Chapter 3. OpenAM Changes & Deprecated Functionality
Prev   Next

Chapter 3. OpenAM Changes & Deprecated Functionality

Table of Contents
3.1. Major Changes to Existing Functionality
3.2. Deprecated Functionality
3.3. Removed Functionality

This chapter covers both major changes to existing functionality, and also deprecated and removed functionality.

3.1. Major Changes to Existing Functionality

  • When you create a new OpenAM custom configuration that uses an external LDAP directory server for the configuration data store, you must use a root suffix DN with at least two domain components, such as dc=example,dc=com.

  • The advanced server property used to set the HTTP header name, com.sun.identity.authentication.client.ipAddressHeader , has replaced the legacy OpenSSO property com.sun.identity.session.httpClientIPHeader (OPENAM-1879).

  • Legacy naming conventions have been changed to conform to the current product name, OpenAM.

    $HOME/.openamcfg/ is the new name for $HOME/.openssocfg/. If you upgrade, OpenAM still supports use of $HOME/.openssocfg/, and does not rename the folder. For new OpenAM installs, OpenAM creates the directory with the new name, $HOME/.openamcfg/, at configuration time.

    Other files, such as the openam.war file, and paths have been modified to ensure consistency with the naming conventions.

  • OpenAM now ships with multiple .war files. You no longer have to build custom .war files for core server-only or distributed authentication UI installations for example.

  • In earlier versions the default root suffix DN for OpenAM configuration and profile data was dc=opensso,dc=java,dc=net. The default root suffix is now dc=openam,dc=forgerock,dc=org.

3.2. Deprecated Functionality

The following functionality is deprecated in OpenAM 10.2.0-SNAPSHOT, and is likely to be removed in a future release.

  • With the implementation of OAuth 2.0 in this release, OAuth 1.0 has been deprecated. OAuth 1.0 support was originally provided in OpenAM 9.

  • The Netscape LDAP API is to be removed from OpenAM, with OpenAM using the OpenDJ LDAP SDK instead. This affects all classes in com.sun.identity.shared.ldap.* packages.

  • OpenAM currently uses Sun Java System Application Framework (JATO). JATO is deprecated and is likely to be replaced in a future release.

3.3. Removed Functionality

  • For OpenAM 10.2.0-SNAPSHOT, the use of the previous session failover implementation has been removed.

  • With the updated session failover, SAML 2 and session persistence have changed. The methods used prior to OpenAM 10.1.0 are no longer available.

  • Support for Liberty Identity Web Services Framework (ID-WSF) has been removed.

  • The advanced server property, openam.session.destroy_all_sessions, has been replaced by the built-in Global Session Service setting, DESTROY_OLD_SESSIONS.

  • Resources for integrating OpenAM with third-party access and identity management software are not delivered with the distribution.

  • Javadoc for the client SDK is no longer delivered with the distribution, but instead is available online.

Prev   Next
Chapter 2. Before You Install OpenAM 10.2.0-SNAPSHOT Software Home Chapter 4. OpenAM Fixes, Limitations, & Known Issues