REST client authentication | The Request Credential Policy to authenticate single requests in the Loginapp, Adminapp, and Transaction Approval modules will be removed in IAM 8.0. Configuration migration ensures that older configurations still work in IAM 7.7 using a legacy adapter plugin. The legacy adapter plugin will be removed in IAM 8.0. It is recommended to adapt the configuration to use the new Request Authentication plugins in 7.7. See Authentication of REST requests. | | |
Generic Token Controller UI | The Generic Token Controller'sUI plugins Default Token Controller UI and Customizable Token Controller UI will be replaced by simpler and less flexible UI configuration plugins. The UI configuration of the Generic Token Controller will have to be reconfigured manually. UI settings that are no more supported (e.g. calls to custom REST APIs) must be re-implemented using a new custom extension mechanism. | | |
| Airlock Gateway 8.0 (planned for q4/2022) will no more support the Docker host. Airlock IAM can therefore no longer be deployed on Airlock Gateway. IAM support for the installation on Airlock Gateway will end with IAM 8.0. This also affects the plugins AirlockAssertionIdentityPropagator and AirlockAssertionTicketDecoder. | | |
Message providers for transaction approval | The transaction approval message provider plugins listed below may be removed in a future IAM version. - mTAN:
- Plugin to be removed: mTAN Message Provider (Transaction Approval only)
- Replacement: Generic mTAN Message Provider
- Airlock 2FA:
- Plugin to be removed: Airlock 2FA Transaction Approval Message Provider
- Replacement: Generic Airlock 2FA Message Provider
- Cronto
- Plugin to be removed: Transaction Approval Cronto Message Provider
- Replacement: Generic Cronto Message Provider
| | |
| Old Adminapp URL paths …/auth-admin/listUsers …/auth-admin/editUser?uid=jdoe
are no longer supported. Use the new URL paths: …/auth-admin/ui/app/secure/users …/auth-admin/ui/app/secure/users/jdoe
| | |
Transaction approval message provider | The transaction-approval-specific message provider plugins (mTAN Message Provider (Transaction Approval only), Transaction Approval Cronto Message Provider) will be removed. Use the generic plugins (Generic Cronto Message Provider) instead. | | |
| The ti&m Secure Mobile feature (loginapp and adminapp) will be removed and is no more supported. | | |
Session Binding with Header token | The setting Session Binding With Header Token (in Loginapp REST API auth flows) will be removed. A new feature introduced with Airlock Gateway 7.4 makes this setting obsolete. | | |
| The RSA SecurID server no longer supports the RSA-native agent-host protocol. Connect via RADIUS instead. Please note that starting with Airlock IAM 7.0, the RSA-native connection only works with old RSA libraries. See also Known Issue about IAM and native RSA connection. | | |
| Transaction approval with Kobil TMS is currently possible using two resource paths: - Legacy path:
/rest/kobil-tms/devices/list/ - New path:
/rest/transaction-approval/cronto/push-devices/retrieve/
The legacy path is deprecated. REST clients may have to be adapted. | | |
| The User Importer Task will be removed. Please use the User Sync Task instead. There is no automatic configuration migration, i.e. the new task must be configured manually based on the configuration of the removed task. | | |
| The DB schema must be upgraded (even if not using new features). In particular, the TOKEN_ID row in tables token and token_assignment must be adapted according to the latest DB schema. See Relational databases for IAM. - Layout 1.0:
oauth2-user-session-management.jsp - Layout 2.0:
oauth2-user-session-management-content.jsp
| | |
| The headless password change HTTP interface will be removed. | | |
| The statistics module will be removed. Please use the new reporting solution (since 7.1). | | |