---
title: Deprecated
description: The functionality listed here is deprecated, and likely to be removed in a future release.
component: pingam
version: release-notes
page_id: pingam::archive-deprecated
canonical_url: https://docs.pingidentity.com/pingam/release-notes/archive-deprecated.html
section_ids:
  deprecated-since-am-7.3: Deprecated since AM 7.3
  changes_to_saml_v2_0_classes: Changes to SAML v2.0 classes
  snmp_monitoring: SNMP monitoring
  deprecated-since-am-7.2: Deprecated since AM 7.2
  legacy_audit_logging_service: Legacy audit logging service
  org_forgerock_openidconnect_claim_class: org.forgerock.openidconnect.Claim class
  user_id_field_in_the_oauth_2_0_introspection_response: user_id field in the OAuth 2.0 introspection response
  legacy_captcha_node: Legacy CAPTCHA node
  org_forgerock_oauth2_core_scopevalidator_interface: org.forgerock.oauth2.core.ScopeValidator interface
  command_line_tools_ssoadm_ampassword_configurator_jar_and_upgrade_jar: "Command-line tools: ssoadm, ampassword, configurator.jar, and upgrade.jar"
  access_token_enricher_plugin_for_oauth2_provider: Access Token Enricher plugin for OAuth2 provider
  jaxrpc_endpoint_url: JAXRPC endpoint URL
  saml2identityprovideradapter_method: SAML2IdentityProviderAdapter method
  deprecated_since_am_abbr_7_1: Deprecated since AM 7.1
  elasticsearch_and_splunk_audit_handlers: Elasticsearch and Splunk audit handlers
  isalive_jsp_page: isAlive JSP page
  existing_getidpauthncontextinfo_signature: Existing getIDPAuthnContextInfo signature
  social_authentication_nodes: Social authentication nodes
  direct_access_to_the_transient_secure_and_shared_state_of_authentication_trees: Direct access to the transient, secure, and shared state of authentication trees
  deprecated-since-am-7: Deprecated since AM 7.0
  soap_sts_service: SOAP STS service
  embedded_ds_instance_in_production: Embedded DS instance in production
  authentication_chains_and_modules: Authentication chains and modules
  unused_authentication_methods_in_hosted_idp_authentication_context_mapping: Unused authentication methods in hosted IDP authentication context mapping
---

# Deprecated

The functionality listed here is deprecated, and likely to be removed in a future release.

## Deprecated since AM 7.3

### Changes to SAML v2.0 classes

The following classes are deprecated and will be removed in a future release:

| Deprecated                                                    | Replacement                                        |
| ------------------------------------------------------------- | -------------------------------------------------- |
| `com.sun.identity.saml2.plugins.FedletAdapter`                | `org.forgerock.openam.saml2.plugins.FedletAdapter` |
| `com.sun.identity.saml2.plugins.SAML2IDPFinder`               | `org.forgerock.openam.saml2.plugins.IDPFinder`     |
| `com.sun.identity.saml2.plugins.SAML2IdentityProviderAdapter` | `org.forgerock.openam.saml2.plugins.IDPAdapter`    |
| `com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter`  | `org.forgerock.openam.saml2.plugins.SPAdapter`     |

The following methods are deprecated and will be removed in a future release:

* `InitializePlugin.java`: `default void initialize(String, String)`

Use `initialize(Map)` instead.

* `IDPAuthnContextMapper.java`: `public IDPAuthnContextInfo getIDPAuthnContextInfo(AuthnRequest, String, String) throws SAML2Exception`

Use `getIDPAuthnContextInfo(AuthnRequest, String, String, String)` instead.

### SNMP monitoring

Support for SNMP monitoring is deprecated in this release.

AM provides better options for monitoring servers, including support for Prometheus, Graphite, and JMX. Learn more in [Monitor AM instances](https://docs.pingidentity.com/pingam/7.3/maintenance-guide/monitoring-am.html).

## Deprecated since AM 7.2

### Legacy audit logging service

The [legacy audit logging service](https://docs.pingidentity.com/pingam/7.2/security-guide/legacy-logging.html) is deprecated. Support for its use will be removed in a future AM release. Use the Common REST-based [audit logging service](https://docs.pingidentity.com/pingam/7.2/security-guide/audit-logging.html) instead.

### `org.forgerock.openidconnect.Claim` class

The `org.forgerock.openidconnect.Claim` class has been deprecated. Support for its use will be removed in a future AM release. Its functionality is replaced by the `org.forgerock.oauth.clients.oidc.Claim` class, in the OpenAM commons library.

Find more information about the new class in [Changes to the OIDC claim classes](changes-7.2.html#changes-oidc-claims).

### `user_id` field in the OAuth 2.0 introspection response

The `user_id` field, which is part of the JSON response returned by the `/oauth2/introspect` endpoint, is deprecated, and will be removed in a future release. It is replaced by the `username` field, in compliance with [RFC 7662](https://datatracker.ietf.org/doc/html/rfc7662).

### Legacy CAPTCHA node

The CAPTCHA node has been rewritten. The previous version of the node has been deprecated, and is now shown as Legacy CAPTCHA in the UI. Find information on the new node in [CAPTCHA node](https://docs.pingidentity.com/auth-node-ref/8.1/captcha.html).

### `org.forgerock.oauth2.core.ScopeValidator` interface

The AM API now includes new interfaces, each with a single responsibility. When building plugins, use these interfaces from the `org.forgerock.oauth2.core.plugins` package instead:

* `org.forgerock.oauth2.core.plugins.AccessTokenModifier`

* `org.forgerock.oauth2.core.plugins.AuthorizeEndpointDataProvider`

* `org.forgerock.oauth2.core.plugins.ScopeEvaluator`

* `org.forgerock.oauth2.core.plugins.ScopeValidator`

* `org.forgerock.oauth2.core.plugins.UserInfoClaimsPlugin`

Find examples in [Customize OAuth 2.0 with plugins](https://docs.pingidentity.com/pingam/7.2/oauth2-guide/customizing-oauth2-scopes.html).

### Command-line tools: `ssoadm`, `ampassword`, `configurator.jar`, and `upgrade.jar`

The `ssoadm` command and the `configurator.jar`, `upgrade.jar`, and `ampassword` tools remain deprecated. They will be removed in a future release of AM.

### Access Token Enricher plugin for OAuth2 provider

The Access Token Enricher plugin interface is deprecated and will be removed in a future release of AM. The functionality of the access token enricher is superseded by the new [AccessTokenModifier](https://docs.pingidentity.com/pingam/7.2/_attachments/apidocs/org/forgerock/oauth2/core/plugins/AccessTokenModifier.html) extension point.

### JAXRPC endpoint URL

The JAXRPC endpoint URL, used by the remote IDM/SMS APIs, is deprecated and will be removed in a future AM release.

### `SAML2IdentityProviderAdapter` method

The following method is deprecated and will be removed in a future AM release: [preSendFailureResponse(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,java.lang.String,java.lang.String)](https://docs.pingidentity.com/pingam/7.2/_attachments/apidocs/com/sun/identity/saml2/plugins/SAML2IdentityProviderAdapter.html#preSendFailureResponse\(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,java.lang.String,java.lang.String\))

If you have a custom implementation of the `SAML2IdentityProviderAdapter` interface, you should now plan to replace the deprecated method with the new implementation: [preSendFailureResponse(java.lang.String,java.lang.String,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,java.lang.String,java.lang.String)](https://docs.pingidentity.com/pingam/7.2/_attachments/apidocs/com/sun/identity/saml2/plugins/SAML2IdentityProviderAdapter.html#preSendFailureResponse\(java.lang.String,java.lang.String,javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,java.lang.String,java.lang.String\)).

## Deprecated since AM 7.1

### Elasticsearch and Splunk audit handlers

AM 7.1 supports both file-based audit handlers and logging to standard output, which Elasticsearch and Splunk can consume.

Learn more in *Implement the audit logging service*.

### `isAlive` JSP page

Using the `isAlive.jsp` to determine if an instance is alive is deprecated.

AM 7.1 includes new endpoints to determine if an instance is alive, and ready to process requests.

Learn more in *Monitor AM instances*.

### Existing `getIDPAuthnContextInfo` signature

The existing signature for the `getIDPAuthnContextInfo` method of the `IDPAuthnContextMapper` interface is deprecated.

AM 7.1 includes a new signature for the *getIDPAuthnContextInfo* method, which includes an additional parameter for the entity ID of the service provider (SP).

|   |                                                                                                                                                                                                             |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The deprecated method still works in AM 7.1, but you should update any code that uses it to the new four-parameter signature. The deprecated three-parameter signature will be removed in a future release. |

### Social authentication nodes

The following authentication nodes have been deprecated in favor of the [Social Provider Handler node](https://docs.pingidentity.com/auth-node-ref/8.1/social-provider-handler.html):

* [OpenID Connect node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/oidc.html)

* [OAuth 2.0 node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/oauth2.html)

* [Social Facebook node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/social-facebook.html)

* [Social Google node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/social-google.html)

* [Provision IDM Account node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/provision-IDM-account.html)

* [Create Password node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/create-password.html)

* [Social Ignore Profile node](https://docs.pingidentity.com/auth-node-ref/8.1/am-only/social-ignore-profile.html)

As part of this change, the *Social Authentication Implementations Service* is also deprecated. Find information about using the Social provider node in *social registration*.

### Direct access to the transient, secure, and shared state of authentication trees

Direct access to authentication trees' transient, secure, and shared states using the *TreeContext* class has been deprecated.

As part of this change:

* Use of the `sharedState` and the `transientState` bindings for reading and updating state with the *Scripted Decision Node API* are deprecated.

Use the `nodeState` binding instead.

* Use of the `getState` method from the *TreeContext* class, used to read state in authentication nodes, is deprecated.

Use the `getStateFor` method instead.

Learn more in *Store values in a tree's node states* and *Access shared state data*.

## Deprecated since AM 7.0

### SOAP STS service

This service is deprecated and will be removed in a future release. Installing instances of this service in AM 7.0.1 is not supported. However, upgrading existing instances is.

### Embedded DS instance in production

You can use the embedded DS instance for evaluation and demonstration purposes only.

The embedded DS server will be removed in a future release. If you are still using the embedded DS server, change to an *external DS server* instead.

### Authentication chains and modules

You should migrate your environments to *Intelligent Access* using *authentication trees and nodes*.

### Unused authentication methods in hosted IDP authentication context mapping

Support for the following authentication methods in the authentication context table, when configuring a hosted identity provider, is deprecated:

* `User`

* `Role`

* `Resource URL`

The other authentication methods are not deprecated, and can be used to achieve the same results as the deprecated options.

Find information about configuring SAML v2.0 authentication context mappings in *authentication context*.