Incompatible changes

ScriptableResourceUriProvider accepts returned values only as a String. In previous releases, it accepted returned values as a String or Promise<String>. For more information, see ScriptableResourceUriProvider in PolicyEnforcementFilter.

IG has upgraded the version of Logback, used for the logging framework. The Logback update introduces changes that can affect your existing deployment. For more information about changes in Logback, see the Logback website.

AM 5.x.x has reached Product End of Life and is no longer supported. The default value of the AmService property version has changed to 6. For more information, refer to ForgeRock Product Support Lifecycle Policy | IG and Agents.

For better security, the keyType for CapturedUserPasswordFilter is now required, and the use of DES is deprecated.

Classes related to JWT stateless sessions have moved from the package org.forgerock.openig.jwt to org.forgerock.openig.session.jwt.

Classes and functions used to validate a JWT, used with a JwtValidatorCustomizer in a JwtValidationFilter, have moved from the package org.forgerock.openig.tools.jwt to org.forgerock.openig.tools.jwt.validation.

The IG scripting engine has been updated to incorporate the changes automatically.

To improve privacy, browsers have recently changed third-party cookie policies to require the following settings for session cookies: SameSite=None, Secure=True.

Depending on your deployment and route configuration, configure session cookies as follows: