Removed

The listed features and properties have been removed, as defined in Product stability labels.

Removed in Feature or property Setting Replacement setting Deprecated in

Removed in	Feature or property	Setting	Replacement setting	Deprecated in
2024.9	-	-	-	-
2024.6	-	-	-	-
2024.3	IG product	Creation of a .war file	.zip file	6
SingleSignOnFilter	`logoutEndpoint`	`logoutExpression`	7
Java support	Java 11	Java 17	2023.11
JwtSession	`encryptionSecretId`, `signatureSecretId`,`cookieName`, `cookieDomain`,`password`, `alias`, `keystore`, `sharedSecret`	`authenticatedEncryptionSecretId`, `encryptionMethod`, `cookie`	7, 6.5
OpenAmAccessTokenResolver	Whole object	None	7
JwtBuilderFilter	Use of unsigned or unencrypted JWTs	Use of signed or encrypted JWTs	7
GrantSwapJwtAssertionOAuth2ClientFilter	Use of unsigned or unencrypted JWTs	Use of signed or encrypted JWTs	Not deprecated
CryptoHeaderFilter	Whole object	JwtBuilderFilter	7
Ldap	`LdapClient` class and the `ldap` script binding	None	7.1
KeyManager	`password`	`passwordSecretId`	6.5
CapturedUserPasswordFilter	`key`	`keySecretId`	7
PasswordReplayFilter	`headerDecryption`	PasswordReplayFilter’s `credentials` property configured with a CapturedUserPasswordFilter	7
KeyStore	`password`	`passwordSecretId`	7
DesKeyGenHandler	Whole object	None	7
SqlAttributesFilter	`dataSource` as a JNDI lookup name	`dataSource` as a `JdbcDataSource` configuration object	7
AmService	`agent` subproperty `password`	`agent` subproperty `passwordSecretId`	6.5
TlsOptions	Whole object	ClientTlsOptions	7
ClientHandler and ReverseProxyHandler	`proxy` subproperty `password`	`proxy` subproperty `passwordSecretId`	7
JwtBuilderFilter	`signature` subproperties: `keystore` `alias` `password`	`signature` subproperty `secretId`	6.5
AuditService	`event-handlers`	`eventHandlers`	7
ClientRegistration	`keystore` `privateKeyJwtAlias` `privateKeyJwtPassword`	`privateKeyJwtSecretId`	7
`clientSecret`	`clientSecretId`	7
The name of the ClientRegistration heaplet to identify a client registration when a user initiates a login	The `clientId` property of ClientRegistration	7
Route	`secrets`	A `secretsProvider` configuration in each affected object	7
2023.11	-	-	-	-
2023.9	-	-	-	-
2023.6	-	-	-	-
2023.4	-	-	-	-
2023.2	IG product	Delivery of a .war file	.zip file	6
Environment variable and system property	`OPENIG_BASE` `openig.base`	`IG_INSTANCE_DIR` `ig.instance.dir`	6
PolicyEnforcementFilter	`executor`	`cache` subproperty `executor`	6
ClientHandler and ReverseProxyHandler	`keyManager` `sslCipherSuites` `sslContextAlgorithm` `sslEnabledProtocols` `trustManager`	`tls` property to define a ClientTlsOptions object	6.5
UserProfileFilter	`ssoToken`	`username`	6.5
`profileAttributes`	`userProfileService` subproperty `profileAttributes`	6.5
`amService`	`userProfileService` subproperty `amService`	6.5
StatelessAccessTokenResolver	`signatureSecretId`	`verificationSecretId`	6.5.1
`encryptionSecretId`	`decryptionSecretId`	6.5.1
7.2	StaticResponseHandler	`version`	Not replaced	Not deprecated
7.1	Route	`monitor`	Prometheus Scrape Endpoint and Common REST Monitoring Endpoint	6
7	Support for AM Policy Agents	Use of AM policy agents in password capture and replay	CapturedUserPasswordFilter	6
ClientRegistration	`keyStore`	`keystore`	6.1
OAuth2ResourceServerFilter	`cacheExpiration`, and the values of zero and unlimited are not supported	`cache` and its subproperties	5.5.1
PolicyEnforcementFilter	`cache` subproperty `maxTimeout`	`cache` subproperty `maximumTimeToCache`	6
6.5	PolicyEnforcementFilter	`pepUsername`, `pepPassword`	AmService properties `agent`	6.5
`amHandler`, `openamUrl`, `realm`, `ssoTokenHeader`	AmService properties `amHandler`, `url`, `realm`, `ssoTokenHeader`	6
SingleSignOnFilter	`amHandler`, `openamUrl`, `realm`, and `cookieName`	AmService properties `amHandler`, `url`, `realm`, and `ssoTokenHeader`	6
TokenTransformationFilter	`amHandler`, `openamUrl`, `realm`, `ssoTokenHeader`	AmService properties `amHandler`, `url`, `realm`, `ssoTokenHeader`	6
`username`, `password`	AmService property `agent`	6.1
ReverseProxyHandler	`websocket` subproperties: `keyManager` `sslCipherSuites` `sslContextAlgorithm` `sslEnabledProtocols` `trustManager`	`tls` property to define a ClientTlsOptions object	6.1
6.1	-	-	-	-
6	HeapClientRegistrationRepository	Whole object	AuthorizationCodeOAuth2ClientFilter property `registrations`	5.5.1
Jetty support	8	9	-
ClientRegistration	`tokenEndpointUseBasicAuth`	`tokenEndpointAuthMethod`	5.5.1
OAuth2ResourceServerFilter	`tokenInfoEndpoint`, `providerHandler`	Configuration properties of OpenAmAccessTokenResolver, TokenIntrospectionAccessTokenResolver, and ScriptableAccessTokenResolver	5.5.1
OpenAmAccessTokenResolver	`endpoint`	AmService property `url`	6
UmaService	`authorizationServerUri`	`wellKnownEndpoint` and the AmService property `url`	Not deprecated
5.5	Finalize Method	Finalize Method for HTTP messages	Alternate approach⁽¹⁾	Not deprecated
UMA support	UMA 1.x	UMA 2.x	OpenIG 14
UmaService	`clientId` and `clientSecret`	Not replaced. IG uses the PAT to create an UMA resource.	OpenIG 14

2024.9

2024.6

2024.3

IG product

Creation of a .war file

.zip file

SingleSignOnFilter

logoutEndpoint

logoutExpression

Java support

Java 11

Java 17

2023.11

JwtSession

encryptionSecretId, signatureSecretId,cookieName, cookieDomain,password, alias, keystore, sharedSecret

authenticatedEncryptionSecretId, encryptionMethod, cookie

7, 6.5

OpenAmAccessTokenResolver

Whole object

None

JwtBuilderFilter

Use of unsigned or unencrypted JWTs

Use of signed or encrypted JWTs

GrantSwapJwtAssertionOAuth2ClientFilter

Use of unsigned or unencrypted JWTs

Use of signed or encrypted JWTs

Not deprecated

CryptoHeaderFilter

Whole object

JwtBuilderFilter

Ldap

LdapClient class and the ldap script binding

None

7.1

KeyManager

password

passwordSecretId

6.5

CapturedUserPasswordFilter

key

keySecretId

PasswordReplayFilter

headerDecryption

PasswordReplayFilter’s credentials property configured with a CapturedUserPasswordFilter

KeyStore

password

passwordSecretId

DesKeyGenHandler

Whole object

None

SqlAttributesFilter

dataSource as a JNDI lookup name

dataSource as a JdbcDataSource configuration object

AmService

agent subproperty password

agent subproperty passwordSecretId

6.5

TlsOptions

Whole object

ClientTlsOptions

ClientHandler and ReverseProxyHandler

proxy subproperty password

proxy subproperty passwordSecretId

JwtBuilderFilter

signature subproperties:

keystore
alias
password

signature subproperty secretId

6.5

AuditService

event-handlers

eventHandlers

ClientRegistration

keystore
privateKeyJwtAlias
privateKeyJwtPassword

privateKeyJwtSecretId

clientSecret

clientSecretId

The name of the ClientRegistration heaplet to identify a client registration when a user initiates a login

The clientId property of ClientRegistration

Route

secrets

A secretsProvider configuration in each affected object

2023.11

2023.9

2023.6

2023.4

2023.2

IG product

Delivery of a .war file

.zip file

Environment variable and system property

OPENIG_BASE
openig.base

IG_INSTANCE_DIR
ig.instance.dir

PolicyEnforcementFilter

executor

cache subproperty executor

ClientHandler and ReverseProxyHandler

keyManager
sslCipherSuites
sslContextAlgorithm
sslEnabledProtocols
trustManager

tls property to define a ClientTlsOptions object

6.5

UserProfileFilter

ssoToken

username

6.5

profileAttributes

userProfileService subproperty profileAttributes

6.5

amService

userProfileService subproperty amService

6.5

StatelessAccessTokenResolver

signatureSecretId

verificationSecretId

6.5.1

encryptionSecretId

decryptionSecretId

6.5.1

7.2

StaticResponseHandler

version

Not replaced

Not deprecated

7.1

Route

monitor

Prometheus Scrape Endpoint and Common REST Monitoring Endpoint

Support for AM Policy Agents

Use of AM policy agents in password capture and replay

CapturedUserPasswordFilter

ClientRegistration

keyStore

keystore

6.1

OAuth2ResourceServerFilter

cacheExpiration, and the values of zero and unlimited are not supported

cache and its subproperties

5.5.1

PolicyEnforcementFilter

cache subproperty maxTimeout

cache subproperty maximumTimeToCache

6.5

PolicyEnforcementFilter

pepUsername, pepPassword

AmService properties agent

6.5

amHandler, openamUrl, realm, ssoTokenHeader

AmService properties amHandler, url, realm, ssoTokenHeader

SingleSignOnFilter

amHandler, openamUrl, realm, and cookieName

AmService properties amHandler, url, realm, and ssoTokenHeader

TokenTransformationFilter

amHandler, openamUrl, realm, ssoTokenHeader

AmService properties amHandler, url, realm, ssoTokenHeader

username, password

AmService property agent

6.1

ReverseProxyHandler

websocket subproperties:

keyManager
sslCipherSuites
sslContextAlgorithm
sslEnabledProtocols
trustManager

tls property to define a ClientTlsOptions object

6.1

HeapClientRegistrationRepository

Whole object

AuthorizationCodeOAuth2ClientFilter property registrations

5.5.1

Jetty support

ClientRegistration

tokenEndpointUseBasicAuth

tokenEndpointAuthMethod

5.5.1

OAuth2ResourceServerFilter

tokenInfoEndpoint, providerHandler

Configuration properties of OpenAmAccessTokenResolver, TokenIntrospectionAccessTokenResolver, and ScriptableAccessTokenResolver

5.5.1

OpenAmAccessTokenResolver

endpoint

AmService property url

UmaService

authorizationServerUri

wellKnownEndpoint and the AmService property url

Not deprecated

5.5

Finalize Method

Finalize Method for HTTP messages

Alternate approach⁽¹⁾

Not deprecated

UMA support

UMA 1.x

UMA 2.x

OpenIG 14

UmaService

clientId and clientSecret

Not replaced. IG uses the PAT to create an UMA resource.

OpenIG 14

⁽¹⁾Consider the following points on compatibility for the Finalize method:

After creating a new request object, explicitly close it after use. For example, the following Java code was used in a previous release:
```
ThrottlingRate rate = datasource.lookup(new RootContext(), new Request()).get();
```
Here the equivalent Java code includes a final close operation:
```
ThrottlingRate rate = datasource.lookup(new RootContext(), request)
  .thenAlways(request::close)
  .get();
```
In scripts, the client binding automatically closes the request that is provided as a parameter. Therefore, it is not necessary to manually close the request for scripts.

After the request is automatically closed, the request entity is empty and can’t be accessed. Response callbacks that try to access the request entity will fail.

Work around this behavior in the following ways:
- Keep the request open by using the client.sendNoClose() method instead of client.send(). This method to prevents closure of requests after send. If you use this method, remember to manually close the request.
- Access the request entity before the request is closed, for example by including the request.entity.string assignment before calling the client.send() with the request.

PingGateway

Removed