What’s new

Query parameters can now be used in the property OAuth Login URL List to create rules that evaluate request URLs for login redirect. Previously, the rules were based only on the request domain, path, and header.

Always invalidate sessions is a new property to invoke the AM REST logout endpoint.

If Conditional Logout URL List is set to a URL that does not perform a REST logout to AM, set Always invalidate sessions to true so that the agent additionally invokes the AM REST logout endpoint to invalidate the session.

The new DENY keyword immediately denies access to matching resources. Access is always denied. A not-enforced rule with the DENY keyword is not inverted by the NOT keyword or by the following properties Invert Not-Enforced IPs or Invert Not-Enforced URIs.

For details, refer to Deny access.

Support for JDK 8 is removed in this release.