Discontinued features
17.5.6. Features discontinued with the JSP-Loginapp

The tables below list features of the JSP-Loginapp that will have no corresponding feature in the Loginapp REST UI. Such features will no longer be available after migration to the Loginapp REST UI.

The listed JSP-Loginapp features will not be supported in the Loginapp REST UI for different reasons:

  • There may be no direct replacement in the Loginapp REST UI because of conceptual differences.
  • The feature is not or hardly used and/or considered to be insecure and therefore not implemented in the Loginapp REST UI.

The list reflects the current state of knowledge and is subject to change.

If you wish to challenge a decision, please contact us by opening a support ticket stating the feature and the use-case in which it is used. See (ergon.ch) Techzone - Airlock support process.

The tables are organized along the lines of the JSP-Loginapp's configuration.

Password-related (discontinued features)

Feature
Details
Check username, password, and token on one page (AI-13452)
Show three input fields for username, password, and token on one page (instead of two separate steps).
Check password without username (AI-13442)
If only a password is to be checked and no username to be entered, a password-check page without an input field for the user name is shown.
Password change over HTTP Basic Auth (AI-13447)
Password change page can be accessed without prior login if HTTP Basic Auth credentials are provided in the HTTP header.
Headless password change interface
Legacy password change interface based on IAM-proprietary HTTP Cookies.
Group-dependent password settings (AI-13451)
Settings depending on user group for: password service, policy, max failed old passwords, password change without old password.
Parts of this feature are covered by the plugin User Based Selection Password Repository (used in the Loginapp REST UI).

2nd factor-related (discontinued features)

Feature
Details
mTAN authentication: Send SMS in stealth mode
Send SMS message even if the password was wrong (if stealth mode is enabled).
RSA SecurID: set new PIN (AI-13458)
Ask for a new PIN during the first login with a SecurID.
RSA SecurID: agent host protocol (AI-13459)
Native RSA protocol. RADIUS is still supported.
TAN lists
Authentication with simple TAN lists (no index challenge). Show last used token on login page.
Mobile ID authentication (AI-13462)
Authentication with the Mobile ID solution (MSS).
IAK authentication (AI-13463)
Authentication of users using an initial activation key (IAK), i.e. a (typically long) OTP printed on a letter.
Kobil AST Trusted Message Sign (AI-13461)
Authentication using the Kobil AST solution with the Trusted Message Sign (TMS) component.
Kobil TVW (trusted web view) is still supported as an IAM extension.

Other authentication-related (discontinued features)

Feature
Details
Front-side NTLM (AI-13468)
Authentication in the Loginapp web UI using NTLM.
The NLTM feature in the one-shot authentication feature will still be supported.
Webservice Cert Auth (AI-13471)
The special certificate authentication feature in Loginapp >> Authentication >> Webservices Cert Auth will be removed. Client certificate-based authentication will still be available in the one-shot feature.
Client-centric OAuth 2.0 /OIDC AS
Client-centric OAuth 2.0 and OIDC Authorization Servers. The Loginapp REST UI only supports the AS-centric implementation. See OAuth / OIDC documentation on how to migrate.

Self service-related (discontinued features)

Feature
Details
Cronto self-services: address verification (AI-13530)
Address verification when ordering a new Cronto letter.
Cronto extended self-services (AI-13543)
Special Cronto self-services (required special license tag CrontoSpecial).
mTAN token migration: custom confirmation page URI (AI-13525)
Configurable custom URI to display an external mTAN migration confirmation page.
Matrix cards self-activation
Activation of matrix cards in token migration process during login.
Client certificate self-registration
Self-registration of X.509 client certificates with an initial activation letter (IAK).
User registration: preconditions (AI-13560)
Define precondition (e.g. lock reason) limiting self-registration.
Change application login name (AI-13567)
Self-service to change a target application-specific username.
Enter application login name
Self-service to enter an application-specific username when accessing the application for the first time.
Change application password (AI-13568)
Self-service to change a target application-specific password.
Contact-me form (AI-13577)
Contact-me form for logged-in users.

Miscellaneous (discontinued features)

Feature
Details
Language cookies (AI-13590)
Store display language in HTTP cookie for propagation to target applications.
Language parameter name configurable (AI-13591)
The language parameter name lang can be changed in the configuration. The parameter can be used in URLs to set the display language. The parameter is still available but its name can no more be configured.
Location parameter name configurable (AI-13593)
The name of the Location parameter can no more be configured. The parameter is set by the Airlock Gateway (WAF) to indicate the URL of the target application.
String property file name (AI-13589)
String resource  (text element for each language) filename-prefix is configurable.
JSP base path (AI-13594)
Specifies the file path where JSP templates are stored. This could be used to use multiple sets of JSP templates for different configuration contexts.
This feature is no more available since the Loginapp REST UI does not use JSP templates. A similar feature might become available in the Loginapp REST UI SDK.
JSP Suffix (AI-13594)
Specifies a file name suffix for JSP templates. This could be used to specify alternative JSP templates for single files depending on the configuration context.
This feature is no more available since the Loginapp REST UI does not use JSP templates. A similar feature might become available in the Loginapp REST UI SDK.
IP address restrictions (AI-13601)
Client IP address restrictions (global and per user) are no more supported.
Non-user-dependent IP restrictions can be implemented on the Airlock Gateway (WAF).
Application portal: auto-forwarding with priorities (AI-13611)
Auto-forward to one of the accessible applications listed in the application portal, based on configured priorities.
Behavior Upon Existing Session - Use existing session (with confirmation page) (AI-13599)
Interactive behavior upon existing session: Ask the user (show a page) to use the existing session when logging in on a new session.
Note that the non-interactive behaviors are still supported.