Structural configuration changes in IAM 8.0

For Airlock 8.0 the IAM configuration has been simplified and structurally changed, and renamed in some points.

  • The main reasons for structural configuration changes and simplifications are:
  • Removal of the old JSP-Loginapp.
  • Removal of deprecated features.
  • Simplification of unnecessarily complex Loginapp configuration where possible.
  • Improved names of properties and plugins.

This article lists structural configuration changes that may require your attention when upgrading to IAM 8.0. Most changes are automatically migrated when upgrading but you may want to review the resulting configuration and know where to find moved configuration properties.

Loginapp configuration structural changes

All config paths in the following table are relative to the Loginapp top-level node.

Config path in 7.7 and older

Config path in 8.0 and newer


The Loginapp >> REST Settings have been removed and its properties have been moved partly to top-level Loginapp properties, partly to the new Session-less REST Endpoints plugin, and partly to the Security Settings plugin.

Loginapp >> REST Settings >> Context Extractor

Context Extractor

REST Settings >> Airlock Gateway (WAF) Settings

Gateway Settings

REST Settings >> Geolocation Provider

Geolocation Provider

REST Settings >> Technical Client Registration

Technical Client Registration

REST Settings >> Maintenance Message Settings

Maintenance Messages

REST Settings >> Encryption Key (Base64 Encoded)

Security Settings >> Encryption Key (Base64 Encoded)

REST Settings >> HMAC Key (Base64 Encoded)

Security Settings >> Security Settings >> HMAC Key (Base64 Encoded)

REST Settings >> CORS Settings

Security Settings >> CORS Settings

REST Settings >> CSRF Protection

Security Settings >> CSRF Protection

REST Settings >> Fixed Response Duration

Security Settings >> Minimal Error Response Duration [ms]

REST Settings >> User Self-Service Settings

Session-less REST Endpoints >> User Self-Service Settings

REST Settings >> User Token Settings

Session-less REST Endpoints >> User Token Settings

REST Settings >> User Token Settings >> Cronto Handler

Cronto App Communication

REST Settings >> Request Authentication

Session-less REST Endpoints >> Request Authentication

REST Settings >> Request Authorization

Session-less REST Endpoints >> Request Authorization


The following settings have been moved from Authentication Flows to Gateway Settings:

Authentication Flows >> Client Fingerprinting Lockout Threshold

Gateway Settings >> Client Fingerprinting Lockout Threshold

Authentication Flows >> Removed Roles Mappings

Gateway Settings >> Removed Roles Mappings


Renamed Authentication Flows to better reflect that it is about target applications and authentication flows.

Authentication Flows

Applications and Authentication

Other configuration structural changes

Config path in 7.7 and older

Config path in 8.0 and newer

mTAN Authentication Step >> mTAN Settings >> Basic mTAN Settings >> Language-specific Template

mTAN Authentication Step >> Message Provider

MAIN SETTINGS >> Password Settings >> Maximum Wrong Old Passwords

Mandatory Password Change Step >> Old Password Required

MAIN SETTINGS >> Password Settings >> Password Change Without Old Password

Mandatory Password Change Step >> Old Password Attempts

Airlock 2FA Settings String Resources File

Loginapp >> Language Settings >> Resource File Prefix (or other IAM modules' language settings - e.g. for transaction approval).

For the RADIUS server, the property has been moved into the Airlock 2FA Authenticator plugin.