Required upgrade actions
4.1. Airlock IAM 7.6 - Actions required when upgrading

This section describes changes in Airlock IAM 7.6 LTS that may require manual changes. Whether changes are necessary depends on the features and/or custom extensions that are in use.

Database

IAM Module
Affected Feature(s)
(Relevant if using ...)
Issue(s)
Required Action
Version
All
Remember-Me feature
AI-13101
7.6
All
H2 database
AI-15235
If using the embedded H2 database, the database must be upgraded. See 6.2.1.5.4. H2 database migration for Airlock IAM 7.6 or newer.
7.6

Airlock 2FA

IAM Module
Affected Feature(s)
(Relevant if using ...)
Issue(s)
Required Action
Version
Loginapp
Airlock 2FA enrollment with Loginapp REST UI
AI-15210
A new button "Open Airlock 2FA App" is displayed on the UI for Airlock 2FA token enrollment to support mobile-only scenarios.
It affects the following steps:
  • Airlock 2FA Activation Step in token migration in the authentication flow
  • Airlock 2FA Activation Step in protected self-service flows
For details and how to disable the button, see 10.2.2.3.4. Airlock 2fa Token enrollment using the mobile browser.
The new button is displayed by default. Check if the UI layout is still as desired.
7.6
All
Airlock 2FA Zero-Touch with custom JSP-files (JSP-Loginapp)
AI-14986
Support for Airlock 2FA zero-touch authentication (Soundproof) has been removed.
Customized JSP files (JSP-Loginapp) referencing soundproof Javascripts files may be simplified.
7.6

Loginapp REST API/UI

IAM Module
Affected Feature(s)
(Relevant if using ...)
Issue(s)
Required Action
Version
Loginapp
Unlock self-service (public self-services)
AI-15483
The Public Self-Service Unlock Step now (correctly) requires the SELFSERVICE license bundle. Please contact order@airlock.com to upgrade the IAM license, if necessary.
7.6
Loginapp
mTAN self-services (protected self-services)
AI-15364
REST clients that support the removal of mTAN token labels must update to the latest OpenAPI specification.
7.6

Customization (Loginapp REST UI SDK, custom code)

IAM Module
Affected Feature(s)
(Relevant if using ...)
Issue(s)
Required Action
Version
Loginapp
Custom identity propagator (custom Java code).
AI-15032
The method signature of method FlowIdentityPropagator.propagateIdentity has changed, custom code must be adjusted
7.6

Miscellaneous

IAM Module
Affected Feature(s)
(relevant if using ...)
Issue(s)
Required Action
Version
Loginapp
SAML IDP
AI-15093
The validation of the assertion consumer service (ACS) URL in the SAML 2.0 AuthnRequest has been corrected in the SAML IdP. It now requires an exactly matching AssertionConsumerService location in the sp.xml of the corresponding SP.
This affects both the JSP-Loginapp and the Loginapp REST API/UI implementation.
7.6
Adminapp
Administrator management
AI-15268
Permissions for administrator management operations have been relaxed: An admin user no longer requires the Edit Administrators permission to perform the operations delete, delete password, generate password, lock, and unlock on other administrators. The Edit Administrators role for admin users entitled to perform exclusively the listed actions may be deleted.
7.6
All
REST APIs
AI-15392
A new logline is written on level INFO for every REST request in all IAM modules. It reports the path, response status, and processing time.
This significantly increases the log volume and may require changes to log processing components or storage outside Airlock IAM.
7.6