Changes in Web Agent 2025.x
Web Agent 2025.9
Advanced Identity Cloud and AM compatibility
This version of Web Agent includes changes required for compatibility with future releases of Advanced Identity Cloud and AM.
|
To maintain compatibility with upcoming Advanced Identity Cloud and AM 8.1 releases, you must upgrade to one of the following Web Agent versions:
|
Web Agent 2025.6
Public client certificate file name property
We’ve made changes to the use of the Public Client Certificate File Name property for agents using Schannel.
This property should now be used only for the name of the file that contains the client certificate chain.
Use the new Public Client Certificate Friendly Name property to set the friendly name used to look up the client certificate in the Windows certificate store.
DES Password Replay
Support for setting up password replay for IIS agents using DES was removed because it’s not FIPS 140-3 compliant.
Use the JWT password replay mechanism instead as documented in Configure basic authentication and password replay support.
Web Agent 2025.3.x
There are no incompatible changes in the Web Agent 2025.3.1 maintenance release.
Web Agent 2025.3
Content Security Policy header - frame-ancestors
By default, the Content Security Policy (CSP) frame-ancestors directive is set to self,
which only allows the site hosting the agent to embed pages in iframes.
If you use iframes with another source, you’ll need to set the new properties appropriately.
Learn more in Content Security Policy - frame-ancestors.
Agent authentication to Advanced Identity Cloud and AM
The default fallback mode setting (0) for
AM_AGENT_AUTH_MODE and
Agent Authentication Mode has been removed.
The default setting is now 1 meaning the agent always authenticates using the Agent journey.
If the Agent journey doesn’t exist, you should create it. Learn more in
Authenticate agents to the identity provider.