Identity Gateway 7.2

Deprecation

The following features and properties are deprecated, as defined in ForgeRock Product Stability Labels, and likely to be removed in a future release:

Delivery of IG war file

The delivery of a .war file was deprecated in IG 7.

Methods to read or set query and form parameters

The request.form method used in scripts to read or set query and form parameters is deprecated. Use the following methods instead:

  • Request.getQueryParams() to read query parameters.

  • Entity.getForm() to read form parameters.

  • Entity.setForm() to set form parameters.

LdapClient class and 'ldap' script binding

The LdapClient class and the ldap script binding were deprecated in IG 7.1.

JwtBuilderFilter with unsigned, unencrypted JWTs

The use of JwtBuilderFilter with unsigned, unencrypted JWTs was deprecated in IG 7.

Object Deprecated in IG Deprecated settings Replacement settings

AmService

6.5

password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

AuditService

7

event-handlers

Replaced by eventHandlers.

OAuth2ClientFilter

7.2

Filter name

Replaced by AuthorizationCodeOAuth2ClientFilter.

For backward compatibility, the name OAuth2ClientFilter can still be used in routes.

ClientCredentialsOAuth2ClientFilter

7.2

clientId, clientSecretId, handler

If you use the deprecated properties, provide clientId, clientSecretId to obtain the client secret, which authenticates using the client_secret_basic method.

Replaced by endpointHandler, which uses ClientSecretBasicAuthenticationFilter or ClientSecretPostAuthenticationFilter.

CapturedUserPasswordFilter

6.5

key

Replaced by keySecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

7.2

keyType value DES

Replaced by AES.

ClientHandler

7.2

proxy and systemProxy

Replaced by proxyOptions.

6.5

proxy subproperty password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

6.5

  • keyManager

  • sslCipherSuites

  • sslContextAlgorithm

  • sslEnabledProtocols

  • trustManager

Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.

6.5

websocket subproperties:

  • keyManager

  • sslCipherSuites

  • sslContextAlgorithm

  • sslEnabledProtocols

  • trustManager

Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.

7.2

hostnameVerifier

Replaced by hostnameVerifier in ClientTlsOptions.

If a ClientHandler includes the deprecated "hostnameVerifier": "ALLOW_ALL" configuration, it takes precedence, and deprecation warnings are written to the logs.

ClientRegistration

7

  • keystore

  • privateKeyJwtAlias

  • privateKeyJwtPassword

Replaced by privateKeyJwtSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

7

name, when used to identify a registration

Replaced by clientId. For information, see ClientRegistration, and the example route in Use Multiple OpenID Connect Providers.

6.5

clientSecret

Replaced by clientSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

7.2

  • clientSecretId

  • tokenEndpointAuthMethod

  • tokenEndpointAuthSigningAlg

  • privateKeyJwtSecretId

  • jwtExpirationTimeout

  • secretsProvider.

Replaced by authenticatedRegistrationHandler.

CorsFilter

7.1

origins

Replaced by acceptedOrigins. For information, see CorsFilter.

CryptoHeaderFilter

7

Whole object

Not replaced. For information, see CryptoHeaderFilter.

DesKeyGenHandle

7

Whole object

Not replaced. For information, see DesKeyGenHandler.

ElasticsearchAuditEventHandler

7.1

Whole object

Not replaced.

JwtBuilderFilter

6.5

signature subproperties:

  • keystore

  • alias

  • password

Replaced by signature property secretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

JwtSession

7

encryptionSecretId and signatureSecretId

Replaced by authenticatedEncryptionSecretId and encryptionMethod.

7

cookieName and cookieDomain

Replaced by cookie, and its subproperties name, domain, path, secure, httpOnly.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

6.5

password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

6.5

Combination of password, alias, and keystore Combination of passwordSecretId, alias, and keystore

Replaced by encryptionSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

6.5

sharedSecret

Replaced by signatureSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

KeyManager

6.5

password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

KeyStore

6.5

password

Replaced by passwordSecretId.

If the deprecated and replacement properties are both provided, the replacement property takes precedence.

OpenAmAccessTokenResolver

7

Whole object

Not replaced. For information, see OpenAmAccessTokenResolver.

PasswordReplayFilter

7

headerDecryption subproperties key and keyType

Replaced by keySecretId and secretsProvider.

ReverseProxyHandler

7.2

proxy and systemProxy

Replaced by proxyOptions.

7.1

proxy subproperty password

Replaced by passwordSecretId.

7

  • keyManager

  • sslCipherSuites

  • sslContextAlgorithm

  • sslEnabledProtocols

  • trustManager

Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.

7

websocket subproperties:

  • keyManager

  • sslCipherSuites

  • sslContextAlgorithm

  • sslEnabledProtocols

  • trustManager

Replaced by the ClientTlsOptions object. For more information, see ClientTlsOptions.

7.2

hostnameVerifier

Replaced by hostnameVerifier in ClientTlsOptions.

If a ReverseProxyHandler includes the deprecated "hostnameVerifier": "ALLOW_ALL" configuration, it takes precedence, and deprecation warnings are written to the logs.

Route

6.5

monitor

Replaced by the Prometheus Scrape Endpoint and Common REST Monitoring Endpoint. For information, see Monitoring Endpoints.

SingleSignOnFilter

7

logoutEndpoint

Replaced by logoutExpression.

SplunkAuditEventHandler

7.1

Whole object

Not replaced.

SqlAttributesFilter

7

dataSource as a JNDI lookup name

Replaced by dataSource as a JdbcDataSource configuration object.

StatelessAccessTokenResolver

6.5.1

signatureSecretId

Replaced by verificationSecretId.

6.5.1

encryptionSecretId

Replaced by decryptionSecretId.

UserProfileFilter

6.5

ssoToken

Replaced by username in UserProfileFilter.

6.5

amService and profileAttributes

Replaced amService and profileAttributes, as sub-properties of userProfileService

The environment variable and system property that define the file system directory for configuration files.

6.5

OPENIG_BASE and openig.base

Replaced by IG_INSTANCE_DIR and ig.instance.dir.

If neither the deprecated setting nor the replacement setting are provided, configuration files are in the default directory $HOME/.openig (on Windows, %appdata%\OpenIG).

If the deprecated setting and the replacement setting are both provided, the replacement setting is used.

Functions

7.1.2

matches

Replaced by matchesWithRegex or find.

7.1.2

matchingGroups

Replaced by findGroups.

ClientTlsOptions

7.1.2

sslEnabledProtocols with SSL 3 and SSL 2

  • Use TLS 1.3 when it is supported by available libraries, otherwise use TLS 1.2.

  • If TLS 1.1 or TLS 1.0 is required for backwards compatibility, use it only with express approval from enterprise security.
Copyright © 2010-2024 ForgeRock, all rights reserved.