Features discontinued with the JSP-Loginapp

The tables below list features of the JSP-Loginapp that will have no corresponding feature in the Loginapp REST UI. Such features will no longer be available after migration to the Loginapp REST UI.

The listed JSP-Loginapp features will not be supported in the Loginapp REST UI for different reasons:

There may be no direct replacement in the Loginapp REST UI because of conceptual differences.
The feature is not or hardly used and/or considered to be insecure and therefore not implemented in the Loginapp REST UI.

The list reflects the current state of knowledge and is subject to change.

If you wish to challenge a decision, please contact us by opening a support ticket stating the feature and the use-case in which it is used. See (ergon.ch) Techzone - Airlock support process.

The tables are organized along the lines of the JSP-Loginapp's configuration.

Password-related (discontinued features)

Feature	Details
Check username, password, and token on one page (AI-13452)	Show three input fields for username, password, and token on one page (instead of two separate steps).
Check password without username (AI-13442)	If only a password is to be checked and no username to be entered, a password-check page without an input field for the user name is shown.
Password change over HTTP Basic Auth (AI-13447)	Password change page can be accessed without prior login if HTTP Basic Auth credentials are provided in the HTTP header.
Headless password change interface	Legacy password change interface based on IAM-proprietary HTTP Cookies.
Group-dependent password settings (AI-13451)	Settings depending on user group for: password service, policy, max failed old passwords, password change without old password. Parts of this feature are covered by the plugin User Based Selection Password Repository (used in the Loginapp REST UI).
Password frequency checker	Heuristic detection of horizontal password guessing attacks (Attack Detector settings in JSP-Loginapp).
Check password against configuration (AI-13444)	Check username and password against a list of users and passwords stored in the configuration.

2nd factor-related (discontinued features)

Feature	Details
mTAN authentication: Send SMS in stealth mode	Send SMS message even if the password was wrong (if stealth mode is enabled).
RSA SecurID: set new PIN (AI-13458)	Ask for a new PIN during the first login with a SecurID.
RSA SecurID: agent host protocol (AI-13459)	Native RSA protocol. RADIUS is still supported.
TAN lists	Authentication with simple TAN lists (no index challenge). Show last used token on login page.
Mobile ID authentication (AI-13462)	Authentication with the Mobile ID solution (MSS).
IAK authentication (AI-13463)	Authentication of users using an initial activation key (IAK), i.e. a (typically long) OTP printed on a letter.
Kobil AST Trusted Message Sign (AI-13461)	Authentication using the Kobil AST solution with the Trusted Message Sign (TMS) component. Kobil TVW (trusted web view) is still supported as an IAM extension.

Other authentication-related (discontinued features)

Feature	Details
Front-side NTLM (AI-13468)	Authentication in the Loginapp web UI using NTLM. The NLTM feature in the one-shot authentication feature will still be supported.
Webservice Cert Auth (AI-13471)	The special certificate authentication feature in Loginapp >> Authentication >> Webservices Cert Auth will be removed. Client certificate-based authentication will still be available in the one-shot feature.
Client-centric OAuth 2.0 /OIDC AS	Client-centric OAuth 2.0 and OIDC Authorization Servers. The Loginapp REST UI only supports the AS-centric implementation. See OAuth / OIDC documentation on how to migrate.
Kobil TVW (AI-13469)	Authentication using the Kobil Trusted Web View (TWV) solution.

Self service-related (discontinued features)

Feature	Details
Cronto self-services: address verification (AI-13530)	Address verification when ordering a new Cronto letter.
Cronto extended self-services (AI-13543)	Special Cronto self-services (required special license tag CrontoSpecial).
mTAN token migration: custom confirmation page URI (AI-13525)	Configurable custom URI to display an external mTAN migration confirmation page.
Matrix cards self-activation	Activation of matrix cards in token migration process during login.
Client certificate self-registration	Self-registration of X.509 client certificates with an initial activation letter (IAK).
User registration: preconditions (AI-13560)	Define precondition (e.g. lock reason) limiting self-registration.
Change application login name (AI-13567)	Self-service to change a target application-specific username.
Enter application login name	Self-service to enter an application-specific username when accessing the application for the first time.
Change application password (AI-13568)	Self-service to change a target application-specific password.
Contact-me form (AI-13577)	Contact-me form for logged-in users.
mTAN token self-management: Authenticate old phone number	If changing an existing phone number, also verify the old number by sending an OTP to it.
Migration to Kobil TWV (AI-13546)	Migration from another 2nd factor to Kobil TWV during login. The token registration either displayed a code or orders an activation letter.
Kobil token self-management (AI-13547)	List, add, remove, lock, and unlock Kobil devices.
GDPR Consents (AI-13564)	Require the users to accept a number of GDPR consents in the self-registration flow.
Change email address with verification email with link (AI-13565)	Change email address and verify the new address by sending a link. The link can be used on a new browser session.
Self-delete account (AI-13574)	Logged-in users may self-delete the account. The user is then logged out and a confirmation page is shown.
GDPR consent self-management (AI-13575)	Self-service for logged-in users to manage the given GDPR consents.

Miscellaneous (discontinued features)

Feature	Details
Language cookies (AI-13590)	Store display language in HTTP cookie for propagation to target applications.
Language parameter name configurable (AI-13591)	The language parameter name lang can be changed in the configuration. The parameter can be used in URLs to set the display language. The parameter is still available but its name can no more be configured.
Location parameter name configurable (AI-13593)	The name of the Location parameter can no more be configured. The parameter is set by the Airlock Gateway (WAF) to indicate the URL of the target application.
String property file name (AI-13589)	String resource (text element for each language) filename-prefix is configurable.
JSP base path (AI-13594)	Specifies the file path where JSP templates are stored. This could be used to use multiple sets of JSP templates for different configuration contexts. This feature is no more available since the Loginapp REST UI does not use JSP templates. A similar feature might become available in the Loginapp REST UI SDK.
JSP Suffix (AI-13594)	Specifies a file name suffix for JSP templates. This could be used to specify alternative JSP templates for single files depending on the configuration context. This feature is no more available since the Loginapp REST UI does not use JSP templates. A similar feature might become available in the Loginapp REST UI SDK.
IP address restrictions (AI-13601)	Client IP address restrictions (global and per user) are no more supported. Non-user-dependent IP restrictions can be implemented on the Airlock Gateway (WAF).
Application portal: auto-forwarding with priorities (AI-13611)	Auto-forward to one of the accessible applications listed in the application portal, based on configured priorities.
Behavior Upon Existing Session - Use existing session (with confirmation page) (AI-13599)	Interactive behavior upon existing session: Ask the user (show a page) to use the existing session when logging in on a new session. Note that the non-interactive behaviors are still supported.
Custom login page URL (AI-13475)	Redirect browser to configurable custom URL instead of showing IAM login page.
Global username, password, and token filter (AI-13602)	Global filter for username, password, and token input fields.
Enforce GDPR consents	Enforce that a set of GDPR consents is given before the application can be accessed.