ForgeRock Identity Gateway

Removed

The listed features and properties have been removed, as defined in ForgeRock product stability labels.

Removed in Feature or property Setting Replacement setting Deprecated in

2024.3

IG product

Creation of a .war file

.zip file

6

SingleSignOnFilter

logoutEndpoint

logoutExpression

7

Java support

Java 11

Java 17

2023.11

JwtSession

encryptionSecretId, signatureSecretId,cookieName, cookieDomain,password, alias, keystore, sharedSecret

authenticatedEncryptionSecretId, encryptionMethod, cookie

7, 6.5

OpenAmAccessTokenResolver

Whole object

None

7

JwtBuilderFilter

Use of unsigned or unencrypted JWTs

Use of signed or encrypted JWTs

7

GrantSwapJwtAssertionOAuth2ClientFilter

Use of unsigned or unencrypted JWTs

Use of signed or encrypted JWTs

Not deprecated

CryptoHeaderFilter

Whole object

JwtBuilderFilter

7

Ldap

LdapClient class and the ldap script binding

None

7.1

KeyManager

password

passwordSecretId

6.5

CapturedUserPasswordFilter

key

keySecretId

7

PasswordReplayFilter

headerDecryption

PasswordReplayFilter’s credentials property configured with a CapturedUserPasswordFilter

7

KeyStore

password

passwordSecretId

7

DesKeyGenHandler

Whole object

None

7

SqlAttributesFilter

dataSource as a JNDI lookup name

dataSource as a JdbcDataSource configuration object

7

AmService

agent subproperty password

agent subproperty passwordSecretId

6.5

TlsOptions

Whole object

ClientTlsOptions

7

ClientHandler and ReverseProxyHandler

proxy subproperty password

proxy subproperty passwordSecretId

7

JwtBuilderFilter

signature subproperties:

  • keystore

  • alias

  • password

signature subproperty secretId

6.5

AuditService

event-handlers

eventHandlers

7

ClientRegistration

keystore
privateKeyJwtAlias
privateKeyJwtPassword

privateKeyJwtSecretId

7

clientSecret

clientSecretId

7

The name of the ClientRegistration heaplet to identify a client registration when a user initiates a login

The clientId property of ClientRegistration

7

Route

secrets

A secretsProvider configuration in each affected object

7

2023.11

-

-

-

-

2023.9

-

-

-

-

2023.6

-

-

-

-

2023.4

-

-

-

-

2023.2

IG product

Delivery of a .war file

.zip file

6

Environment variable and system property

OPENIG_BASE
openig.base

IG_INSTANCE_DIR
ig.instance.dir

6

PolicyEnforcementFilter

executor

cache subproperty executor

6

ClientHandler and ReverseProxyHandler

keyManager
sslCipherSuites
sslContextAlgorithm
sslEnabledProtocols
trustManager

tls property to define a ClientTlsOptions object

6.5

UserProfileFilter

ssoToken

username

6.5

profileAttributes

userProfileService subproperty profileAttributes

6.5

amService

userProfileService subproperty amService

6.5

StatelessAccessTokenResolver

signatureSecretId

verificationSecretId

6.5.1

encryptionSecretId

decryptionSecretId

6.5.1

7.2

StaticResponseHandler

version

Not replaced

Not deprecated

7.1

Route

monitor

Prometheus Scrape Endpoint and Common REST Monitoring Endpoint

6

7

Support for AM Policy Agents

Use of AM policy agents in password capture and replay

CapturedUserPasswordFilter

6

ClientRegistration

keyStore

keystore

6.1

OAuth2ResourceServerFilter

cacheExpiration, and the values of zero and unlimited are not supported

cache and its subproperties

5.5.1

PolicyEnforcementFilter

cache subproperty maxTimeout

cache subproperty maximumTimeToCache

6

6.5

PolicyEnforcementFilter

pepUsername, pepPassword

AmService properties agent

6.5

amHandler, openamUrl, realm, ssoTokenHeader

AmService properties amHandler, url, realm, ssoTokenHeader

6

SingleSignOnFilter

amHandler, openamUrl, realm, and cookieName

AmService properties amHandler, url, realm, and ssoTokenHeader

6

TokenTransformationFilter

amHandler, openamUrl, realm, ssoTokenHeader

AmService properties amHandler, url, realm, ssoTokenHeader

6

username, password

AmService property agent

6.1

ReverseProxyHandler

websocket subproperties:

  • keyManager

  • sslCipherSuites

  • sslContextAlgorithm

  • sslEnabledProtocols

  • trustManager

tls property to define a ClientTlsOptions object

6.1

6.1

-

-

-

-

6

HeapClientRegistrationRepository

Whole object

AuthorizationCodeOAuth2ClientFilter property registrations

5.5.1

Jetty support

8

9

-

ClientRegistration

tokenEndpointUseBasicAuth

tokenEndpointAuthMethod

5.5.1

OAuth2ResourceServerFilter

tokenInfoEndpoint, providerHandler

Configuration properties of OpenAmAccessTokenResolver, TokenIntrospectionAccessTokenResolver, and ScriptableAccessTokenResolver

5.5.1

OpenAmAccessTokenResolver

endpoint

AmService property url

6

UmaService

authorizationServerUri

wellKnownEndpoint and the AmService property url

Not deprecated

5.5

Finalize Method

Finalize Method for HTTP messages

Alternate approach(1)

Not deprecated

UMA support

UMA 1.x

UMA 2.x

OpenIG 14

UmaService

clientId and clientSecret

Not replaced. IG uses the PAT to create an UMA resource.

OpenIG 14

(1)Consider the following points on compatibility for the Finalize method:

  • After creating a new request object, explicitly close it after use. For example, the following Java code was used in a previous release:

    ThrottlingRate rate = datasource.lookup(new RootContext(), new Request()).get();

    Here the equivalent Java code includes a final close operation:

    ThrottlingRate rate = datasource.lookup(new RootContext(), request)
      .thenAlways(request::close)
      .get();
  • In scripts, the client binding automatically closes the request that is provided as a parameter. Therefore, it is not necessary to manually close the request for scripts.

    After the request is automatically closed, the request entity is empty and can’t be accessed. Response callbacks that try to access the request entity will fail.

    Work around this behavior in the following ways:

    • Keep the request open by using the client.sendNoClose() method instead of client.send(). This method to prevents closure of requests after send. If you use this method, remember to manually close the request.

    • Access the request entity before the request is closed, for example by including the request.entity.string assignment before calling the client.send() with the request.

Copyright © 2010-2024 ForgeRock, all rights reserved.