IG 7.2.0

Incompatible changes

The following changes introduced in IG 7.2 can impact your migration from IG 7.1:

ScriptableResourceUriProvider accepts returned values only as a String

ScriptableResourceUriProvider accepts returned values only as a String. In previous releases, it accepted returned values as a String or Promise<String>. For more information, see ScriptableResourceUriProvider in PolicyEnforcementFilter.

Logback upgrade

IG has upgraded the version of Logback, used for the logging framework. The Logback update introduces changes that can affect your existing deployment. For more information about changes in Logback, see the Logback website.

AM 5.x.x End-of-Service-Life

AM 5.x.x has reached End-of-Service-Life (EOSL), and no is longer supported. The default value of the AmService property version has changed to 6.

keyType for CapturedUserPasswordFilter is required

For better security, the keyType for CapturedUserPasswordFilter is now required, and the use of DES is deprecated.

JWT classes relocated to new packages

Classes related to JWT stateless sessions have moved from the package org.forgerock.openig.jwt to org.forgerock.openig.session.jwt.

Classes and functions used to validate a JWT, used with a JwtValidatorCustomizer in a JwtValidationFilter, have moved from the package org.forgerock.openig.tools.jwt to org.forgerock.openig.tools.jwt.validation.

The IG scripting engine has been updated to incorporate the changes automatically.

CDSSO requires session cookies with SameSite=None, Secure=True

To improve privacy, browsers have recently changed third-party cookie policies to require the following settings for session cookies: SameSite=None, Secure=True.

Depending on your deployment and route configuration, configure session cookies as follows:

Copyright © 2010-2022 ForgeRock, all rights reserved.