Secret questions provisioning | | Ask for answers to secret questions after login (if not enough answers are stored). Secret questions are used in the password reset self-service to verify the claimed user identity. Migration hint Use the Secret Questions Provisioning Step in the authentication flow. The step provides fewer configuration options than the implementation in the JSP-Loginapp. |
Client certificate authentication (AI-13465) | | User authentication based on verification of X.509 client certificates used in TLS handshake. Migration hint Use the one-shot feature in the IAM Loginapp. An integration in the Loginapp REST UI is not planned. The one-shot feature does not provide exactly the same possibilities as the implementation in the JSP-Loginapp did. |
Front-side Kerberos (AI-13467) | | Front-side Kerberos user authentication. Migration hint Use the one-shot feature in the IAM Loginapp if possible. The one-shot feature does not provide exactly the same possibilities as the implementation in the JSP-Loginapp did. It is especially not yet combinable with 2nd-factor authentication or complex ID propagation mechanisms. Direct support in the Loginapp REST UI may be added later if requirements cannot be met with the one-shot feature. |
| | Authentication using SSO Tickets (e.g. JWT tokens) in URL parameters. The Loginapp REST API already supports the SSO Ticket Authentication Step with IAM 7.3. Additionally, in IAM 7.5, the SSO ticket can be used as GET parameter sso in calls of the following form: <loginapp-uri>/ui/app/auth/application/access/<ID> <loginapp-uri>/ui/app/auth/application/access?Location=https%3A%2F%2Fwww.myapp.example.com
Note that the GET parameter name sso is no more configurable. 3rd party systems may need to be adapted to call the new URLs and/or use the correct GET parameter name. |
SSO Ticket Identity Propagator | | Add SSO Ticket to URL and redirect to target application. |
MSOFBA support (AI-15773) | | Support for old HTTP clients used in MS Office applications to use MSOFBA (Microsoft Office form-based Authentication). Limited MSOFBA Support in Loginapp REST UI Note that the MS-Office applications (e.g. Word) use outdated browser libraries (IE11 or IE8) that are not compatible with the AIrlock IAM Loginapp REST UI. The Loginapp REST UI provides a very limited set of features available for MS-OFBA by offering a separate Loginapp front-end written in JavaScript. Currently, only password authentication and mTAN as the second factor are supported. If Microsoft does not update to newer browser libraries, MS-OFBA support may be removed from Airlock IAM in future versions. |