Matching FQDNs to URL patterns
The property provides support for single page applications (SPAs) that use embedded login or authorization dialogs within iframes or embedded tags.
This feature is in Technology Preview, as defined in Release levels and interface stability, for use only with assistance from Forgerock.
The property cannot be set in
agent.conf. Set it in the Advanced tab of the AM console.
The feature might require configuration changes to on-prem AM servers.
The feature does not work with the Identity Cloud, unless the service is accessed through a reverse proxy on the application site.
Apache built-in modules available for authentication
Use Built-in Apache HTTPD Authentication Directives
is a new property to enable Apache Web Agent to use built-in Apache
authentication directives, such as
specified not-enforced URLs.
In previous releases, use of built-in Apache authentication directives was not supported. The agent replaced authentication functionality provided by Apache.
POST data preservation: use a single agent profile for multiple agent instances
In previous releases, to correctly configure POST data preservation, a separate agent profile was required in AM for each agent instance. From this release, a single agent profile can be used for multiple agent instance.
Use this feature for scalable deployments, where resources are dynamically created or destroyed.
URI fragments persisted in custom login mode
When the value of
Enable Custom Login Mode
2, URI fragments were previously lost during login. From this release,
URI fragments in the browser are not lost after the custom login procedure.
Pre-authentication cookies expire immediately after authentication
In previous releases, the pre-authentication cookie,
when it reached the age configured by
Profile Attributes Cookie Maxage.
From this release, the pre-authentication cookie expires when the first of the
following events occur:
Authentication completes successfully
It reaches the age configured by Profile Attributes Cookie Maxage
Expiring the cookie immediately after authentication reduces the amount of used header space, and prevents authentication errors and errors in applications that set headers.
Limit on the size to which a JWT can be decompressed
The maximum size to which a compressed JWT can be decompressed is now limited to 1 MB, and is not configurable. This change reduces the risk of memory exhaustion DOS by reducing the risk of a decompressed JWT consuming too much available memory.