Federation features
17.5.5.7. Federation features (JSP-Loginapp migration)

The following table provides information about the availability of JSP-Loginapp features in the Loginapp REST UI and high-level migration hints (where available).

Information about the availability of upcoming releases is indicative and subject to change.

Please note the additional information on discontinued functions (see link below).

Version information about features not yet available will be updated or clarified as soon as known.

Note that the specified release versions are indicative and subject to change.

The following notation is used to indicate release versions (examples):

  • 7.7: planned for IAM 7.7
  • > 7.7: planned for an IAM release after 7.7
  • >= 7.7: planned for IAM 7.7 or later

SAML integration

Feature
Version
Description and migration hints
SAML IDP
7.6
Airlock IAM as SAML identity provider (IdP).

Migration hint

See SAML documentation in 17.2. Loginapp REST API (available documentation of IAM 7.6 and later).

SAML SLO (AI-13584)
7.6
SAML single logout (Airlock IAM as SAML IdP).

Migration hint

See SAML documentation in 17.2. Loginapp REST API (available documentation of IAM 7.6 and later).

SAMP SP
7.7
Airlock IAM as SAML service provider (SP).
SAML SP local authenticator
7.7
2nd authentication step after SAML assertion verification.
SAML-specific logout logic (AI-13585)
7.7
Terminate SAML sessions in Loginapp's logout logic.

The mentioned SAML features refer to using Airlock IAM as SAML Identity Provider or SAML Service Provider. SAML identity propagator plugins that send SAML Assertions in an HTTP cookie to back-end applications are not affected by the migration and still available in the new Loginapp.

OAuth 2.0 / OIDC

Feature
Version
Description and migration hints
OAuth 2.0 / OIDC Client
7.5
Airlock IAM as OAuth 2.0 client / OIDC relying party.
Social login (AI-13578)
7.5
Show one or more ID provider login buttons on the login page.
Account linking (AI-13580)
7.5
Self-service to let the user link a social login to the IAM user account.
Social registration (AI-13579)
7.5
Create an IAM user account with data from a social login provider and link the new account to the social login.
OAuth 2.0 / OIDC Authorization Servers
7.5
Airlock IAM as OAuth 2.0 authorization server / Open ID provider.

Only the AS-centric authorization server implementation will be supported in the Loginapp REST UI. Deployments using the client-centric authorization server implementation must migrate to the AS-centric implementation.

OAuth 2.0 AS Configs (in application settings)
7.6
Defines the list of available (AS-centric) OAuth 2.0 Authorization Servers for which an OAuth 2.0 / OpenID Connect grant can be started.

Migration hint

See OAuth/OIDC migration documentation (available documentation of IAM 7.6 and later).

OAuth 2.0 / OIDC Self-Service (AI-13581)
7.6
Manage issued OAuth access tokens.

Migration hint

See OAuth/OIDC migration documentation (available documentation of IAM 7.6 and later).

OAuth 2.0 / OIDC user consent (AI-13582)
7.6
Ask the user to consent to requested scopes/roles.

Migration hint

See OAuth/OIDC migration documentation (available documentation of IAM 7.6 and later).

OAuth 2.0 / OIDC login confirmation page (AI-13583)
7.5
If configured, show a confirmation page when logging in via OAuth/OIDC (show a provider-specific message).
OAuth 2.0 / OIDC-specific logout logic (AI-13586)
7.6
Apply OAuth 2.0 / OIDC-specific logout logic in new Loginapp's logout logic.

Migration hint

See OAuth/OIDC migration documentation (available documentation of IAM 7.6 and later).