Removed

Fields defined as "properties" in admin.json, config.json, and route configuration files using $location expressions.

Use of ISO-8859-1 encoded text by default.

Use UTF-8 encoded text instead.

To use deprecated ISO-8859-1 encoding, set the deprecated system property org.forgerock.config.resolvers.properties.encoding to ISO-8859-1.

2025.9

The IG_ENVCONFIG_DIRS environment variable and the ig.envconfig.dirs system property.

Any .properties files accessed with the readProperties() function.

The liveness and readiness endpoints

Deprecated endpoints:

Use these endpoints instead:

2025.9

AuthorizationCodeOAuth2ClientFilter

target (default: ${attributes.openid})

Use ${contexts.oauth2Info} instead.

2023.11

Getting the target URI from request.uri or contexts.router.originalUri

contexts.idpSelectionLogin.originalUri

2023.9

CapturedUserPasswordFilter

A GenericSecret shared key

A CryptoKey shared key

2023.2

CookieFilter

Use of the Set-Cookie2 HTTP header, obsoleted by RFC 6265: Set-Cookie2

None

2023.4

FapiAuditContext

Whole object

AccessAuditExtensionContext

-

HsmSecretStore

property storePassword

property storePasswordSecretId

2023.2

Java support

Java 17

Java 21

2025.3

KeyManager

Whole object

SecretsKeyManager

2023.2

KeyStore

Whole object

KeyStoreSecretsStore

2023.2

KeyStoreSecretStore

Required property storePassword
Optional property keyEntryPassword

Optional property storePasswordSecretId
Optional property entryPasswordSecretId

2023.2

Names of Prometheus counter metrics

Counter metrics with names not ending in _total.

Use the new names, which end in _total.

2023.2

Names of Vert.x counter metrics

Counter metrics with names not ending in _total.

Use the new names, which end in _total.

2023.2

PolicyEnforcementFilter

useLegacyAdviceEncoding

No replacement necessary

2023.6

Router

scanInterval as an integer

Set scanInterval as a duration.

5.0

SamlFederationHandler

Whole object

SamlFederationFilter

2023.4

TrustManager

Whole object

SecretsTrustManager

Find examples in the SecretsTrustManager reference.

2023.2

Vert.x

In admin.json:
vertx > maxHeaderSize
vertx > initialSettings > maxHeaderListSize

Use adminConnector > maxTotalHeadersSize or connectors > maxTotalHeadersSize instead.

2023.6

CapturedUserPasswordFilter

keyType

None; the filter expects a password encrypted with AES

7.2

ClientCredentialsOAuth2ClientFilter

clientId, clientSecretId, handler

endpointHandler

7.2

ClientHandler

hostnameVerifier

Set the hostnameVerifier in the ClientTlsOptions of the tls setting.

7.2

proxy and systemProxy

proxyOptions

7.2

ClientRegistration

clientSecretUsage
jwtExpirationTimeout
privateKeyJwtSecretId
tokenEndpointAuthMethod
tokenEndpointAuthSigningAlg

authenticatedRegistrationHandler

7.2

CorsFilter

origins

acceptedOrigins

7.1

CsvAuditEventHandler

security

None

-

ElasticsearchAuditEventHandler

Whole object

None

7.1

Functions

matches() and matchingGroups()

None

7.1

IdentityAssertionHandlerTechPreview

Whole object

IdentityAssertionHandler

-

OAuth2ClientFilter

Whole object

AuthorizationCodeOAuth2ClientFilter

7.2

ReverseProxyHandler

hostnameVerifier

Set the hostnameVerifier in the ClientTlsOptions of the tls setting.

7.2

proxy and systemProxy

proxyOptions

7.2

ScriptableIdentityAssertionPluginTechPreview

Whole object

ScriptableIdentityAssertionPlugin

-

SplunkAuditEventHandler

Whole object

None

7.1

IG product

Creation of a .war file

.zip file

6

SingleSignOnFilter

logoutEndpoint

logoutExpression

7

Java support

Java 11

Java 17

2023.11

JwtSession

encryptionSecretId, signatureSecretId,cookieName, cookieDomain,password, alias, keystore, sharedSecret

authenticatedEncryptionSecretId, encryptionMethod, cookie

7, 6.5

OpenAmAccessTokenResolver

Whole object

None

7

JwtBuilderFilter

Use of unsigned or unencrypted JWTs

Use of signed or encrypted JWTs

7

GrantSwapJwtAssertionOAuth2ClientFilter

Use of unsigned or unencrypted JWTs

Use of signed or encrypted JWTs

Not deprecated

CryptoHeaderFilter

Whole object

JwtBuilderFilter

7

Ldap

LdapClient class and the ldap script binding

None

7.1

KeyManager

password

passwordSecretId

6.5

CapturedUserPasswordFilter

key

keySecretId

7

PasswordReplayFilter

headerDecryption

PasswordReplayFilter’s credentials property configured with a CapturedUserPasswordFilter

7

KeyStore

password

passwordSecretId

7

DesKeyGenHandler

Whole object

None

7

SqlAttributesFilter

dataSource as a JNDI lookup name

dataSource as a JdbcDataSource configuration object

7

AmService

agent subproperty password

agent subproperty passwordSecretId

6.5

TlsOptions

Whole object

ClientTlsOptions

7

ClientHandler and ReverseProxyHandler

proxy subproperty password

proxy subproperty passwordSecretId

7

JwtBuilderFilter

signature subproperties:

signature subproperty secretId

6.5

AuditService

event-handlers

eventHandlers

7

ClientRegistration

keystore
privateKeyJwtAlias
privateKeyJwtPassword

privateKeyJwtSecretId

7

clientSecret

clientSecretId

7

The name of the ClientRegistration heaplet to identify a client registration when a user initiates a login

The clientId property of ClientRegistration

7

Route

secrets

A secretsProvider configuration in each affected object

7

IG product

Delivery of a .war file

.zip file

6

Environment variable and system property

OPENIG_BASE
openig.base

IG_INSTANCE_DIR
ig.instance.dir

6

PolicyEnforcementFilter

executor

cache subproperty executor

6

ClientHandler and ReverseProxyHandler

keyManager
sslCipherSuites
sslContextAlgorithm
sslEnabledProtocols
trustManager

tls property to define a ClientTlsOptions object

6.5

UserProfileFilter

ssoToken

username

6.5

profileAttributes

userProfileService subproperty profileAttributes

6.5

amService

userProfileService subproperty amService

6.5

StatelessAccessTokenResolver

signatureSecretId

verificationSecretId

6.5.1

encryptionSecretId

decryptionSecretId

6.5.1

StaticResponseHandler

version

Not replaced

Not deprecated