PingGateway

Deprecated

Features and properties are deprecated and removed as defined in Product stability labels.

Unless otherwise stated, when a deprecated setting and its replacement setting are both provided, the replacement setting is used.

Deprecated in Feature or property Setting Replacement setting Removed in

2024.11

AdminHttpApplication (admin.json)

Provided objects you can override by defining objects with the same name:

"ApiProtectionFilter"
"MetricsProtectionFilter"
"StudioProtectionFilter"

Override defaults by defining filters for the new settings:

"apiProtectionFilter"
"metricsProtectionFilter"
"studioProtectionFilter"

Not yet removed

The "Session" key.

Define a "session" property instead.

Not yet removed

Define a "session" property without using a session manager.

The "session" value is an InMemorySessionManager or JwtSessionManager.

Not yet removed

AuthorizationCodeOAuth2ClientFilter

The "issuerRepository" and "useDeprecatedIssuerRepository" properties.

Each AuthorizationCodeOAuth2ClientFilter will have its own private list of issuers.

Not yet removed

GatewayHttpApplication (config.json)

The "Session" key.

Define a "session" property instead.

Not yet removed

Define a "session" property without using a session manager.

The "session" value is an InMemorySessionManager or JwtSessionManager.

Not yet removed

The session settings will no longer default to those defined in admin.json.

If no "session" is defined, PingGateway will use an InMemorySessionManager with default values.

Not yet removed

Issuer

The "issuerRepository" and "useDeprecatedIssuerRepository" properties.

Each AuthorizationCodeOAuth2ClientFilter will have its own private list of issuers.

Not yet removed

IssuerRepository

The entire object and the default "IssuerRepository" defined in the AdminHttpApplication or GatewayHttpApplication heap.

For issuers known in advance, add their settings to the ClientRegistration.

For discovery, if the IssuerRepository had an "issueHandler", configure an AuthorizationCodeOAuth2ClientFilter "discoveryHandler" instead.

Not yet removed

JwtSession

The entire object.

Use a JwtSessionManager for the "session" in admin.json, config.json, or individual Route configuration.

Not yet removed

Prometheus metrics

The parentId and parentKind metric dimensions are deprecated.

Use the parent_id and parent_kind dimensions instead.

Not yet removed

Router

The default path for the "directory" setting.

Set the "directory" explicitly.

Not yet removed

2024.9

AdminHttpApplication (admin.json)

Allow administrative connections on gateway endpoints (current default)

Configure a separate "adminConnector" endpoint

Not yet removed

"prefix" setting

-

Not yet removed

"vertx" > "host" setting

"host"

Not yet removed

Lazy loading in FileAttributesFilter and SqlAttributesFilter

target field

FileAttributesContext and SqlAttributesContext

Not yet removed

RouterHandler alias

RouterHandler

Router

Not yet removed

2024.6

Prometheus endpoint

…​/openig/metrics/prometheus

…​/openig/metrics/prometheus/0.0.4

Not yet removed

Prometheus metrics:

  • org.forgerock.monitoring.api.instrument.DistributionSummary

  • org.forgerock.monitoring.api.instrument.Timer

…​_count{…​} …​
…​_seconds_count{…​} …​
…​_total{…​} …​

…​_seconds_count{…​} …​
…​_seconds_sum{…​} …​
…​_sum{…​} …​

Not yet removed

Prometheus metrics:

  • ig_route_response_time

  • ig_route_response_time_seconds

  • ig_cache_loads

  • ig_cache_loads_seconds

  • ig_cache_evictions

…​_count{…​} …​
…​_seconds_total{…​} …​

…​_seconds_count{…​} …​
…​_seconds_sum{…​} …​

Not yet removed

TokenResolver class used as follows:

  • _token('property','default'}

  • _t('property','default'}

Whole class

Not replaced. Use the following expression format instead: &{…​}

Not yet removed

2024.3

Vert.x

Options described in 4.5.0 Deprecations and breaking changes

Options described in VertxOptions

Not yet removed

Common REST Monitoring Endpoint

Whole feature

Prometheus Scrape Endpoint

Not yet removed

2023.11

Java support

Java 11

Java 17

2024.3

2023.9

Retrieval of the target URI in AuthorizationCodeOAuth2ClientFilter

request.uri
or
originalUri in UriRouterContext

IdpSelectionLoginContext

Not yet removed

2023.6

Vert.x

maxHeaderSize

initialSettings.maxHeaderListSize

connectors:maxTotalHeadersSize in AdminHttpApplication

Not yet removed

PolicyEnforcementFilter

useLegacyAdviceEncoding

Advice encoding with the encoder used by the AM version.

Not yet removed

2023.4

CookieFilter

Use of the Set-Cookie2 HTTP header, obsoleted by RFC 6265: Set-Cookie2

Not replaced

Not yet removed

SamlFederationHandler

Whole object

SamlFederationFilter

Not yet removed

2023.2

Studio

Structured Editor

Not replaced

Not yet removed

KeyStoreSecretStore

Required property storePassword
Optional property keyEntryPassword

Optional property storePasswordSecretId
Optional property entryPasswordSecretId

Not yet removed

HsmSecretStore

property storePassword

property storePasswordSecretId

Not yet removed

Names of Prometheus counter metrics

request
response.error
response.null
response.status.client_error
response.status.informational
response.status.redirection
response.status.server_error
response.status.successful
response.status.unknown

In a future release, the deprecated names are expected to be replaced with names ending in _total.

Only the metric name is deprecated; the information provided by the metric is not deprecated. Other Prometheus metrics aren’t affected.

Not yet removed

Names of Vert.x counter metrics

vertx_net_client_bytes_read
vertx_net_client_bytes_written
vertx_net_client_errors
vertx_http_client_bytes_read
vertx_http_client_bytes_written
vertx_http_client_errors
vertx_net_server_bytes_read
vertx_net_server_bytes_written
vertx_net_server_errors
vertx_http_server_bytes_read
vertx_http_server_bytes_written
vertx_http_server_errors
vertx_datagram_errors
vertx_eventbus_processed
vertx_eventbus_published
vertx_eventbus_discarded
vertx_eventbus_sent
vertx_eventbus_received
vertx_eventbus_delivered
vertx_eventbus_reply_failures
vertx_pool_completed

In a future release, the deprecated names are expected to be replaced with names ending in _total.

Only the metric name is deprecated; the information provided by the metric is not deprecated. Other Vert.x metrics are not affected.

Not yet removed

KeyStore

Whole object

KeyStoreSecretsStore

There will be no replacement for keystore loading from a URL.

Not yet removed

KeyManager

Whole object

SecretsKeyManager

Not yet removed

TrustManager

Whole object

SecretsTrustManager

Not yet removed

CapturedUserPasswordFilter

A GenericSecret shared key

A CryptoKey shared key.

After removal, it will no longer be possible to store the shared key in a Base64SecretStore.

Not yet removed

7.2

CapturedUserPasswordFilter

keyType value DES

AES

Not yet removed

ClientCredentialsOAuth2ClientFilter

clientId, clientSecretId, handler

endpointHandler, which uses ClientSecretBasicAuthenticationFilter or ClientSecretPostAuthenticationFilter

Not yet removed

ClientHandler

proxy, systemProxy

proxyOptions

Not yet removed

hostnameVerifier

ClientTlsOptions property hostnameVerifier

Not yet removed

ClientRegistration

tokenEndpointAuthMethod
tokenEndpointAuthSigningAlg
privateKeyJwtSecretId
jwtExpirationTimeout

authenticatedRegistrationHandler

Not yet removed

OAuth2ClientFilter

Filter name

AuthorizationCodeOAuth2ClientFilter

Not yet removed

ReverseProxyHandler

proxy, systemProxy

proxyOptions

Not yet removed

hostnameVerifier

ClientTlsOptions property hostnameVerifier
If a ReverseProxyHandler includes the deprecated "hostnameVerifier": "ALLOW_ALL" configuration, it takes precedence, and deprecation warnings are written to the logs.

Not yet removed