you can retrieve cluster-wide reconciliation details with a GET on the recon endpoint.

The information available on the health/os and health/memory endpoints can be retrieved by inspecting the JVM using third-party tools such as the Prometheus JMX Exporter.

Conditional Query Filters

The syntax of conditional query filters and scripts within notification filters has changed in this release. In previous IDM releases, request properties such as content in create and update requests or patchOperations in patch requests were referenced directly. For example, the notification-newReport.json configuration previously used the following query filter:

"condition" : "content/manager pr"

In IDM 7, query filters and scripts should reference the request object to obtain any request properties. Sample query filters have been changed accordingly. For example, the query filter in notification-newReport.json has been changed to the following:

"condition" : "request/content/manager pr",

This syntax is more verbose, but it lets script implementations use request visitors logic based on the request type, and is more consistent with generic router filters.

The old request syntax will still work in IDM 7.0, but is considered deprecated. Support for the old syntax will be removed in a future release. Note that this change is limited to notification filters. Filters such as those used with scripted endpoints have never supported direct access to request properties, and are therefore not changing. For more information on notification filters, see Configure Notifications.

Self-Service Stages

Self-Service Stages (described in Self-Service Stage Reference) are deprecated in this release and support for their use will be removed in a future release. From IDM 7 onwards, this functionality is replaced by AM Authentication Trees.

oauthReturn Endpoint

Support for oauthReturn as an endpoint for OAuth2 and OpenID Connect standards has been deprecated for interactions with AM and will be removed in a future release. Support for interactions with social identity providers was removed in IDM 6.5.0.

Default versions of relevant configuration files no longer include oauthReturn in the redirectUri setting. However, for IDM 7.1, these configuration files should still work both with and without oauthReturn in the endpoint.

timeZone in Schedules

In schedule configurations, setting a time zone using the timeZone field is deprecated. To specify a time zone for schedules, use the startTime and endTime fields.

MD5 and SHA-1 Hash Algorithms

Support for the MD5 and SHA-1 hash algorithms is deprecated and will be removed in a future release. You should use more secure algorithms in a production environment. For a list of supported hash algorithms, see "Encoding Attribute Values by Using Salted Hash Algorithms".

JAVA_TYPE_DATE Attribute Type

Support for the native attribute type, JAVA_TYPE_DATE, is deprecated and will be removed in a future release. This property-level extension is an alias for string. Any dates assigned to this extension should be formatted per ISO 8601.

POST Request With ?_action=patch

Support for a POST request with ?_action=patch is deprecated, when patching a specific resource. You can still use ?_action=patch when patching by query on a collection.

Clients that do not support the regular PATCH verb should use the X-HTTP-Method-Override header instead.

For example, the following POST request uses the X-HTTP-Method-Override header to patch user jdoe's entry:

curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--header "Content-Type: application/json" \
--request POST \
--header "X-HTTP-Method-Override: PATCH" \
--data '[
    {
        "operation":"replace",
        "field":"/description",
        "value":"The new description for Jdoe"
    }
]' \
"http://localhost:8080/openidm/managed/user/jdoe"

minLength property

The managed object property minLength is deprecated. When you need to specify a minimum length for a property, instead use the minimum-length policy:

{
    "policyId" : "minimum-length",
    "params" : {
        "minLength" : 8
    }
}

OAUTH_CLIENT authentication module

The OAUTH_CLIENT authentication module is deprecated. Using OAuth2 for authentication is available through rsFilter authentication. For more information about rsFilter, see "Authenticate through AM".