What’s new
Conditional redirect of unauthenticated requests based on request query parameters
Query parameters can now be used in the property OAuth Login URL List to create rules that evaluate request URLs for login redirect. Previously, the rules were based only on the request domain, path, and header.
Invalidation of sessions on logout
Always invalidate sessions is a new property to invoke the AM REST logout endpoint.
If
Conditional Logout URL List
is set to a URL that does not perform a REST logout to AM, set
Always invalidate sessions
to true
so that the agent additionally invokes the AM REST logout endpoint to
invalidate the session.
DENY
keyword for not-enforced rules
The new DENY
keyword immediately denies access to matching resources.
Access is always denied.
A not-enforced rule with the DENY
keyword is not inverted by the NOT
keyword
or by the following properties
Invert Not-Enforced IPs or
Invert Not-Enforced URIs.
For details, refer to Deny access.
JDK 8
Support for JDK 8 is removed in this release.