Changes in AM 7.5.x

AM 7.5

Change in behavior for journeys containing a Certificate Collector node

Previously, for journeys containing a Certificate Collector node, AM would throw an exception in the following scenario:

You set the node’s Certificate Collection Method property to Either or Header
You specified an HTTP header name
The certificate was missing from the browser (and from the request if Either was selected)

Now, in this scenario, the journey continues down the Not Collected path.

Default setting for AES key wrap encryption

The system property org.forgerock.openam.encryption.padshortinputs is now true by default.

This property pads short inputs (less than 8 bytes). If you’re using AES key wrap encryption, do one of the following before you upgrade to AM 7.5:

Check that any passwords encrypted with AES key wrap encryption are longer than eight characters. AM won’t be able to decrypt shorter values.
Set org.forgerock.openam.encryption.padshortinputs to true and re-save any short passwords to update the padding.

Change to OAuth 2.0 refresh token introspection response types

Previously, introspecting a stateful refresh token returned some claims as an array containing a single string.

For consistency, the following claims are now returned as strings:

realm
userName
authGrantId
clientID