Security settings
17.5.5.8. Security settings (JSP-Loginapp migration)

The following table provides information about the availability of JSP-Loginapp features in the Loginapp REST UI and high-level migration hints (where available).

Information about the availability of upcoming releases is indicative and subject to change.

Please note the additional information on discontinued functions (see link below).

Version information about features not yet available will be updated or clarified as soon as known.

Note that the specified release versions are indicative and subject to change.

The following notation is used to indicate release versions (examples):

  • 7.7: planned for IAM 7.7
  • > 7.7: planned for an IAM release after 7.7
  • >= 7.7: planned for IAM 7.7 or later

Security settings

Feature
Version
Description and migration hints
CSRF protection
7.1
Cross-site request forgery protection.

Migration hint

Configured in Loginapp >> REST Settings >> CSRF Protection.

CSP
7.3
Content security policy.

Migration hint

Configured in Loginapp >> UI Settings >> Loginapp REST UI Content Security Policy (CSP).

Store password in session ticket
7.1
Store password entered during authentication in the session (encrypted with a session key). This is necessary if the ID propagation requires the password.

Migration hint

See Password Attribute Key in the Password Authentication Step.

Behavior Upon Existing Session
7.3
Defines what happens when a user already has another open Loginapp session when logging in.

Migration hint

Configured in Loginapp >> Authentication Flows >> Behaviour Upon Existing Session.

Supports only non-interactive behaviors (Ignore Existing Session, Destroy Other User Session, Destroy Multiple Existing Sessions) but not the plugin Use Existing User Session Page.

Global username, password, and token filter (AI-13602)
Only on request
Global filter for username, password, and token input fields.

Discontinued features:

See: Miscellaneous (discontinued features)