Support for the following functionality has been removed in IDM 7.0.0:
Native query expressions using the
_queryExpression keyword are no longer supported on managed objects. You must rewrite any custom queries that use
_queryExpression as regular filtered queries or as parameterized queries. Native query expressions are still supported for system objects.
For scripted Groovy connectors, the
reloadScriptOnExecution property has been removed from all sample provisioner files, as the property is not used by the connectors. For information on how scripts are loaded, see Script Compilation and Caching.
Note that scripted PowerShell connectors still use the
ReloadScriptOnExecution property to determine when a script is reloaded from disk.
The following properties have been removed from
You can no longer specify custom aliases for the default keys that IDM generates on startup. For more information about these keys, see "Working With the Default Keystore". If your old deployment used custom aliases for the default secret keys, you can migrate them.
In previous IDM releases, the
protocol property of a connector server configuration specified the communication protocol to the remote connector server. This property existed purely for legacy purposes and was set to
websocket by default. The property has now been removed, and connections to the remote connector server always use the
The "full stack sample" (Integrating IDM With the ForgeRock Identity Platform) has been removed in this release. The only supported method of authentication through AM is by using AM bearer tokens and the
rsFilter authentication module. For information on configuring an integrated deployment, see the Platform Setup Guide.
The ability to generate obfuscated and encrypted property values by using the crypto bundle has been removed. This functionality is replaced by the secrets service. For more information, see Secret Stores, Certificates and Keys.
When configuring self-service registration, the
idmUserDetails stage had previously used the
identityResourceUrl property instead of
identityServiceUrl. This stage now correctly uses the
identityResourceUrl has been removed. For more information about self-service registration, see Self-Registration.
The ScriptedCREST connector and the corresponding sample have been removed in this release. You should migrate any deployments use this connector to the "Scripted REST Connector".
Support for the Office 365 connector has been removed in this release.
Instead of the Office 365 connector, use the "MS Graph API Java Connector".
Support for the Active Directory (AD) .NET Connector has been removed.
For simple Active Directory (and Active Directory LDS) deployments, use the Generic LDAP Connector.
For more complex Active Directory deployments, use the PowerShell Connector Toolkit, as described in "PowerShell Connector Toolkit".