The following features have been deprecated with IAM 7.7 or earlier releases. They are planned to be removed in future releases and are still available in Airlock IAM 7.7.
IAM Release 8.0 is scheduled for spring 2023. The last release prior to IAM 8.0 will be supported until mid 2024.
Note that release schedule information is preliminary and subject to change.
See also Preparing IAM 7.7 for upgrading to 8.0.
Topic | Description | May be removed in version | Deprecated since |
|---|---|---|---|
Loginapp (JSP) | The JSP-Loginapp will be removed in favor of the new Loginapp REST UI. See JSP-Loginapp Deprecation Announcement and especially Features discontinued with the JSP-Loginapp. | 8.0 | 7.4 |
Topic | Descriptions | May be removed in version | Deprecated since |
|---|---|---|---|
Self-registration flow with identity propagation | The possibility to configure identity propagation and roles for the Airlock Gateway in a user self-registration flow will be removed. Affected properties: Loginapp >> Self-Registration Flows >> affected flows: Identity Propagation and Airlock Gateway (WAF) Mapping Roles. Use the property Initialize Next Auth Flow in conjunction with a corresponding auth flow configuration instead and make sure the user is sent to the target application using that auth flow after successful self-registration. The latter can be configured in the UI Settings (if using the Loginapp REST UI). | 8.0 | 7.7 |
Context extractors in new loginapp | Some context extractors available in the JSP-Loginapp are not compatible with the concepts of the new loginapp (Loginapp REST API and UI). They will no more be available in IAM 8.0. See Planning configuration contexts for more information.
| 8.0 | 7.7 |
Non-flow-based password reset REST endpoints | The non-flow-based REST endpoints for the password reset self-service will be removed.
Use the corresponding public self-services endpoints: See Password reset in the Loginapp REST API / UI for details. | 8.0 | 7.6 |
CAPTCHA endpoints for non-flow-based services. | The CAPTCHA REST endpoints for the old user registration and password reset services will be removed.
New CAPTCHA endpoints for the flow-based services will be available as of IAM 7.7. | 8.0 | 7.6 |
Health and live end-point - state attribute | The response attribute state is no more returned by Loginapp endpoints | 8.0 | 7.5 |
Flow-based password reset REST endpoints | REST endpoints of the flow-based password reset REST API before it has been migrated to the public self-service flows. Affected REST endpoints:
Similar or identical endpoints are available in:
| 8.0 | 7.5 |
Legacy authentication endpoints for custom extensions | The legacy authentication endpoints for custom authentication extensions:
will be removed. Instead use the endpoints:
| 8.0 | 7.4 |
Email address change REST endpoints | The Loginapp REST API provides the following REST endpoints to the end-user to change the email address:
These endpoints will be removed. REST clients need to be adapted. Use the new REST endpoints in the protected self-service flows instead.
| 8.0 | 7.3 |
Loginapp Self-Registration REST API (non-flow-based) | The non-flow-based REST API for user self-registration will be removed. Please migrate clients to use the new flow-based REST API instead.
| 8.0 | 7.1 |
GET endpoints in Flow APIs | GET endpoints in the authentication flow API have been deprecated and replaced by corresponding POSTs. | 8.0 | 7.0 |
Topic | Description | May be removed in version | Deprecated since |
|---|---|---|---|
OAuth/OIDC legacy token format | The IAM-internal legacy format for OAuth tokens ( The legacy format could be issued until IAM 7.0 or older. | 8.0 | 7.5 |
OAuth Implicit flow | The client-centric OAuth AS / OIDC OP will be removed (see separate entry). With it, the OAuth implicit flow will no longer be supported. | 8.0 | 7.5 |
Client-centric OAuth / OIDC | The client-centric OAuth AS / OIDC OP will be removed. Migrate to the AS-centric variant. See OAuth / OIDC documentation for further information, especially AS-centric AS - seamless migration. | 8.0 | 7.3 |
OAuth Session Management | The JSP files for OAuth2 session management contain an unused import statement referencing class Note that the JSP-Loginapp will be removed in 8.0 (announced with 7.4). | 8.0 | 7.3 |
Topic | Description | May be removed in version | Deprecated since |
|---|---|---|---|
REST client authentication | The Request Credential Policy to authenticate single requests in the Loginapp, Adminapp, and Transaction Approval modules will be removed in IAM 8.0. Configuration migration ensures that older configurations still work in IAM 7.7 using a legacy adapter plugin. The legacy adapter plugin will be removed in IAM 8.0. It is recommended to adapt the configuration to use the new Request Authentication plugins in 7.7. See Authentication of REST requests. | 8.0 | 7.7 |
Generic Token Controller UI | The Generic Token Controller'sUI plugins Default Token Controller UI and Customizable Token Controller UI will be replaced by simpler and less flexible UI configuration plugins. The UI configuration of the Generic Token Controller will have to be reconfigured manually. UI settings that are no more supported (e.g. calls to custom REST APIs) must be re-implemented using a new custom extension mechanism. | 8.0 | 7.7 |
IAM on Gateway (WAF) | Airlock Gateway 8.0 (planned for q4/2022) will no more support the Docker host. Airlock IAM can therefore no longer be deployed on Airlock Gateway. IAM support for the installation on Airlock Gateway will end with IAM 8.0. This also affects the plugins AirlockAssertionIdentityPropagator and AirlockAssertionTicketDecoder. | 8.0 | 7.6 |
Message providers for transaction approval | The transaction approval message provider plugins listed below may be removed in a future IAM version.
| 8.0 | 7.6 |
Adminapp web UI paths | Old Adminapp URL paths
are no longer supported. Use the new URL paths:
| 8.0 | 7.5 |
Transaction approval message provider | The transaction-approval-specific message provider plugins (mTAN Message Provider (Transaction Approval only), Transaction Approval Cronto Message Provider) will be removed. Use the generic plugins (Generic Cronto Message Provider) instead. | 8.0 | 7.5 |
ti&m Secure Mobile | The ti&m Secure Mobile feature (loginapp and adminapp) will be removed and is no more supported. | 8.0 | 7.5 |
Session Binding with Header token | The setting Session Binding With Header Token (in Loginapp REST API auth flows) will be removed. A new feature introduced with Airlock Gateway 7.4 makes this setting obsolete. | 8.0 | 7.4 |
Native RSA integration | The RSA SecurID server no longer supports the RSA-native agent-host protocol. Connect via RADIUS instead. Please note that starting with Airlock IAM 7.0, the RSA-native connection only works with old RSA libraries. See also Known Issue about IAM and native RSA connection. | 8.0 | 7.3 |
REST API | Transaction approval with Kobil TMS is currently possible using two resource paths:
The legacy path is deprecated. REST clients may have to be adapted. | 8.0 | 7.3 |
User Importer Task | The User Importer Task will be removed. Please use the User Sync Task instead. | 8.0 | 7.3 |
DB schema change | The DB schema must be upgraded (even if not using new features). In particular, the TOKEN_ID row in tables token and token_assignment must be adapted according to the latest DB schema. See Relational databases for IAM.
| 8.0 | 7.3 |
Headless Password Change | The headless password change HTTP interface will be removed. | 8.0 | 7.1 |
Statistics Module | The statistics module will be removed. Please use the new reporting solution (since 7.1). | 8.0 | 7.1 |
Topic | Description | May be removed in version | Deprecated since |
|---|---|---|---|
Custom steps | Skip Condition Tags and Pre Condition Tags have been replaced by Skip Conditions and Pre Conditions. The configuration is migrated automatically. The constructor of class AbstractFlowStepConfig that is still accepting the skip- and pre-condition tags has been deprecated and will be removed. Custom step implementations must be adapted accordingly. | 8.0 | 7.5 |
REST Extensions | Custom REST extensions must use the SPI (service provider interface) approach as described in the supplementary IAM Custom Development Guide. You can request the latest version of the IAM Custom Development Guide by opening a support ticket. See (ergon.ch) Techzone - Airlock support process) for more information. | 8.0 | 7.4 |
Custom steps | The Java interface | 8.0 | 7.4 |
Auth flow steps | Custom authentication flow steps that do not return step results of type They must be adapted to return step results of type | 8.0 | 7.4 |
Step results |
| 8.0 | 7.3 |
HK2 binders | The possibility to use HK2 binder will be removed. Use Guice modules instead. | 8.0 | 7.3 |
Jackson serialization | Custom REST application configurations could be annotated with jacksonSerialization in order to specify the packages to scan for transfer objects. This is no more necessary and the method will be removed. | 8.0 | 7.3 |
Validation message classes | The interface ValidationMessageCredential and its subclasses will be removed. They are no longer used since the SOAP interface has been removed wit IAM 7.1. | 8.0 | 7.3 |
Constants in Configuration class | The following constants in class | 8.0 | 7.3 |
Service Container tasks | Custom implementations of | 8.0 | 7.1 |
Old package names | Old package names ( | 8.0 | 7.1 |