Limitations are inherent to the design, not bugs to be fixed:
Pre-exisiting fragment cookie overwrites the current fragment cookie during authentication
When a user has a pre-exisiting fragment cookie during authentication, for example, from a previous, incomplete authentication attempt, the pre-exisiting fragment overwrites the current fragment.
To minimize the impact of this limitation, the
FragmentFilter cookie has a new
maxAge to configure the maximum duration for which it can remain
Multiple spaces in unquoted cookie values are changed to a single space in JBoss
In JBoss, multiple spaces in unquoted cookie values are reduced to one space. For example:
is changed to
No access to common time related functions in expressions
The value of
System.currentTimeMillis() cannot currently be used in filters, such as JwtBuilderFilter, for claims such as
Scripts can access anything in their environment
IG scripts are not sandboxed, but instead have access to anything in their environment. You must make sure that the scripts that IG loads are safe.
Persist UMA shares
Proxy WebSocket traffic when running in Jetty
Blocked ClientHandler with asynchronous HTTP clients
IG processes responses from asynchronous HTTP clients by using two thread pools of the same size:
The first thread pool receive the response headers.
The second thread pool completes the promise by to executing the callback and writing the response content to the stream. Reading and writing to the stream are synchronous, blocking operations.
Synchronous operation can cause routes to declare a blocked ClientHandler.
To recover from blocking, restart the route, or, if the route is
config.json, restart the server. To prevent blocking, increase the number of worker threads.
Cannot use custom config.json in Studio
When a customized
is configured in Studio, Studio cannot deploy routes.
Log file of audit events can be overwritten
The log file of audit events can be overwritten when the log file is rotated.
CsvAuditEventHandler is used to log audit events, the log file is overwritten if it is rotated before the file suffix,
rotationFileSuffix, changes. By default,
rotationFileSuffix is defined as a date in the format
Log files are rotated when one of the following limits is reached:
Set the log rotation parameters so that the log is not likely to rotate before
Cannot use SAML with AM policy agent
When SAML is used with an AM policy agent, class cast exceptions occur.
SAML fails with incorrect user-defined mapping
When the user defined mapping is incorrectly set, missing SAML assertions produce an infinite loop during authentication attempts.
For mutual authentication in HTTPS cannot specify which certificate to present
IG can check server certificates for HTTPS. However, for mutual authentication, the client certificate must be the first certificate in the KeyStore.