Deprecation
The following features are deprecated and likely to be discontinued in a future release.
Pax Web properties
The following Pax Web properties are deprecated and will be removed in a future release of IDM:
org.ops4j.pax.web.server.maxThreads-
Set the
maxThreadsfield directly in the webserver config or useopenidm.webserver.max.threads. org.ops4j.pax.web.server.minThreads-
There is no replacement for this setting and the minimum thread count is always set to
8. org.ops4j.pax.web.server.jetty.io.idleTimeout-
There is no replacement for this setting and the thread idle timeout is always set to
60000ms.
Read and query the audit endpoint
Query and read operations on the /audit API endpoint are deprecated and will be removed in a future release of IDM. Use the JSON audit event handler or similar to export your data to a third-party audit framework, such as Elastic Stack.
Proxy properties and password purpose
The following proxy properties and purpose are deprecated and will be removed in a future release of IDM:
-
openidm.http.client.proxy.userName -
openidm.http.client.proxy.password -
idm.http.client.proxy.password
Use the idm.http.client.proxy.credentials purpose to store the proxy username and password instead.
Prometheus properties and password purpose
The following Prometheus properties and purpose are deprecated and will be removed in a future release of IDM:
-
openidm.prometheus.username -
openidm.prometheus.password -
idm.prometheus.password
Use the idm.prometheus.credentials secret to store the Prometheus username and password instead.
Java.util.logging
PingIDM now uses Logback to generate its logs. JUL logs are deprecated. You can generate logs in the old format by configuring Logback to use the pattern layout encoder.
info/features endpoint
The info/features endpoint is deprecated and will be removed in a future release of IDM.
Memory usage ratio metrics
Most of the existing JVM metrics have been deprecated and will be removed in a future release of IDM. All previous metrics will continue to function until their removal. The metrics are classified into these categories:
-
The metric name has changed.
-
The metric type has changed.
-
The metric has no replacement, but you might be able to calculate the value on your own.
-
Three metrics remain unchanged:
-
jvm.max-memory
-
jvm.available-cpus
-
jvm.used-memory
-
Use the following table to compare old and new metric names, removed metrics, and type changes:
| Deprecated Metric | New Metric | Notes |
|---|---|---|
jvm.memory-usage.pools.G1-Old-Gen.committed |
jvm.memory-usage.pools.committed_G1-Old-Gen |
|
jvm.memory-usage.pools.CodeHeap-'profiled-nmethods'.init |
jvm.memory-usage.pools.init_CodeHeap-'profiled-nmethods' |
|
jvm.memory-usage.pools.G1-Old-Gen.init |
jvm.memory-usage.pools.init_G1-Old-Gen |
|
jvm.memory-usage.total.max |
N/A |
Removed |
jvm.memory-usage.total.committed |
N/A |
Removed |
jvm.memory-usage.heap.init |
jvm.memory-usage.init_heap |
|
jvm.memory-usage.pools.CodeHeap-'non-nmethods'.usage |
N/A |
Removed |
jvm.memory-usage.pools.Metaspace.init |
jvm.memory-usage.pools.init_Metaspace |
|
jvm.memory-usage.pools.G1-Survivor-Space.committed |
jvm.memory-usage.pools.committed_G1-Survivor-Space |
|
jvm.memory-usage.heap.usage |
N/A |
Removed |
jvm.garbage-collector.G1-Old-Generation.count |
jvm.garbage-collector.count.total_G1-Old-Generation |
Type was "gauge", now "counter" |
jvm.thread-state.waiting.count |
jvm.thread-state_waiting |
|
jvm.class-loading.loaded |
jvm.class-loading.loaded.total |
Type was "gauge", now "counter" |
jvm.memory-usage.pools.CodeHeap-'non-profiled-nmethods'.committed |
jvm.memory-usage.pools.committed_CodeHeap-'non-profiled-nmethods' |
|
jvm.memory-usage.total.init |
N/A |
Removed |
jvm.memory-usage.pools.CodeHeap-'non-nmethods'.used |
jvm.memory-usage.pools.used_CodeHeap-'non-nmethods' |
|
jvm.memory-usage.pools.G1-Eden-Space.init |
jvm.memory-usage.pools.init_G1-Eden-Space |
|
jvm.memory-usage.pools.Metaspace.usage |
N/A |
Removed |
jvm.memory-usage.pools.G1-Eden-Space.max |
jvm.memory-usage.pools.max_G1-Eden-Space |
|
jvm.memory-usage.pools.G1-Old-Gen.max |
jvm.memory-usage.pools.max_G1-Old-Gen |
|
jvm.memory-usage.total.used |
N/A |
Removed |
jvm.memory-usage.pools.CodeHeap-'profiled-nmethods'.used |
jvm.memory-usage.pools.used_CodeHeap-'profiled-nmethods' |
|
jvm.memory-usage.pools.G1-Survivor-Space.init |
jvm.memory-usage.pools.init_G1-Survivor-Space |
|
jvm.memory-usage.non-heap.max |
jvm.memory-usage.max_non-heap |
|
jvm.memory-usage.pools.G1-Survivor-Space.max |
jvm.memory-usage.pools.max_G1-Survivor-Space |
|
jvm.memory-usage.pools.CodeHeap-'profiled-nmethods'.max |
jvm.memory-usage.pools.max_CodeHeap-'profiled-nmethods' |
|
jvm.thread-state.daemon.count |
jvm.thread-state.daemon |
|
jvm.memory-usage.pools.G1-Eden-Space.used-after-gc |
jvm.memory-usage.pools.used-after-gc_G1-Eden-Space |
|
jvm.thread-state.new.count |
jvm.thread-state_new |
|
jvm.memory-usage.pools.G1-Eden-Space.used |
jvm.memory-usage.pools.used_G1-Eden-Space |
|
jvm.garbage-collector.G1-Young-Generation.time |
jvm.garbage-collector.time.total_G1-Young-Generation |
Type was "gauge", now "counter" |
jvm.memory-usage.pools.CodeHeap-'non-profiled-nmethods'.max |
jvm.memory-usage.pools.max_CodeHeap-'non-profiled-nmethods' |
|
jvm.memory-usage.heap.used |
jvm.memory-usage.used_heap |
|
jvm.class-loading.unloaded |
jvm.class-loading.unloaded.total |
Type was "gauge", now "counter" |
jvm.memory-usage.pools.G1-Eden-Space.committed |
jvm.memory-usage.pools.committed_G1-Eden-Space |
|
jvm.memory-usage.heap.max |
jvm.memory-usage.max_heap |
|
jvm.memory-usage.pools.Metaspace.used |
jvm.memory-usage.pools.used_Metaspace |
|
jvm.memory-usage.non-heap.used |
jvm.memory-usage.used_non-heap |
|
jvm.memory-usage.pools.Compressed-Class-Space.usage |
N/A |
Removed |
jvm.memory-usage.non-heap.usage |
N/A |
Removed |
jvm.memory-usage.pools.CodeHeap-'non-profiled-nmethods'.init |
jvm.memory-usage.pools.init_CodeHeap-'non-profiled-nmethods' |
|
jvm.memory-usage.pools.Compressed-Class-Space.init |
jvm.memory-usage.pools.init_Compressed-Class-Space |
|
jvm.memory-usage.pools.G1-Old-Gen.used |
jvm.memory-usage.pools.used_G1-Old-Gen |
|
jvm.thread-state.timed_waiting.count |
jvm.thread-state_timed_waiting |
|
jvm.memory-usage.pools.G1-Old-Gen.usage |
N/A |
Removed |
jvm.memory-usage.pools.CodeHeap-'non-profiled-nmethods'.usage |
N/A |
Removed |
jvm.garbage-collector.G1-Young-Generation.count |
jvm.garbage-collector.count.total_G1-Young-Generation |
Type was "gauge", now "counter" |
jvm.thread-state.terminated.count |
jvm.thread-state_terminated |
|
jvm.garbage-collector.G1-Old-Generation.time |
jvm.garbage-collector.time.total_G1-Old-Generation |
Type was "gauge", now "counter" |
jvm.memory-usage.heap.committed |
jvm.memory-usage.committed_heap |
|
jvm.memory-usage.pools.Metaspace.committed |
jvm.memory-usage.pools.committed_Metaspace |
|
jvm.memory-usage.pools.CodeHeap-'non-nmethods'.committed |
jvm.memory-usage.pools.committed_CodeHeap-'non-nmethods' |
|
jvm.memory-usage.non-heap.committed |
jvm.memory-usage.committed_non-heap |
|
jvm.memory-usage.pools.G1-Survivor-Space.usage |
N/A |
Removed |
jvm.thread-state.blocked.count |
jvm.thread-state_blocked |
|
jvm.memory-usage.pools.G1-Survivor-Space.used-after-gc |
jvm.memory-usage.pools.used-after-gc_G1-Survivor-Space |
|
jvm.memory-usage.pools.G1-Eden-Space.usage |
N/A |
Removed |
jvm.memory-usage.pools.CodeHeap-'non-profiled-nmethods'.used |
jvm.memory-usage.pools.used_CodeHeap-'non-profiled-nmethods' |
|
jvm.memory-usage.pools.G1-Survivor-Space.used |
jvm.memory-usage.pools.used_G1-Survivor-Space |
|
jvm.memory-usage.pools.Compressed-Class-Space.committed |
jvm.memory-usage.pools.committed_Compressed-Class-Space |
|
jvm.memory-usage.pools.CodeHeap-'non-nmethods'.init |
jvm.memory-usage.pools.init_CodeHeap-'non-nmethods' |
|
jvm.thread-state.count |
N/A |
Removed |
jvm.memory-usage.non-heap.init |
jvm.memory-usage.init_non-heap |
|
jvm.thread-state.runnable.count |
jvm.thread-state_runnable |
|
jvm.memory-usage.pools.CodeHeap-'profiled-nmethods'.committed |
jvm.memory-usage.pools.committed_CodeHeap-'profiled-nmethods' |
|
jvm.memory-usage.pools.Metaspace.max |
jvm.memory-usage.pools.max_Metaspace |
|
jvm.memory-usage.pools.G1-Old-Gen.used-after-gc |
jvm.memory-usage.pools.used-after-gc_G1-Old-Gen |
|
jvm.memory-usage.pools.Compressed-Class-Space.max |
jvm.memory-usage.pools.max_Compressed-Class-Space |
|
jvm.memory-usage.pools.CodeHeap-'non-nmethods'.max |
jvm.memory-usage.pools.max_CodeHeap-'non-nmethods' |
|
jvm.memory-usage.pools.CodeHeap-'profiled-nmethods'.usage |
N/A |
Removed |
jvm.memory-usage.pools.Compressed-Class-Space.used |
jvm.memory-usage.pools.used_Compressed-Class-Space |
|
jvm.free-used-memory |
jvm.free-memory |
Secrets and passwords stored in configuration
Storing secrets and passwords directly in configuration and property files is deprecated and will be removed in a future release of IDM. Use Secret stores for secret resolution.
Relationship schema query filter
The Query Filter field in the Edit Resource window of relationship schema properties has been deprecated.
Use cases requiring a delegated admin to see a subset of users or other objects can use a query filter on the role privilege to limit the users returned by the query.
Secret store class renamed
The org.forgerock.openidm.secrets.config.FileBasedStore class has been deprecated and replaced by org.forgerock.openidm.secrets.config.KeyStoreSecretStore. The old class is currently an alias.
Access configuration in access.js
In previous releases, access rules were configured in the access.js script. This script has been replaced by an access.json configuration file, that performs the same function. Existing deployments that use customized access.js files are still supported for backward compatibility. However, support for access rules defined in access.js is deprecated, and will be removed in a future release. You should move these access rules to a conf/access.json file. For more information, refer to Authorization and roles.
Actions on scheduler endpoint
The action parameter on the scheduler endpoint was deprecated in Version 1 of the endpoint and is not supported in Version 2.
To validate a cron expression, use the validateQuartzCronExpression action on the scheduler/job endpoint, as described in Validate Cron Trigger Expressions.
Health endpoints
The health endpoints, used to monitor system activity have been deprecated in this release, as their functionality was not considered to be of much use.
The information available on health/recon was node-specific. Instead, you can retrieve cluster-wide reconciliation details with a GET on the recon endpoint.
The information available on the health/os and health/memory endpoints can be retrieved by inspecting the JVM metrics.
Conditional query filters
The syntax of conditional query filters and scripts within notification filters has changed in this release. In previous IDM releases, request properties such as content in create and update requests or patchOperations in patch requests were referenced directly. For example, a previous configuration might have used the following query filter:
"condition" : "content/manager pr"In IDM 7 and later, query filters and scripts should reference the request object to obtain any request properties. Sample query filters have been changed accordingly. The previous example would be changed to the following:
"condition" : "request/content/manager pr",This syntax is more verbose, but it lets script implementations use request visitors logic based on the request type, and is more consistent with generic router filters.
The old request syntax will still work in IDM 7.0, but is considered deprecated. Support for the old syntax will be removed in a future release. Note that this change is limited to notification filters. Filters such as those used with scripted endpoints have never supported direct access to request properties, and are therefore not changing. For more information on notification filters, refer to Configure notifications.
oauthReturn endpoint
Support for oauthReturn as an endpoint for OAuth2 and OpenID Connect standards has been deprecated for interactions with AM and will be removed in a future release. Support for interactions with social identity providers was removed in IDM 6.5.0.
Default versions of relevant configuration files no longer include oauthReturn in the redirectUri setting. However, for IDM 8, these configuration files should still work both with and without oauthReturn in the endpoint.
timeZone in schedules
In Configure schedules, setting a time zone using the timeZone field is deprecated. To specify a time zone for schedules, use the startTime and endTime fields.
MD5 and SHA-1 hash algorithms
Support for the MD5 and SHA-1 hash algorithms is deprecated and will be removed in a future release. You should use more secure algorithms in a production environment. For a list of supported hash algorithms, refer to Salted Hash Algorithms.
JAVA_TYPE_DATE attribute type
Support for the native attribute type, JAVA_TYPE_DATE, is deprecated and will be removed in a future release. This property-level extension is an alias for string. Any dates assigned to this extension should be formatted per ISO 8601.
POST request with ?_action=patch
Support for a POST request with ?_action=patch is deprecated, when patching a specific resource. You can still use ?_action=patch when patching by query on a collection.
Clients that do not support the regular PATCH verb should use the X-HTTP-Method-Override header instead.
For example, the following POST request uses the X-HTTP-Method-Override header to patch user jdoe’s entry:
curl \
--header "X-OpenIDM-Username: openidm-admin" \
--header "X-OpenIDM-Password: openidm-admin" \
--header "Accept-API-Version: resource=1.0" \
--header "Content-Type: application/json" \
--request POST \
--header "X-HTTP-Method-Override: PATCH" \
--data '[
{
"operation":"replace",
"field":"/description",
"value":"The new description for Jdoe"
}
]' \
"http://localhost:8080/openidm/managed/user/jdoe"
minLength property
The managed object property minLength is deprecated. When you need to specify a minimum length for a property, use the minimum-length policy:
{
"policyId" : "minimum-length",
"params" : {
"minLength" : 8
}
}Read requests at top of /config
Support for top-level read requests to the /config endpoint is deprecated. You can still retrieve a list of config IDs by querying the /config endpoint.
Defining object schema type attribute in an array when it is a single type
Support for specifying an object’s schema type attribute in an array when there is only a single type is deprecated and will be removed in a later release.
This affects schemas with type attribute definitions in the form:
{
"type" : ["string"]
}type attribute definitions in this form should be updated to:
{
"type" : "string"
}For additional information, refer to the JSON schema type attribute definition.