Discontinued

We’ve removed jetty.xml configuration in this release of IDM. The updated Jetty 12.0.16 configuration is replaced with a webserver.json file for global settings and a webserver.listener-*.json file to detect changes. Learn more in Embedded Jetty configuration.

Custom servlet filters are not supported in IDM 8.0. The only servletfilter-* configurations you can continue to use are CrossOriginFilter and LargePayloadServletFilter.

The embedded DS repository is no longer included with IDM. Before you can use IDM, you must select and configure a repository.

We’ve removed the Apache Felix web console in this release of IDM.

We’ve removed tamper protection for CSV audit logs in this release of IDM.

We’ve removed the IWA authentication module in this release of IDM. This feature is a function of PingAM.

We’ve removed IDM standalone self-service and all self-service stages in this release. From IDM 7 onwards, this functionality is replaced by AM Authentication Trees.

We’ve removed social authentication in this release of IDM. The feature is a function of AM. Once a user has logged in through AM (using a social provider or some other way), they can obtain an access token with that session and use the access token to interact with IDM through the rsFilter configuration.

Additionally, Microsoft has deprecated the "Sign In with LinkedIn" functionality as of August 1, 2023. Refer to Sign In with LinkedIn.

We’ve removed progressive profile data collection in this release of IDM. This functionality is already supported by PingOne Advanced Identity Cloud and AM in a platform deployment. Learn more in:

We’ve removed the following samples and example configurations in this release.

Running IDM requires Java 17. Learn more in Java requirements.

We’ve removed the following sample notification configuration files from the /path/to/openidm/samples/example-configurations/conf directory:

We’ve removed the Splunk and Elasticsearch audit event handlers in this release.

IDM 7.4 supports file-based audit handlers and logging to standard output, both of which Elasticsearch and Splunk can consume.

The OAUTH_CLIENT authentication module has been removed. Using OAuth2 for authentication through AM is available with the resource server filter (rsFilter).

The cli.sh update command (used in older releases to apply maintenance updates) has been removed in this release. Learn more about upgrading to the latest IDM release in the Upgrade Guide. The ability to place a server in maintenance mode has also been removed.

Native query expressions using the _queryExpression keyword are no longer supported on managed objects. You must rewrite any custom queries that use _queryExpression as regular filtered queries or as parameterized queries. Native query expressions are still supported for system objects.

For scripted Groovy connectors, the reloadScriptOnExecution property has been removed from all sample provisioner files, as the property is not used by the connectors. To learn more about how scripts are loaded, refer to Script compilation and caching.

The following properties have been removed from <filename>resolver/boot.properties</filename>:

You can no longer specify custom aliases for the default keys that IDM generates on startup. Learn more in The IDM keystore.

In previous IDM releases, the protocol property of a connector server configuration specified the communication protocol to the remote connector server. This property existed for legacy purposes and was set to websocket by default. The property has now been removed and connections to the remote connector server always use the websocket protocol.

The "full stack sample" (Integrating IDM With the ForgeRock Identity Platform) has been removed. The only supported method of authentication through AM is by using AM bearer tokens and the rsFilter authentication module. Learn more in the Platform Setup Guide.

The ability to generate obfuscated and encrypted property values by using the crypto bundle has been removed. The secrets service replaces this functionality. Learn more in Secret stores.

When configuring self-service registration, the idmUserDetails stage had previously used the identityResourceUrl property instead of identityServiceUrl. This stage now correctly uses the identityServiceUrl property. identityResourceUrl has been removed.

The ScriptedCREST connector and the corresponding sample have been removed in this release. Migrate any deployments that use this connector to the Scripted REST connector.

Support for the Office 365 connector has been removed in this release. Instead of the Office 365 connector, use the Microsoft Graph API connector.

Support for the Active Directory (AD) .NET Connector has been removed.