This chapter covers both major changes to existing functionality, and also deprecated and removed functionality.
When you create a new OpenAM custom configuration that uses an
external LDAP directory server for the configuration data store, you must
use a root suffix DN with at least two domain components, such as
The advanced server property used to set the HTTP header name,
has replaced the legacy OpenSSO property
Legacy naming conventions have been changed to conform to the current product name, OpenAM.
$HOME/.openamcfg/ is the new name for
$HOME/.openssocfg/. If you upgrade, OpenAM still
supports use of
$HOME/.openssocfg/, and does not
rename the folder. For new OpenAM installs, OpenAM creates the directory
with the new name,
$HOME/.openamcfg/, at configuration
Other files, such as the
openam.war file, and
paths have been modified to ensure consistency with the naming
OpenAM now ships with multiple .war files. You no longer have to build custom .war files for core server-only or distributed authentication UI installations for example.
In earlier versions the default root suffix DN for OpenAM
configuration and profile data was
The default root suffix is now
The following functionality is deprecated in OpenAM 10.2.0-SNAPSHOT, and is likely to be removed in a future release.
With the implementation of OAuth 2.0 in this release, OAuth 1.0 has been deprecated. OAuth 1.0 support was originally provided in OpenAM 9.
The Netscape LDAP API is to be removed from OpenAM, with OpenAM
using the OpenDJ LDAP SDK instead. This affects all classes in
OpenAM currently uses Sun Java System Application Framework (JATO). JATO is deprecated and is likely to be replaced in a future release.
For OpenAM 10.2.0-SNAPSHOT, the use of the previous session failover implementation has been removed.
With the updated session failover, SAML 2 and session persistence have changed. The methods used prior to OpenAM 10.1.0 are no longer available.
Support for Liberty Identity Web Services Framework (ID-WSF) has been removed.
The advanced server property,
openam.session.destroy_all_sessions, has been replaced
by the built-in Global Session Service setting,
Resources for integrating OpenAM with third-party access and identity management software are not delivered with the distribution.
Javadoc for the client SDK is no longer delivered with the distribution, but instead is available online.