PingGateway

Deprecated

Features and properties are deprecated and removed as defined in Product stability labels.

Unless otherwise stated, when a deprecated setting and its replacement setting are both provided, the replacement setting is used.

Deprecated in Feature or property Setting Replacement setting Removed in

2024.9

AdminHttpApplication (admin.json)

Allow administrative connections on gateway endpoints (current default)

Configure a separate "adminConnector" endpoint

Not yet removed

"prefix" setting

-

Not yet removed

"vertx" > "host" setting

"host"

Not yet removed

Lazy loading in FileAttributesFilter and SqlAttributesFilter

target field

FileAttributesContext and SqlAttributesContext

Not yet removed

RouterHandler alias

RouterHandler

Router

Not yet removed

2024.6

Prometheus endpoint

…​/openig/metrics/prometheus

…​/openig/metrics/prometheus/0.0.4

Not yet removed

Prometheus metrics:

  • org.forgerock.monitoring.api.instrument.DistributionSummary

  • org.forgerock.monitoring.api.instrument.Timer

…​_count{…​} …​
…​_seconds_count{…​} …​
…​_total{…​} …​

…​_seconds_count{…​} …​
…​_seconds_sum{…​} …​
…​_sum{…​} …​

Not yet removed

Prometheus metrics:

  • ig_route_response_time

  • ig_route_response_time_seconds

  • ig_cache_loads

  • ig_cache_loads_seconds

  • ig_cache_evictions

…​_count{…​} …​
…​_seconds_total{…​} …​

…​_seconds_count{…​} …​
…​_seconds_sum{…​} …​

Not yet removed

TokenResolver class used as follows:

  • _token('property','default'}

  • _t('property','default'}

Whole class

Not replaced. Use the following expression format instead: &{…​}

Not yet removed

2024.3

Vert.x

Options described in 4.5.0 Deprecations and breaking changes

Options described in VertxOptions

Not yet removed

Common REST Monitoring Endpoint

Whole feature

Prometheus Scrape Endpoint

Not yet removed

2023.11

Java support

Java 11

Java 17

2024.3

2023.9

Retrieval of the target URI in AuthorizationCodeOAuth2ClientFilter

request.uri
or
originalUri in UriRouterContext

IdpSelectionLoginContext

Not yet removed

2023.6

Vert.x

maxHeaderSize

initialSettings.maxHeaderListSize

connectors:maxTotalHeadersSize in AdminHttpApplication

Not yet removed

PolicyEnforcementFilter

useLegacyAdviceEncoding

Advice encoding with the encoder used by the AM version.

Not yet removed

2023.4

CookieFilter

Use of the Set-Cookie2 HTTP header, obsoleted by RFC 6265: Set-Cookie2

Not replaced

Not yet removed

SamlFederationHandler

Whole object

SamlFederationFilter

Not yet removed

2023.2

Studio

Structured Editor

Not replaced

Not yet removed

KeyStoreSecretStore

Required property storePassword
Optional property keyEntryPassword

Optional property storePasswordSecretId
Optional property entryPasswordSecretId

Not yet removed

HsmSecretStore

property storePassword

property storePasswordSecretId

Not yet removed

Names of Prometheus counter metrics

request
response.error
response.null
response.status.client_error
response.status.informational
response.status.redirection
response.status.server_error
response.status.successful
response.status.unknown

In a future release, the deprecated names are expected to be replaced with names ending in _total.

Only the metric name is deprecated; the information provided by the metric is not deprecated. Other Prometheus metrics aren’t affected.

Not yet removed

Names of Vert.x counter metrics

vertx_net_client_bytes_read
vertx_net_client_bytes_written
vertx_net_client_errors
vertx_http_client_bytes_read
vertx_http_client_bytes_written
vertx_http_client_errors
vertx_net_server_bytes_read
vertx_net_server_bytes_written
vertx_net_server_errors
vertx_http_server_bytes_read
vertx_http_server_bytes_written
vertx_http_server_errors
vertx_datagram_errors
vertx_eventbus_processed
vertx_eventbus_published
vertx_eventbus_discarded
vertx_eventbus_sent
vertx_eventbus_received
vertx_eventbus_delivered
vertx_eventbus_reply_failures
vertx_pool_completed

In a future release, the deprecated names are expected to be replaced with names ending in _total.

Only the metric name is deprecated; the information provided by the metric is not deprecated. Other Vert.x metrics are not affected.

Not yet removed

KeyStore

Whole object

KeyStoreSecretsStore

There will be no replacement for keystore loading from a URL.

Not yet removed

KeyManager

Whole object

SecretsKeyManager

Not yet removed

TrustManager

Whole object

SecretsTrustManager

Not yet removed

CapturedUserPasswordFilter

A GenericSecret shared key

A CryptoKey shared key.

After removal, it will no longer be possible to store the shared key in a Base64SecretStore.

Not yet removed

7.2

CapturedUserPasswordFilter

keyType value DES

AES

Not yet removed

ClientCredentialsOAuth2ClientFilter

clientId, clientSecretId, handler

endpointHandler, which uses ClientSecretBasicAuthenticationFilter or ClientSecretPostAuthenticationFilter

Not yet removed

ClientHandler

proxy, systemProxy

proxyOptions

Not yet removed

hostnameVerifier

ClientTlsOptions property hostnameVerifier

Not yet removed

ClientRegistration

tokenEndpointAuthMethod
tokenEndpointAuthSigningAlg
privateKeyJwtSecretId
jwtExpirationTimeout

authenticatedRegistrationHandler

Not yet removed

OAuth2ClientFilter

Filter name

AuthorizationCodeOAuth2ClientFilter

Not yet removed

ReverseProxyHandler

proxy, systemProxy

proxyOptions

Not yet removed

hostnameVerifier

ClientTlsOptions property hostnameVerifier
If a ReverseProxyHandler includes the deprecated "hostnameVerifier": "ALLOW_ALL" configuration, it takes precedence, and deprecation warnings are written to the logs.

Not yet removed

7.1.2

Functions

matches

matchesWithRegex or find

Not yet removed

matchingGroups

findGroups

Not yet removed

7.1

Ldap

LdapClient class and the ldap script binding

None

2024.3

CorsFilter

origins

acceptedOrigins

Not yet removed

ElasticsearchAuditEventHandler

Whole object

  • SyslogAuditEventHandler

  • JsonAuditEventHandler with elasticsearchCompatible set to true

Not yet removed

SplunkAuditEventHandler

Whole object

  • SyslogAuditEventHandler

  • JsonAuditEventHandler

Not yet removed

Method

request.form method used in scripts to read or set query and form parameters

Request.getQueryParams() to read query parameters

Entity.getForm() to read form parameters

Entity.setForm() to set form parameters

Not yet removed

7

AuditService

event-handlers

eventHandlers

2024.3

ClientHandler and ReverseProxyHandler

proxy subproperty password

proxy subproperty passwordSecretId

2024.3

ClientRegistration

keystore
privateKeyJwtAlias
privateKeyJwtPassword

privateKeyJwtSecretId

2024.3

Identification of a client registration when a user initiates a login with the OAuth2ClientFilter

The name of the ClientRegistration heaplet

The clientId property of ClientRegistration

2024.3

CryptoHeaderFilter

Whole object

JwtBuilderFilter

2024.3

Default secrets object

Whole object

A secretsProvider configuration in each affected object

2024.3

DesKeyGenHandler

Whole object

None

2024.3

JwtBuilderFilter

Use of unsigned or unencrypted JWTs

Use of signed or encrypted JWTs

2024.3

JwtSession

encryptionSecretId, signatureSecretId

authenticatedEncryptionSecretId and encryptionMethod.

2024.3

cookieName, cookieDomain

cookie and its subproperties

2024.3

OpenAmAccessTokenResolver

Whole object

None

2024.3

PasswordReplayFilter

headerDecryption

credentials property configured with a CapturedUserPasswordFilter

2024.3

Route

secrets

A secretsProvider configuration in each affected object

2024.3

SingleSignOnFilter

logoutEndpoint

logoutExpression

2024.3

SqlAttributesFilter

dataSource as a JNDI lookup name

dataSource as a JdbcDataSource configuration object

2024.3

TlsOptions

Whole object

ClientTlsOptions

2024.3

6.5.1

StatelessAccessTokenResolver

signatureSecretId

verificationSecretId

2023.2

encryptionSecretId

decryptionSecretId

2023.2

6.5

AmService

agent subproperty password

agent subproperty passwordSecretId

2024.3

CapturedUserPasswordFilter

key

keySecretId

2024.3

ClientHandler and ReverseProxyHandler

keyManager
sslCipherSuites
sslContextAlgorithm
sslEnabledProtocols
trustManager

tls property to define a ClientTlsOptions object

2023.2

ClientRegistration

clientSecret

clientSecretId

2024.3

JwtBuilderFilter

signature subproperties:

  • keystore

  • alias

  • password

signature subproperty secretId

2024.3

JwtSession

password, alias, and keystore

encryptionSecretId

2024.3

sharedSecret

signatureSecretId

2024.3

KeyManager

password

passwordSecretId

2024.3

KeyStore

password

passwordSecretId

2024.3

PolicyEnforcementFilter

pepUsername, pepPassword

AmService property agent

6.5

UserProfileFilter

ssoToken

UserProfileFilter property username

2023.2

amService

userProfileService subproperty amService

2023.2

profileAttributes

userProfileService subproperty profileAttributes

2023.2

6.1

TokenTransformationFilter

username, password

AmService property agent

6.5

ReverseProxyHandler

websocket subproperties:

  • keyManager

  • sslCipherSuites

  • sslContextAlgorithm

  • sslEnabledProtocols

  • trustManager

tls property to define a ClientTlsOptions object

6.5

ClientRegistration

keyStore

keystore

7

6

IG product

Delivery of a .war file

.zip file

Not delivered from 2023.2

Not created from 2024.3

AM Policy Agents

Use of AM policy agents in password capture and replay

CapturedUserPasswordFilter

7

Environment variable and system property

OPENIG_BASE
openig.base

IG_INSTANCE_DIR
ig.instance.dir

2023.2

Route

monitor

Prometheus Scrape Endpoint and Common REST Monitoring Endpoint

7.1

OpenAmAccessTokenResolver

endpoint

AmService property url

6

PolicyEnforcementFilter

amHandler, openamUrl, realm, ssoTokenHeader

AmService properties amHandler, url, realm, ssoTokenHeader

6.5

cache subproperty maxTimeout

cache subproperty maximumTimeToCache

7

executor

cache subproperty executor

2023.2

SingleSignOnFilter

amHandler, openamUrl, realm, and cookieName

AmServiceproperties amHandler, url, realm, and ssoTokenHeader

6.5

TokenTransformationFilter

amHandler, openamUrl, realm, ssoTokenHeader

AmService properties amHandler, url, realm, ssoTokenHeader

6.5

5.5.1

HeapClientRegistrationRepository

Whole object

AuthorizationCodeOAuth2ClientFilter property registrations

6

ClientRegistration

tokenEndpointUseBasicAuth

tokenEndpointAuthMethod

6

OAuth2ResourceServerFilter

cacheExpiration

cache and its subproperties

7

tokenInfoEndpoint, providerHandler

Configuration properties of OpenAmAccessTokenResolver, TokenIntrospectionAccessTokenResolver and ScriptableAccessTokenResolver

6