Deprecated

Features and properties are deprecated and removed as defined in ForgeRock product stability labels.

Unless otherwise stated, when a deprecated setting and its replacement setting are both provided, the replacement setting is used.

Deprecated in Feature or property Setting Replacement setting Removed in

Deprecated in	Feature or property	Setting	Replacement setting	Removed in
2024.3	Vert.x	Options described in 4.5.0 Deprecations and breaking changes	Options described in VertxOptions	Not yet removed
Common REST Monitoring Endpoint	Whole feature	Prometheus Scrape Endpoint	Not yet removed
2023.11	Java support	Java 11	Java 17	2024.3
2023.9	Retrieval of the target URI in AuthorizationCodeOAuth2ClientFilter	`request.uri` or `originalUri` in UriRouterContext	IdpSelectionLoginContext	Not yet removed
2023.6	Vert.x	`maxHeaderSize` `initialSettings.maxHeaderListSize`	`connectors:maxTotalHeadersSize` in AdminHttpApplication	Not yet removed
PolicyEnforcementFilter	`useLegacyAdviceEncoding`	Advice encoding with the encoder used by the AM version.	Not yet removed
2023.4	CookieFilter	Use of the Set-Cookie2 HTTP header, obsoleted by RFC 6265: Set-Cookie2	Not replaced	Not yet removed
SamlFederationHandler	Whole object	SamlFederationFilter	Not yet removed
2023.2	Studio	Structured Editor	Not replaced	Not yet removed
KeyStoreSecretStore	Required property `storePassword` Optional property `keyEntryPassword`	Optional property `storePasswordSecretId` Optional property `entryPasswordSecretId`	Not yet removed
HsmSecretStore	property `storePassword`	property `storePasswordSecretId`	Not yet removed
Names of Prometheus counter metrics	`request` `response.error` `response.null` `response.status.client_error` `response.status.informational` `response.status.redirection` `response.status.server_error` `response.status.successful` `response.status.unknown`	In a future release, the deprecated names are expected to be replaced with names ending in `_total`. Only the metric name is deprecated; the information provided by the metric is not deprecated. Other Prometheus metrics are not affected.	Not yet removed
Names of Vert.x counter metrics	`vertx_net_client_bytes_read` `vertx_net_client_bytes_written` `vertx_net_client_errors` `vertx_http_client_bytes_read` `vertx_http_client_bytes_written` `vertx_http_client_errors` `vertx_net_server_bytes_read` `vertx_net_server_bytes_written` `vertx_net_server_errors` `vertx_http_server_bytes_read` `vertx_http_server_bytes_written` `vertx_http_server_errors` `vertx_datagram_errors` `vertx_eventbus_processed` `vertx_eventbus_published` `vertx_eventbus_discarded` `vertx_eventbus_sent` `vertx_eventbus_received` `vertx_eventbus_delivered` `vertx_eventbus_reply_failures` `vertx_pool_completed`	In a future release, the deprecated names are expected to be replaced with names ending in `_total`. Only the metric name is deprecated; the information provided by the metric is not deprecated. Other Vert.x metrics are not affected.	Not yet removed
KeyStore	Whole object	KeyStoreSecretsStore There will be no replacement for keystore loading from a URL.	Not yet removed
KeyManager	Whole object	SecretsKeyManager	Not yet removed
TrustManager	Whole object	SecretsTrustManager	Not yet removed
CapturedUserPasswordFilter	A `GenericSecret` shared key	A `CryptoKey` shared key. After removal, it will no longer be possible to store the shared key in a Base64SecretStore.	Not yet removed
7.2	CapturedUserPasswordFilter	`keyType` value `DES`	`AES`	Not yet removed
ClientCredentialsOAuth2ClientFilter	`clientId`, `clientSecretId`, `handler`	`endpointHandler`, which uses ClientSecretBasicAuthenticationFilter or ClientSecretPostAuthenticationFilter	Not yet removed
ClientHandler	`proxy`, `systemProxy`	`proxyOptions`	Not yet removed
`hostnameVerifier`	ClientTlsOptions property `hostnameVerifier`	Not yet removed
ClientRegistration	`clientSecretId` `tokenEndpointAuthMethod` `tokenEndpointAuthSigningAlg` `privateKeyJwtSecretId` `jwtExpirationTimeout` `secretsProvider`	`authenticatedRegistrationHandler`	Not yet removed
OAuth2ClientFilter	Filter name	AuthorizationCodeOAuth2ClientFilter	Not yet removed
ReverseProxyHandler	`proxy`, `systemProxy`	`proxyOptions`	Not yet removed
`hostnameVerifier`	ClientTlsOptions property `hostnameVerifier` If a ReverseProxyHandler includes the deprecated `"hostnameVerifier": "ALLOW_ALL"` configuration, it takes precedence, and deprecation warnings are written to the logs.	Not yet removed
7.1.2	Functions	`matches`	`matchesWithRegex` or `find`	Not yet removed
`matchingGroups`	`findGroups`	Not yet removed
7.1	Ldap	`LdapClient` class and the `ldap` script binding	None	2024.3
CorsFilter	`origins`	`acceptedOrigins`	Not yet removed
ElasticsearchAuditEventHandler	Whole object	SyslogAuditEventHandler JsonAuditEventHandler with `elasticsearchCompatible` set to `true`	Not yet removed
SplunkAuditEventHandler	Whole object	SyslogAuditEventHandler JsonAuditEventHandler	Not yet removed
Method	`request.form` method used in scripts to read or set query and form parameters	`Request.getQueryParams()` to read query parameters `Entity.getForm()` to read form parameters `Entity.setForm()` to set form parameters	Not yet removed
7	AuditService	`event-handlers`	`eventHandlers`	2024.3
ClientHandler and ReverseProxyHandler	`proxy` subproperty `password`	`proxy` subproperty `passwordSecretId`	2024.3
ClientRegistration	`keystore` `privateKeyJwtAlias` `privateKeyJwtPassword`	`privateKeyJwtSecretId`	2024.3
Identification of a client registration when a user initiates a login with the OAuth2ClientFilter	The name of the ClientRegistration heaplet	The `clientId` property of ClientRegistration	2024.3
CryptoHeaderFilter	Whole object	JwtBuilderFilter	2024.3
Default secrets object	Whole object	A `secretsProvider` configuration in each affected object	2024.3
DesKeyGenHandler	Whole object	None	2024.3
JwtBuilderFilter	Use of unsigned or unencrypted JWTs	Use of signed or encrypted JWTs	2024.3
JwtSession	`encryptionSecretId`, `signatureSecretId`	`authenticatedEncryptionSecretId` and `encryptionMethod`.	2024.3
`cookieName`, `cookieDomain`	`cookie` and its subproperties	2024.3
OpenAmAccessTokenResolver	Whole object	None	2024.3
PasswordReplayFilter	`headerDecryption`	`credentials` property configured with a CapturedUserPasswordFilter	2024.3
Route	`secrets`	A `secretsProvider` configuration in each affected object	2024.3
SingleSignOnFilter	`logoutEndpoint`	`logoutExpression`	2024.3
SqlAttributesFilter	`dataSource` as a JNDI lookup name	`dataSource` as a `JdbcDataSource` configuration object	2024.3
TlsOptions	Whole object	ClientTlsOptions	2024.3
6.5.1	StatelessAccessTokenResolver	`signatureSecretId`	`verificationSecretId`	2023.2
`encryptionSecretId`	`decryptionSecretId`	2023.2
6.5	AmService	`agent` subproperty `password`	`agent` subproperty `passwordSecretId`	2024.3
CapturedUserPasswordFilter	`key`	`keySecretId`	2024.3
ClientHandler and ReverseProxyHandler	`keyManager` `sslCipherSuites` `sslContextAlgorithm` `sslEnabledProtocols` `trustManager`	`tls` property to define a ClientTlsOptions object	2023.2
ClientRegistration	`clientSecret`	`clientSecretId`	2024.3
JwtBuilderFilter	`signature` subproperties: `keystore` `alias` `password`	`signature` subproperty `secretId`	2024.3
JwtSession	`password`, `alias`, and `keystore`	`encryptionSecretId`	2024.3
`sharedSecret`	`signatureSecretId`	2024.3
KeyManager	`password`	`passwordSecretId`	2024.3
KeyStore	`password`	`passwordSecretId`	2024.3
PolicyEnforcementFilter	`pepUsername`, `pepPassword`	AmService property `agent`	6.5
UserProfileFilter	`ssoToken`	UserProfileFilter property `username`	2023.2
`amService`	`userProfileService` subproperty `amService`	2023.2
`profileAttributes`	`userProfileService` subproperty `profileAttributes`	2023.2
6.1	TokenTransformationFilter	`username`, `password`	AmService property `agent`	6.5
ReverseProxyHandler	`websocket` subproperties: `keyManager` `sslCipherSuites` `sslContextAlgorithm` `sslEnabledProtocols` `trustManager`	`tls` property to define a ClientTlsOptions object	6.5
ClientRegistration	`keyStore`	`keystore`	7
6	IG product	Delivery of a .war file	.zip file	Not delivered from 2023.2 Not created from 2024.3
AM Policy Agents	Use of AM policy agents in password capture and replay	CapturedUserPasswordFilter	7
Environment variable and system property	`OPENIG_BASE` `openig.base`	`IG_INSTANCE_DIR` `ig.instance.dir`	2023.2
Route	`monitor`	Prometheus Scrape Endpoint and Common REST Monitoring Endpoint	7.1
OpenAmAccessTokenResolver	`endpoint`	AmService property `url`	6
PolicyEnforcementFilter	`amHandler`, `openamUrl`, `realm`, `ssoTokenHeader`	AmService properties `amHandler`, `url`, `realm`, `ssoTokenHeader`	6.5
`cache` subproperty `maxTimeout`	`cache` subproperty `maximumTimeToCache`	7
`executor`	`cache` subproperty `executor`	2023.2
SingleSignOnFilter	`amHandler`, `openamUrl`, `realm`, and `cookieName`	AmServiceproperties `amHandler`, `url`, `realm`, and `ssoTokenHeader`	6.5
TokenTransformationFilter	`amHandler`, `openamUrl`, `realm`, `ssoTokenHeader`	AmService properties `amHandler`, `url`, `realm`, `ssoTokenHeader`	6.5
5.5.1	HeapClientRegistrationRepository	Whole object	AuthorizationCodeOAuth2ClientFilter property `registrations`	6
ClientRegistration	`tokenEndpointUseBasicAuth`	`tokenEndpointAuthMethod`	6
OAuth2ResourceServerFilter	`cacheExpiration`	`cache` and its subproperties	7
`tokenInfoEndpoint`, `providerHandler`	Configuration properties of OpenAmAccessTokenResolver, TokenIntrospectionAccessTokenResolver and ScriptableAccessTokenResolver	6

2024.3

Vert.x

Options described in 4.5.0 Deprecations and breaking changes

Options described in VertxOptions

Not yet removed

Common REST Monitoring Endpoint

Whole feature

Prometheus Scrape Endpoint

Not yet removed

2023.11

Java support

Java 11

Java 17

2024.3

2023.9

Retrieval of the target URI in AuthorizationCodeOAuth2ClientFilter

request.uri
or
originalUri in UriRouterContext

IdpSelectionLoginContext

Not yet removed

2023.6

Vert.x

maxHeaderSize

initialSettings.maxHeaderListSize

connectors:maxTotalHeadersSize in AdminHttpApplication

Not yet removed

PolicyEnforcementFilter

useLegacyAdviceEncoding

Advice encoding with the encoder used by the AM version.

Not yet removed

2023.4

CookieFilter

Use of the Set-Cookie2 HTTP header, obsoleted by RFC 6265: Set-Cookie2

Not replaced

Not yet removed

SamlFederationHandler

Whole object

SamlFederationFilter

Not yet removed

2023.2

Studio

Structured Editor

Not replaced

Not yet removed

KeyStoreSecretStore

Required property storePassword
Optional property keyEntryPassword

Optional property storePasswordSecretId
Optional property entryPasswordSecretId

Not yet removed

HsmSecretStore

property storePassword

property storePasswordSecretId

Not yet removed

Names of Prometheus counter metrics

request
response.error
response.null
response.status.client_error
response.status.informational
response.status.redirection
response.status.server_error
response.status.successful
response.status.unknown

In a future release, the deprecated names are expected to be replaced with names ending in _total.

Only the metric name is deprecated; the information provided by the metric is not deprecated. Other Prometheus metrics are not affected.

Not yet removed

Names of Vert.x counter metrics

vertx_net_client_bytes_read
vertx_net_client_bytes_written
vertx_net_client_errors
vertx_http_client_bytes_read
vertx_http_client_bytes_written
vertx_http_client_errors
vertx_net_server_bytes_read
vertx_net_server_bytes_written
vertx_net_server_errors
vertx_http_server_bytes_read
vertx_http_server_bytes_written
vertx_http_server_errors
vertx_datagram_errors
vertx_eventbus_processed
vertx_eventbus_published
vertx_eventbus_discarded
vertx_eventbus_sent
vertx_eventbus_received
vertx_eventbus_delivered
vertx_eventbus_reply_failures
vertx_pool_completed

In a future release, the deprecated names are expected to be replaced with names ending in _total.

Only the metric name is deprecated; the information provided by the metric is not deprecated. Other Vert.x metrics are not affected.

Not yet removed

KeyStore

Whole object

KeyStoreSecretsStore

There will be no replacement for keystore loading from a URL.

Not yet removed

KeyManager

Whole object

SecretsKeyManager

Not yet removed

TrustManager

Whole object

SecretsTrustManager

Not yet removed

CapturedUserPasswordFilter

A GenericSecret shared key

A CryptoKey shared key.

After removal, it will no longer be possible to store the shared key in a Base64SecretStore.

Not yet removed

7.2

CapturedUserPasswordFilter

keyType value DES

AES

Not yet removed

ClientCredentialsOAuth2ClientFilter

clientId, clientSecretId, handler

endpointHandler, which uses ClientSecretBasicAuthenticationFilter or ClientSecretPostAuthenticationFilter

Not yet removed

ClientHandler

proxy, systemProxy

proxyOptions

Not yet removed

hostnameVerifier

ClientTlsOptions property hostnameVerifier

Not yet removed

ClientRegistration

clientSecretId
tokenEndpointAuthMethod
tokenEndpointAuthSigningAlg
privateKeyJwtSecretId
jwtExpirationTimeout
secretsProvider

authenticatedRegistrationHandler

Not yet removed

OAuth2ClientFilter

Filter name

AuthorizationCodeOAuth2ClientFilter

Not yet removed

ReverseProxyHandler

proxy, systemProxy

proxyOptions

Not yet removed

hostnameVerifier

ClientTlsOptions property hostnameVerifier
If a ReverseProxyHandler includes the deprecated "hostnameVerifier": "ALLOW_ALL" configuration, it takes precedence, and deprecation warnings are written to the logs.

Not yet removed

7.1.2

Functions

matches

matchesWithRegex or find

Not yet removed

matchingGroups

findGroups

Not yet removed

7.1

Ldap

LdapClient class and the ldap script binding

None

2024.3

CorsFilter

origins

acceptedOrigins

Not yet removed

ElasticsearchAuditEventHandler

Whole object

SyslogAuditEventHandler
JsonAuditEventHandler with elasticsearchCompatible set to true

Not yet removed

SplunkAuditEventHandler

Whole object

SyslogAuditEventHandler
JsonAuditEventHandler

Not yet removed

Method

request.form method used in scripts to read or set query and form parameters

Request.getQueryParams() to read query parameters

Entity.getForm() to read form parameters

Entity.setForm() to set form parameters

Not yet removed

AuditService

event-handlers

eventHandlers

2024.3

ClientHandler and ReverseProxyHandler

proxy subproperty password

proxy subproperty passwordSecretId

2024.3

ClientRegistration

keystore
privateKeyJwtAlias
privateKeyJwtPassword

privateKeyJwtSecretId

2024.3

Identification of a client registration when a user initiates a login with the OAuth2ClientFilter

The name of the ClientRegistration heaplet

The clientId property of ClientRegistration

2024.3

CryptoHeaderFilter

Whole object

JwtBuilderFilter

2024.3

Default secrets object

Whole object

A secretsProvider configuration in each affected object

2024.3

DesKeyGenHandler

Whole object

None

2024.3

JwtBuilderFilter

Use of unsigned or unencrypted JWTs

Use of signed or encrypted JWTs

2024.3

JwtSession

encryptionSecretId, signatureSecretId

authenticatedEncryptionSecretId and encryptionMethod.

2024.3

cookieName, cookieDomain

cookie and its subproperties

2024.3

OpenAmAccessTokenResolver

Whole object

None

2024.3

PasswordReplayFilter

headerDecryption

credentials property configured with a CapturedUserPasswordFilter

2024.3

Route

secrets

A secretsProvider configuration in each affected object

2024.3

SingleSignOnFilter

logoutEndpoint

logoutExpression

2024.3

SqlAttributesFilter

dataSource as a JNDI lookup name

dataSource as a JdbcDataSource configuration object

2024.3

TlsOptions

Whole object

ClientTlsOptions

2024.3

6.5.1

StatelessAccessTokenResolver

signatureSecretId

verificationSecretId

2023.2

encryptionSecretId

decryptionSecretId

2023.2

6.5

AmService

agent subproperty password

agent subproperty passwordSecretId

2024.3

CapturedUserPasswordFilter

key

keySecretId

2024.3

ClientHandler and ReverseProxyHandler

keyManager
sslCipherSuites
sslContextAlgorithm
sslEnabledProtocols
trustManager

tls property to define a ClientTlsOptions object

2023.2

ClientRegistration

clientSecret

clientSecretId

2024.3

JwtBuilderFilter

signature subproperties:

keystore
alias
password

signature subproperty secretId

2024.3

JwtSession

password, alias, and keystore

encryptionSecretId

2024.3

sharedSecret

signatureSecretId

2024.3

KeyManager

password

passwordSecretId

2024.3

KeyStore

password

passwordSecretId

2024.3

PolicyEnforcementFilter

pepUsername, pepPassword

AmService property agent

6.5

UserProfileFilter

ssoToken

UserProfileFilter property username

2023.2

amService

userProfileService subproperty amService

2023.2

profileAttributes

userProfileService subproperty profileAttributes

2023.2

6.1

TokenTransformationFilter

username, password

AmService property agent

6.5

ReverseProxyHandler

websocket subproperties:

keyManager
sslCipherSuites
sslContextAlgorithm
sslEnabledProtocols
trustManager

tls property to define a ClientTlsOptions object

6.5

ClientRegistration

keyStore

keystore

IG product

Delivery of a .war file

.zip file

Not delivered from 2023.2

Not created from 2024.3

AM Policy Agents

Use of AM policy agents in password capture and replay

CapturedUserPasswordFilter

Environment variable and system property

OPENIG_BASE
openig.base

IG_INSTANCE_DIR
ig.instance.dir

2023.2

Route

monitor

Prometheus Scrape Endpoint and Common REST Monitoring Endpoint

7.1

OpenAmAccessTokenResolver

endpoint

AmService property url

PolicyEnforcementFilter

amHandler, openamUrl, realm, ssoTokenHeader

AmService properties amHandler, url, realm, ssoTokenHeader

6.5

cache subproperty maxTimeout

cache subproperty maximumTimeToCache

executor

cache subproperty executor

2023.2

SingleSignOnFilter

amHandler, openamUrl, realm, and cookieName

AmServiceproperties amHandler, url, realm, and ssoTokenHeader

6.5

TokenTransformationFilter

amHandler, openamUrl, realm, ssoTokenHeader

AmService properties amHandler, url, realm, ssoTokenHeader

6.5

5.5.1

HeapClientRegistrationRepository

Whole object

AuthorizationCodeOAuth2ClientFilter property registrations

ClientRegistration

tokenEndpointUseBasicAuth

tokenEndpointAuthMethod

OAuth2ResourceServerFilter

cacheExpiration

cache and its subproperties

tokenInfoEndpoint, providerHandler

Configuration properties of OpenAmAccessTokenResolver, TokenIntrospectionAccessTokenResolver and ScriptableAccessTokenResolver

ForgeRock Identity Gateway

Deprecated