The following tables show the changes from Airlock IAM 7.7 to 8.0.
Airlock IAM 8.0.2
Bugfixes and improvements:
Bugfix | AI-17362 | Fixed client certificate authentication in HTTP client. |
Bugfix | AI-17375 | Fixed handling of HTTP responses without body. |
Bugfix | AI-17398 | Update JVM to 11.0.19 |
Bugfix | AI-17399 | Updated third-party dependency libraries |
Bugfix | AI-17401 | Updated IAM docker base image |
Bugfix | AI-17429 | Fixed JSON parsing in JWT Ticket Decoder for "Claims Stored As JSON" |
Airlock IAM 8.0.1
Bugfixes | ||
Bugfix | AI-17363 | Fixes a bug resulting in a license verification error if an OAuth/OIDC Authorization Server is configured and the token exchange feature is not licensed. |
Airlock IAM 8.0.0
Authentication | ||
New | AI-16109 | Selection Password Repository for request authentication to select a password repository based on the username. |
New | AI-16115 | JWT signature verification using JWKS (JSON web key sets). |
New | AI-16323 | New flow step Airlock 2FA Activation Step to enroll additional Airlock 2FA devices in authentication flows. |
New | AI-16323 | New flow step Airlock 2FA Delete Old Devices Step that deletes all Airlock 2FA devices except the one newly enrolled in the same auth flow session. |
Improvement | AI-16958 | Airlock 2FA - The display name may no more contain certain special characters. The IAM REST API still accepts all characters as before this improvement. Special characters may be sanitized in the Futurae service. |
Bugfix | AI-16597 | The Set Context Data Step no longer uses the name Non-Interactive User Data Registration Step in the log files. |
Bugfix | AI-16612 | Fixed UI handling of OAuth 2.0 or SAML 2.0 flows starting with Kerberos authentication. |
Bugfix | AI-16820 | RADIUS Client does not support infinite timeout anymore. Such configs are migrated to a timeout of 60s. |
Loginapp | ||
New | AI-16231 | Loginapp UI automatically handles timeouts on the first flow step (e.g. password page). |
New | AI-16249 | OAuth 2.0 Token Exchange (RFC 8693). See Token Exchange Overview. |
New | AI-16420 | An event is published upon registration of a new device token. |
New | AI-16550 | UI Tenant ID for the Loginapp UI can be determined based on the request URL. |
Improvement | AI-16440 | Custom flow steps can now use product pages of the Loginapp UI. |
Improvement | AI-16523 | Use Bootstrap 5 (instead of 4). jQuery is no longer bundled with the Loginapp. |
Improvement | AI-16682 | OAuth 2.0: Static Clients now support client certificates. |
Improvement | AI-16925 | Airlock IAM's login UI SDK is now referred to as Loginapp Design Kit (instead of Loginapp REST UI SDK). |
Improvement | AI-16748, | Email address changes in Loginapp and Adminapp publish events. |
Improvement | AI-17123 | Add support for all configurable UI elements to display initial data. |
Bugfix | AI-17105 | Relaxed property value validation of Customizable Step UI elements to be more compatible with context-data names. Some context data names could not be used before. |
Bugfix | AI-17102 AI-16819 | Fixed a bug in Customizable Step UI: Forms without an input field can be used correctly. |
Bugfix | AI-16969 | Handle multiple OAuth handshakes in the same session correctly. |
Bugfix | AI-16659 | Fix for Password Authentication Step and Username Password Authentication Step steps that incorrectly logged success logs in case of failed password checks. |
Bugfix | AI-15798 | Avoid exceptions for certain invalid Cronto OTPs. |
Bugfix | AI-16141 | Lock Self-Service Step now also publishes a user locked event. |
Bugfix | AI-16327 | Fixed logging of provided username during OAuth 2.0 account linking. |
Bugfix | AI-16584 | Enabled handling of language codes with country variants (e.g. |
Bugfix | AI-16594 | Loginapp UI validation considers the case sensitivity of string items in User Data Edit Step. |
Adminapp | ||
New | AI-14849 AI-16661 | User management extensions (UME) allow adding custom user management features. |
New | AI-16748, | Email address changes in Loginapp and Adminapp publish events. |
New | AI-16826 AI-16792 | Introduced Content Security Policy (CSP) for Adminapp. The CSP is enabled by default and disables the rich-text editor for maintenance messages. |
New | AI-16424 AI-16346 | The Activities tab in the user details now only displays log entries if a user trail log repository has been configured for the Adminapp module. Log entries are read from the corresponding database. The Activities tab in the User Details page now supports retrieving additional results with "next page" and "previous page" buttons. See User trail logging. |
New | AI-16355 | Configuration option to make user search in the Adminapp more efficient by only searching in selected user attributes. |
New | AI-16498 | Configuration option whether returning to Adminapp user list page should trigger a new search. |
Improvement | AI-16999 AI-17012 | Brushup of the Adminapp UI to adhere to more modern UI concepts. |
Improvement | AI-16506 | Configuration selects the default log file in the log viewer. |
Improvement | AI-14849 | Simplified Generic Token Controller UI. See Generic Token Controller UI configuration. |
Bugfix | AI-17044 | The administrators' menu could not be accessed although access control was configured correctly. |
Bugfix | AI-16478 | Fixed Adminapp user search with locked user filter. |
Bugfix | AI-16610 | Fixed accounting of successful logins for authenticated requests to REST endpoints. |
Database, Persisters | ||
New | AI-9902 | Support for PostgreSQL databases. |
New | AI-16798 | The user trail log is now stored in the database and is therefore shared among multiple IAM instances. See User trail logging. |
New | AI-16582 | User change listener plugins can have a condition of whether they should handle a change or not. |
Improvement | AI-16936 | Migrated all |
Improvement | AI-16736 | MSSQL now uses |
Improvement | AI-16733 | Improved performance when searching users in the Adminapp. The Rowset Range Pattern property in the Database User Persister is no longer required to have the application optimize queries containing an offset and a limit when searching for user entries. |
Improvement | AI-16708 | Searching for unassigned OneSpan Cronto tokens uses now a more efficient query. |
Bugfix | AI-16110 | External Database Password Repository adds user roles configured in the user persister. |
Bugfix | AI-16622 | Fix user insertion in LDAP using LDAP Connector or Ldap User Persister when using a Special Date Time Pattern. |
Configuration and Config Editor | ||
New | AI-16903 | New configuration variables concept allows using variables in the configuration and assigning values from environment variables when starting up IAM instances. |
Improvement | AI-16754 AI-16666 | Improved performance of the config editor for large configs. |
Improvement | AI-15615 | The shared environment (instead of the instance environment) is selected upon Config Editor start. |
Improvement | AI-17107 | Improved readability of the output of the CLI command |
Bugfix | AI-17070 | Config activation may falsely show a failed activation, even though all individual modules were activated successfully. |
Bugfix | AI-17053 | The instance environment could no longer be selected after reloading the plugin configuration or after loading a saved or template config. |
Bugfix | AI-16813 | The right-click delete option Delete all contained plugins in the Config Editor now only deletes contained and unused plugins recursively (and the right-click selected plugin itself of course). |
Miscellaneous | ||
New | AI-16676 | New service task to import existing file-based user trail logs into the new user trail database table. The service task is intended to be run manually, either from the Adminapp user interface or the terminal client. |
New | AI-16750 | Remote event subscriber plugin to notify external systems via HTTP requests. |
New | AI-16799 | New event published if context data is changed. |
New | AI-12584 | New event published if a user logs in from a new device or browser. |
New | AI-16618 | New SMS gateway plugin to select an SMS gateway based on the phone number prefix. |
Improvement | AI-15385 | New properties in instance configuration (instance.properties) control whether the Tomcat web server and access logs are written to |
Improvement | AI-17142 | Versioning |
Improvement | AI-13140 | Removed deprecated Java APIs from |
Improvement | AI-8907 | Unified translation file encodings to UTF-8. |
Improvement | AI-17040 |
During configuration migration, these keys are automatically changed in the |
Improvement | AI-17042 | New IAM instances run in a Docker environment now automatically write the webserver log to standard output in structured JSON format. Existing instances are not affected. |
Improvement | AI-16671 | IAM can now only be started with the correct configuration file ( |
Improvement | AI-14896 | Loginapp Design Kit version number now corresponds to the IAM version. |
Improvement | AI-16416 | Disabled browser spellcheck for Loginapp and Adminapp input fields. |
Improvement | AI-16791 | The Tomcat web server log, as well as the access log, can now be output in structured JSON format. This is for now restricted to the console (standard output). |
Bugfix | AI-17063 | Event bus: |
Bugfix | AI-17228 | When sending HTML emails triggered by a Loginapp or Adminapp event, all dynamic values are now correctly HTML-escaped. |
Bugfix | AI-17028 | Event bus: |
Bugfix | AI-16993 | Audit log files could be written to the wrong file and potentially overwrite existing log files. |
Bugfix | AI-16950 | The user trail log no longer uses an empty string as configuration context. If no custom context is used, the value is now always |
Bugfix | AI-16489 | The With some username transformations, the provided_uid was not set correctly. |