Documentation updates

AME-31340: Document ability of Push Notification service to reset device ID

AME-31138: Document removal of library scripts from custom scripted nodes

OPENAM-23714: Indicate that only one secret can be active for any secret label mapping

OPENAM-23616: Client secret not required for OAuth 2.0 client update request

AME-31026: Deprecate audit event handlers

AME-30978: Add the Set Error Details node to nodes list and add details about the acceptException() method

AME-30936: Mark legacy monitoring as deprecated

AME-30901: Document dynamic client registration scripting

AME-30890: OPENAM-23637: Add documentation for No Session Trees and update session text where necessary

AME-30857: Config Provider node script enabled for next-gen scripting engine

AME-30819: Upgrade instructions for Tomcat 10

AME-30789: Remove SNMP properties from the documentation

AME-30457: Document updated TLS Client Certificate Header Format option value

AME-30442: OPENAM-22904: Overhaul STS guide - remove SOAP STS and modules and chains

AME-30393: Document new next-generation cookieName binding

AME-30392: Document next-generation context for policy condition scripts

AME-30344: Document DER-formatted certificates for OAuth2: Client authentication

AME-30333: Document IDM Environment Condition

AME-30291: SAML certificate metadata update

AME-30249: Document backchannel authentication

AME-30229: Document the Message-Authenticator attribute config for RADIUS servers

AME-30173: Update Evaluation guide to use external DS

AME-30154: Document prevent use of mustRun trees as realm default

AME-30046: AM: Document the Flow Control node

AME-30026: Document new next-gen scripting utils.crypto.subtle binding

AME-29963: AME-30155: Document OIDC application journeys

AME-29951: Document back-channel logout exp claim

AME-29759: Document new next-generation script method to get random values

AME-29757: Document removal of custom Social IdP UI configuration properties

AME-29754: Document new suspend and resume functionality in Scripted Decision node

AME-29685: Revise the section about post-authentication tree hooks

AME-29619: Add navigation for the new Success Details node

AME-29538: Update next-generation scripting documentation with exception handling scenarios

AME-29511: Document the WebAuthn metadata service and related secret label for FIDO certification

AME-29485: Document samlApplication script binding

AME-29415: Document the Failure Details node

AME-29406: AME-29431: Document new prometheus endpoints

AME-29326: Document property to indicate OIDC provider doesn’t return unique value for the sub claim

AME-29179: Document additional Config Provider node options

AME-29168: Add section on node security

AME-29165: Added "Send an HTTP request" section

AME-29164: Update Maintain Authentication nodes

AME-29163: Update Plugin Class

AME-29162: Update Handle Errors

AME-29161: AME-29141: Reorganise node developer guide

AME-29160: Update Action Class

AME-29159: Update Inject Objects into a node

AME-29155: Document new NodeState merge state methods

AME-29133: Config Interface @Attribute Improvements

AME-29132: Node Metadata Improvements

AME-29131: Node Class Improvements

AME-29129: AME-29127: AME-29130: Updates to nodes 'Prepare for development' page

AME-29072: Document change in behavior for self-signed root CA provided in WebAuthN attestation

AME-28883: Document grace period for client-side sessions in one-to-one storage scheme

AME-28726: Documentation for custom LINE OIDC config

AME-28682: Outdated options in DS command-line examples

AME-28614: Documentation of fix for validateJwtClaims failing when using a RS256: Alg signature

AME-28596: Document add entity configuration to enable journey association

AME-28322: Document new scripting monitoring metrics

AME-28264: Document new advanced server property for configurable ID token clock skew time

AME-28256: Document configure journey to always run to completion

AME-28057: Document Distributed Tracing

AME-27982: Add Customize account lockout message example from KB

AME-27965: Add KB content from How do I add a roles claim to the OIDC Claims Script in AM?

AME-27964: Add KB content from How do I add a session property claim to the OIDC Claims Script?

AME-27963: Adding salient info from How do I add custom claims to the OIDC Claims Script in AM?

AME-27962: Add content from How do I override claims in the OIDC ID token in Identity Cloud or AM?

AME-27953: Documentation for enabling mTLS for HTTP Client script binding

AME-27930: Docs on preparing a truststore should use DS 7.x security model

AME-27878: Document customizing SAML NameID with a script

AME-27846: Document the addition of encodeURI form body for httpClient

AME-27845: Document the Scripted Decision node access to context.request.cookies

AME-27844: Document new functions added to ActionWrapper next-generation script binding

AME-27843: Document rotation of the http proxy password without server restart

AME-27841: Document availability of utility classes in library scripts

AME-27840: Documentation for new utility class script bindings

AME-27838: Document secrets binding for all next-generation scripts

AME-27834: Client certificate in SP metadata is configurable

AME-27774: AME-27792: Document audit logging changes for trees

AME-27726: Add more information for activity audit log events

AME-27697: Document jwtAssertion and jwtValidator next-generation scripting improvements

AME-27609: Document renaming of OAuth2: Client ID Token Public Encryption Key property

DOCS-7931: Rename ForgeRock SDKs to Ping SDKs

OPENAM-28565: Add note to docs about reserved binding names

OPENAM-23662: Document the Amster Jwt Decision node

OPENAM-23660: Update docs to include info on default trees that exist in AM 8

OPENAM-23620: Update REST version messages

OPENAM-23558: Provide more info on the am_authentication_count metric

OPENAM-23549: Error in documentation on scope validation

OPENAM-23547: Remove deprecated openam-legacy-debug-slf4j module from docs

OPENAM-23513: Update supported directory stores

OPENAM-23463: Docs for Journey Timeout settings for authenticated sessions

OPENAM-23461: Docs for Journey Timeout settings for pre-authentication sessions

OPENAM-23411: Document changes to default denylist poll interval

OPENAM-23410: Document changes to mergeShared and mergeTransient nodeState methods

OPENAM-23407: Updated Localize AM section to make it clearer that you have to download the UI first

OPENAM-23362: Success Redirect order is incorrect

OPENAM-23278: Clarify docs on CTS token types

OPENAM-23277: Update Amster upgrade section to include 7.5

OPENAM-23188: Correct steps for accessing am-external in auth node developer guide

OPENAM-23171: Errors in SAML 2.0: profile OAuth 2: Grant docs

OPENAM-23104: authLib script context missing from docs

OPENAM-23081: Document improvements to transactional authorization

OPENAM-23078: Update steps for letting DS manage CTS tokens

OPENAM-23066: Update amr claims section to use OIDC claims script instead of module mapping

OPENAM-23036: Incorrect example used in Configure scr claims

OPENAM-23005: Add section on creating trees using REST

OPENAM-22887- 22906: Remove deprecated modules and chains from the documentation

OPENAM-22899: Add notes to the Radius guide about reenabling modules and chains

OPENAM-22878: Document the settings for OCSP verification

OPENAM-22871: Wrong default value for STS Instance is running as remote instance

OPENAM-22841: Document new OIDC LinkedIn social identity provider configuration

OPENAM-22813: Remove AM 6.x references including for supported upgrades

OPENAM-22741: Adding missing step in "Configure amr claims" procedure

OPENAM-22641: Corrected token terminology per feedback

OPENAM-22635: Rework pruning CTS tokens

OPENAM-22607: Link to DS docs for appropriate tuning info

OPENAM-22549: Add references for Set State node

OPENAM-22525: Add HSM support info from KB

OPENAM-22515: Document Logout Webhook key WebhookEventType

OPENAM-22417: Add link to max length property for goTo URL

OPENAM-22385: Document default values for Session properties

OPENAM-22356: Include a more useful link in Release Notes for custom auth node secrets enablement

OPENAM-22343: Document method return types for the script binding

OPENAM-22339: Provide example systemd script for AM

OPENAM-22327: Remove mention of Internet Explorer from AM docs

OPENAM-22254: Update browser support table for WebAuthn

OPENAM-22157: Clarify version support in upgrade instructions

OPENAM-22152: Additional information required in token exchange impersonation

OPENAM-22100: OPENAM-22049: OPENAM-22885: OPENAM-21325: Various improvements to upgrading servers section

OPENAM-22099: Remove misleading information about unsupported custom callbacks

OPENAM-22045: Corrected default log level

OPENAM-21935: Document the maximum JWT token liftime accepted by AM

OPENAM-21907: Added a tip to the setup guide for finding server and site IDs

OPENAM-21857: Document security hardening for UMA confusable homoglyphs

OPENAM-21763: Update terminology around "sessions" to use authenticated and pre-authentication

OPENAM-21763: Changed pre-authentication session terminology to journey session

OPENAM-21744: Removed incorrect statement about invalidating client-side auth session

OPENAM-21591: Document checkIssuerForIdTokenInfo advanced server property

OPENAM-20673: Clarify device reset with WebAuthn

OPENAM-20591: Prevent ClassNotFoundException when removing click-* jars

OPENAM-19899: Remove all instances of /UI/login

OPENAM-19575: OIDC guide feedback: Check algorithm statement for /oauth2/connect/jwk_uri

OPENAM-19533: Remove unnecessary images from installation steps

OPENAM-19395: Distinguish between general mail server and self-service mail service

SDKS-3759: Added verifyTransactionsHelper script binding docs from AIC.

SDKS-3173: The PingOne Worker service requires a configured OAuth2 provider service.

SDKS-2959: Document PingOne Protect-related callbacks

SDKS-2953: Document PingOne Worker service

SDKS-2864: Adding new nodes to catalog page in AM

SDKS-2861: Add PingOne Protect nodes to the list of nodes

AME-29538: Update next-generation scripting documentation with exception handling scenarios

AME-28883: Add info from KB about different token types in the CTS

AME-28766: Documentation for new utility class script binding

AME-28682: Update options in DS command-line examples

AME-27982: Add customize account lockout message example from Knowledge Base

AME-27930: Documentation on preparing a truststore should use DS 7.x security model

AME-27726: Add more information for activity audit log events

AME-22545: com.sun.identity.sm.filebased_embedded_enabled must be set to false after migration

AMAGENTS-6487: Update info about web agent and session cookie name in line with changes to web agent docs

FRAAS-20042: Add content from How do I check what MFA devices are registered to a user in Identity Cloud and AM?

OPENAM-23277: Update Amster upgrade section to include 7.5

OPENAM-23188: Correct steps for accessing am-external in auth node developer guide

OPENAM-23078: Update steps for letting DS manage CTS tokens

OPENAM-23005: Add section on creating trees using REST

OPENAM-22972: Request to add a statement on async in doc

OPENAM-22931: Two callbacks are incorrectly named in the documentation

OPENAM-22871: Wrong default value for STS instance is running as remote instance

OPENAM-22741: Add missing step in "Configure amr claims" procedure

OPENAM-22641: Correct token terminology per feedback

OPENAM-22635: Rework pruning CTS tokens

OPENAM-22607: Link to DS docs for appropriate tuning info

OPENAM-22515: Document Logout Webhook key WebhookEventType

OPENAM-22356: Include a more useful link in Release Notes for custom auth node secrets enablement

OPENAM-22343: Document method return types for the script binding

OPENAM-22339: Provide example systemd script for AM

OPENAM-22327: Remove mention of Internet Explorer from AM documentation

OPENAM-22254: Update browser support table for WebAuthn

OPENAM-22157: Clarify version support in upgrade instructions

OPENAM-22099: Remove misleading information about unsupported custom callbacks

OPENAM-22045: Correct default log level

OPENAM-21935: Document the maximum JWT token lifetime accepted by AM

OPENAM-21907: Added a tip to the Setup guide for finding server and site IDs

OPENAM-21778: Error in documentation on modifying access tokens

OPENAM-20673: Clarify device reset with WebAuthn

OPENAM-20591: Prevent ClassNotFoundException when removing click-* jars

OPENAM-19899: Remove all instances of /UI/login

OPENAM-19575: OIDC guide feedback: Check algorithm statement for /oauth2/connect/jwk_uri

OPENAM-19533: Remove unnecessary images from installation steps

OPENAM-19395: Distinguish between general mail server and self-service mail service

SDKS-3173: The PingOne Worker service requires a configured OAuth 2.0 provider service

SDKS-2861: Add PingOne Protect nodes to the list of nodes

OPENAM-22207: List HiddenValueCallback as interactive not read-only

OPENAM-22098: Additional information required in JWT validation example

OPENAM-22065: Fix Knowledge Base link in documentation

OPENAM-22061: The Get Session Data Node updates the objectAttributes

OPENAM-21964: Update and align documentation for secret default mappings

OPENAM-21914: Clarify deprecation and replacement of shared and transient state bindings

OPENAM-21900: The Identify Existing User Node updates the shared state username

OPENAM-21885: Clarify statement on realms in the API Explorer docs

OPENAM-21882: Document minimum OTP length for HOTP Generator node

OPENAM-21851: Clarify use of setting for the IdP

OPENAM-21801: Next generation scripting: Update nodeState.getObject

OPENAM-21798: Next generation scripting: Document "get" wrapper functions

OPENAM-21759: Clarify use of Java class allowlisting in next-generation scripting

OPENAM-21754: Add warning to library scrips about use of third party libraries

OPENAM-21723: Attribute Present Decision node: Add note about case-sensitivity

OPENAM-21711: Incorrect acr_values step in Backchannel request grant

OPENAM-21706: Policy evaluation will succeed for failed transactional authorization under certain conditions

OPENAM-21699: Fix example for authenticating to specific services

OPENAM-21696: Add a note to the Set Custom Cookie node docs around host vs domain cookies

OPENAM-21670: Setup guide: Check and update link to affinity load balancing

OPENAM-21667: Sessions guide: Set JWT token expiry if you update max session TTL

OPENAM-21622: Retry limit decision node: Wrong shared state property name

OPENAM-21620: Node development: Improve and correct Node class documentation

OPENAM-21603: Missing spaces in catalina opts example prevents tomcat starting

OPENAM-21504: List Prometheus output with better description.

OPENAM-21418: Fix numbering in JWT profile sequence diagram

OPENAM-21413: Sample script in SAML docs does not work

OPENAM-21344: Update profile data scripting examples with try-catch blocks

OPENAM-20906: Artifact changes in AM 7.3 are not documented in Release Notes

OPENAM-20752: OAuth2 scripted policy condition variables needs updating

OPENAM-20522: State in docs that Sector Identifier URI is needed for Pairwise OAuth2Client profile

OPENAM-20349: Add detail to the Device Match node docs

OPENAM-19204: Customer cannot rely on Transient Node data for WebAuthN Authentication Node

OPENAM-18095: Update documentation with all available audit log fields

AME-29951: Document back-channel logout exp claim

AME-29538: Update next-generation scripting documentation with exception handling scenarios

AME-27726: Add more information for activity audit log events

AME-27697: Document jwtAssertion and jwtValidator next-generation scripting improvements

AME-27432: SAML Artifact flow fails when running AM with JRE 17

AME-22545: com.sun.identity.sm.filebased_embedded_enabled must be set to false after migration

OPENAM-23394: Clarify usage of FBC at install time

OPENAM-23362: Success redirect order is incorrect

OPENAM-23359: Added note about FBC not being supported

OPENAM-23188: Correct steps for accessing am-external in node developer guide

OPENAM-23078: Update steps for letting DS manage CTS tokens

OPENAM-22972: Request to add a statement on async in doc

OPENAM-22871: Wrong default value for STS instance is running as remote instance

OPENAM-22741: Adding missing step in "Configure amr claims" procedure

OPENAM-22635: Procedure for enabling the AM reaper is incorrect

OPENAM-22515: Document Logout Webhook key WebhookEventType

OPENAM-22327: Remove mention of Internet Explorer from AM docs

OPENAM-22254: Update browser support table for WebAuthn

OPENAM-22207: List HiddenValueCallback as interactive not read-only

OPENAM-22157: Clarify version support in upgrade instructions

OPENAM-22100 OPENAM-22049 OPENAM-22885 OPENAM-21325: Improvements to upgrading servers section

OPENAM-22099: Remove misleading information about unsupported custom callbacks

OPENAM-22045: Corrected default log level

OPENAM-21935: Document the maximum JWT token liftime accepted by AM

OPENAM-21907: Added a tip to the setup guide for finding server and site IDs

OPENAM-21744: Removed an incorrect statement about invalidating client-side auth session

OPENAM-21650: Updated base DN for AM configuration data

OPENAM-21165: Request for a sample script to be added to the docs

OPENAM-20673: Clarify device reset with WebAuthn

OPENAM-20591: Prevent ClassNotFoundException when removing click-* jars

OPENAM-19899: Remove all instances of /UI/login

OPENAM-19575: OIDC guide feedback: Check algorithm statement for /oauth2/connect/jwk_uri

OPENAM-19533: Remove unnecessary images from install steps

OPENAM-19395: Distinguish between general mail server and self-service mail service

AME-27930: Prepare truststore should use 7.x DS security model

AME-27531: Incorrect description for Scripting Engine configuration for Thread pool queue size

AME-25385: Document the HTTP client asynchronous feature

OPENAM-22635: Procedure for enabling the AM reaper is incorrect

OPENAM-22207: List HiddenValueCallback as interactive not read-only

OPENAM-22099: Remove misleading information about unsupported custom callbacks

OPENAM-22098: Additional information required in JWT validation example

OPENAM-22066: Document Social Provider Handler node nodeState updates

OPENAM-22065: Fix Knowledge Base link in documentation

OPENAM-21914: Clarify deprecation and replacement of shared and transient state bindings

OPENAM-21851: Clarify use of Single SignOn Service setting for the IdP

OPENAM-21801: Next generation scripting: Update nodeState.getObject

OPENAM-21798: Next generation scripting: Document "get" wrapper functions

OPENAM-21754: Add warning to library scrips about use of third party libraries

OPENAM-21699: Fix example for authenticating to specific services

OPENAM-21696: Add a note to the Set Custom Cookie node docs around host vs domain cookies

OPENAM-21667: Sessions guide: Set JWT token expiry if you update max session TTL

OPENAM-21666: Security guide: Byte and MB values of request body limit don’t match

OPENAM-21620: Node development: Improve and correct Node class documentation

OPENAM-21603: Missing spaces in catalina opts example prevents tomcat starting

OPENAM-21457: Clarify where the Failure node routes a user

OPENAM-21419: Security guide: Attach Java examples for custom secret stores

OPENAM-21413: Fix sample script in SAML docs

OPENAM-21344: Update profile data scripting examples with try-catch blocks

OPENAM-20752: OAuth 2.0 scripted policy condition variables need updating

OPENAM-20522: State that Sector Identifier URI is needed for Pairwise OAuth2Client profile

OPENAM-18598: Clarify account linking in Social Provider Handler Node documentation

OPENAM-18095: List all usable audit log attributes

Corrected name of SSOResponse binding in SAML SP adapter sample script.

Added links to Knowledge Base articles about restricting access to endpoints.

Updated social identity provider configuration reference with more information about transformation scripts and added realm to redirect URL example.

Provided more detail about audit log events.

Corrected error in WDSSO REST call in Authentication guide.

Note added about a SESSION_BLACKLIST token that exists for client-side authentication sessions.

Clarified documentation for the OIDC user info plugin that the /userinfo retrieves claims from the profile scope only.

Added explanation for audit filtering example in the Security guide.

Amended wording describing the Amster version used for upgrading exported configuration.

Updated instructions to download the UI source.

Documented changes to the OAuth 2.0 device authorization grant.

Updated format of scripting logger names

Fixed error in Device Profile Collector node documentation.

Clarified information around tuning the CTS connection pool.

Added note to caution that a certificate must exist in the keystore before mapping secrets to that keystore.

Removed references to unsupported CoreWrapper API from the documentation.

Improved the information about the bindings available to OAuth 2.0 scripted extensions.

Added more information for the following authentication nodes:

Corrected information about storing device data in shared state for OATH Registration node.

Updated Node development documentation with a note that OTP Email Sender node supports plain text notifications only.

Added note to advise installers and upgraders to remove web.xml entry to prevent a click-servlet exception.

Documented the new org.forgerock.openam.ldap.secure.protocol.version advanced property for defining the protocols AM uses to connect to a secure LDAP server.

Added new REST STS configuration property, STS Instance is running as remote instance. For details, refer to REST STS configuration

Updated Authentication guide with links to WS-Federation implementation steps in Knowledge Base.

Clarified supported claims when requesting policy decisions.

Added a table to list the certificates used in SAML 2.0 flows with their corresponding secret mappings. For details, refer to Certificates and secrets.

Clarified the steps to remove an AM instance in the installation guide.

Added the default path for audit logs on Windows.

Added a note about adding urls to Valid WReply List to ensure successful WS-Federation sign-on flow.

Added Inner Tree Node capabilities and restrictions.

Corrected an error in the deployment diagram. Refer to Example deployment topology.

Updated module information to refer readers to Knowledge Base articles about certificate authentication.

Fixed a documentation error relating to OAuth 2.0 email service configuration values.

Documented authentication session state management scheme differences and concerns. For details, refer to Server-side sessions and Client-side sessions.

Updated instructions for setting CATALINA_OPTS on Windows.

Documented the setting to configure the rotatable amadmin secret cache expiry time. Refer to org.forgerock.openam.secrets.special.user.secret.refresh.seconds.

Documented the new Enabled setting for external data stores.

OPENAM-23188: Correct steps for accessing am-external in Node developer guide

OPENAM-23139: Fix links to Agent docs from AM

OPENAM-23065: Update Knowledge links to Salesforce location

OPENAM-22871: Wrong default value for STS instance is running as remote instance

OPENAM-22741: Add missing step in "Configure amr claims" procedure

OPENAM-22635: Procedure for enabling the AM reaper is incorrect

OPENAM-22515: Document Logout Webhook key WebhookEventType

OPENAM-22449: Add Combined MFA Registration node to 7.3.x documentation

OPENAM-22327: Remove mention of Internet Explorer from AM docs

OPENAM-22254: Update browser support table for WebAuthn

OPENAM-22207: List HiddenValueCallback as interactive not read-only

OPENAM-22099: Remove misleading information about unsupported custom callbacks

OPENAM-22078: Update OATH Device Storage node

OPENAM-22045: Correct default log level

OPENAM-21935: Document the maximum JWT token liftime accepted by AM

OPENAM-21851: Clarify use of Single SignOn Service setting for the IdP

OPENAM-21650: Update base DN for AM configuration data

OPENAM-21051: Update logger names with new format

OPENAM-20987: Document OAuth 2.0 provider setting Allow Client Credentials in Token Endpoint Query Parameters

OPENAM-20673: Clarify device reset with WebAuthn

OPENAM-19899: Remove all instances of /UI/login

OPENAM-19575: Correct algorithm statement for /oauth2/connect/jwk_uri

OPENAM-19533: Remove unnecessary images from install steps

OPENAM-18598: Clarify account linking in Social Provider Handler node documentation

AME-25154: Update the CATALINA_OPTS in setenv.bat for Windows

OPENAM-21851: Clarify use of Single SignOn Service setting for the IdP

OPENAM-21699: Fix example for authenticating to specific services

OPENAM-21620: Node development: Improve and correct Node class documentation

OPENAM-21580: Improve documentation on updating OAuth 2.0 clients

OPENAM-21579: Java keystores require ASCII passwords

OPENAM-21573: Amster upgrade documentation description contains an error

OPENAM-21383: Instructions to download the UI source code are out of date

OPENAM-21344: Update profile data scripting examples with try-catch blocks

OPENAM-21254: Complete note in Invalidate all sessions for a user section

OPENAM-21051: Update logger name and review debug logging page

OPENAM-21048: Error in Device Profile Collector node documentation

OPENAM-20925: Inaccurate documentation on CTS tuning

OPENAM-20911: Corewrapper object no longer accessible in authentication nodes

OPENAM-20909: Align multi-version release notes with content of previous versions

OPENAM-20906: Artifact changes in AM 7.3 aren’t documented in Release Notes

OPENAM-20903: Clarify audit filtering example

OPENAM-20870: Access token script API is incomplete

OPENAM-20835: Explain the SESSION_BLACKLIST token that exists for client-side authentication sessions

OPENAM-20666: Caution against duplicate OIDC ACR mappings

OPENAM-20591: Prevent ClassNotFoundException when removing click-* jars

OPENAM-20522: State that Sector Identifier URI is needed for Pairwise OAuth2Client profile

OPENAM-20311: Document AM property for LDAPS protocol

OPENAM-20038: Document which URLs for REST STS are made locally/remotely

OPENAM-19215: Missing documentation for WS Federation in Admin guide

OPENAM-19214: Authorization guide: Clarify supported claims in requesting policy decisions

OPENAM-19149: Clarify SAML certificates and secrets usage

OPENAM-18606: The documentation to remove an AM instance is misleading

OPENAM-18495: Provide details of each audit log event name in the AM documentation

OPENAM-18468: Maintenance guide: Update config store connection pool values

OPENAM-18099: Explanation of rawProfile information and mappings

OPENAM-18092: Provide better explanation on default Social Identity Provider configuration

OPENAM-18078: Review documentation on endpoints

OPENAM-17906: State default path for audit logs on windows

OPENAM-17580: Document configuration settings needed for AM 6.5.3+ for WS-Federation token issuer endpoints

OPENAM-17535: Authorization guide: Building the sample plugin is showing outdated info

OPENAM-16325: Inner Tree node capabilities and restrictions

OPENAM-16311: Rework transactional authorization over REST

OPENAM-16191: Deployment images lost accuracy between release 13.5 and 6

OPENAM-15083: Certificate Auth module needs detailed documentation

Removed instructions on using deprecated chains and modules to set up push authentication. Use authentication trees instead, as described in Push authentication journeys.

Updated the format of these release notes to list cumulative changes, instead of reflecting only the changes for the current release.

Clarified that AM truncates sequences of whitespace with a single whitespace when creating SAML v2.0 values such as entity IDs.

Removed use of deprecated with method from Scripted decision node API callbacks.

Documented new Use mixed case for password change messages property for the LDAP Decision node.

Added missing HTTP connector settings to WildFly setup instructions.

Updated information about --acceptLicense parameter in the Set up administration tools steps.

Removed access token from header in call to /oauth2/connect/endSession.

Documented how to mark configuration properties as passwords in the Node development guide.

Improved documentation for dynamic client registration.

Improved description of the Transformation Script field for the Social Provider Handler node.

Documented how to use the amupgrade tool to upgrade configuration.

Improved navigation of the authentication nodes configuration reference.

Clarified that the ForgeRock Authenticator app supports JPEG and PNG image formats.

Clarified location of setenv script in the Evaluation guide.

Updated installation and deployment graphics to show less complex DS installations.

Described the role of the Latest Access Time Update Frequency property in session management.

OPENAM-22207: List HiddenValueCallback as interactive not read-only

OPENAM-22099: Remove misleading information about unsupported custom callbacks

OPENAM-22065: Fix Knowledge Base link in documentation

OPENAM-21851: Clarify use of Single SignOn Service setting for the IdP

OPENAM-21815: Clarify how transient state is removed after next callback

OPENAM-21383: Instructions to download the UI source code are out of date

OPENAM-21071: Add more information for LDAP availability (KeepAlive) changes

OPENAM-21048: Error in Device Profile Collector node documentation

OPENAM-20929: Switch to multi-version release notes

OPENAM-20835: Explain the SESSION_BLACKLIST token that exists for client-side authentication sessions

OPENAM-20591: Prevent ClassNotFoundException when removing click-* jars

OPENAM-20522: State that Sector Identifier URI is needed for Pairwise OAuth2Client profile

OPENAM-20311: Document AM property for LDAPS protocol

OPENAM-19215: Missing documentation for WS Federation in Admin guide

OPENAM-19214: Authorization Guide: Clarify supported claims in Requesting Policy Decisions

OPENAM-19149: Clarify SAML certificates and secrets usage

OPENAM-18606: The documentation to remove an AM instance is misleading

OPENAM-18468: Maintenance guide: Update config store connection pool values

OPENAM-18099: Explanation of rawProfile information and mappings

OPENAM-17580: Document configuration settings needed for AM 6.5.3+ for WS-Federation token issuer endpoints

OPENAM-17535: Authorization guide: Building the sample plugin is showing outdated info

OPENAM-16325: Inner Tree node capabilities and restrictions

OPENAM-15083: Certificate Auth module needs detailed documentation

Updated Changes in AM 7.2.x with changes to the TreeContext class.

Documented the advanced server properties that determine search settings for keepalive and availability checks. For details, refer to Advanced properties.

Documented the evalThreadSize setting as a tuning parameter for policy evaluation. For details, refer to Policy evaluation settings.

Fixed an error in the Pass-through authentication node documentation.

Noted that the JavaScript origins property of an OAuth 2.0 client does not support non-standard headers.

Clarified that SAML assertions must be signed when using HTTP-POST.

Updated the JVM monitoring metrics.

Clarified the use of the auditEntryDetail for the scripted decision node.

Clarified that Transactional authorization does not trigger account lockout.

Fixed an error in the UI customization documentation.

Updated the documentation on configuring JBoss and WildFly.

Updated the documentation on the validateGoto endpoint.

Indicated that /pingam/7.2/oidc1-guide/oidc-additional-use-cases.html[using ID tokens as session tokens] requires specific privileges.

Improved the social authentication documentation.

Updated the documentation on stateless session upgrade.

Updated the Choice Collector node documentation to clarify that the default choice is the first in the list if no default choice is specified.

Recommended the removal of the velocity-1.7.jar library after install or upgrade.

Added a step to the instructions on building custom nodes.

Added Logback.jsp logger names to the Debug logging documentation.

Cautioned that host-based cookies should be used for security reasons (Securing the Session Cookie)

Changed the default expiry time of server-side agent sessions (com.iplanet.am.session.agentSessionIdleTime)

Updated docs to indicate that the failureUrl is not included in REST responses if it is empty

Clarified SAML certificates and secrets usage

Clarified supported claims when requesting policy decisions over REST

Fixed an error in the Device Profile Collector node docs

Documented settings for WS-Federation token issuer endpoints (Federation Authentication Module)

Added Inner Tree Node capabilities and restrictions

Documented AM property for LDAPS protocol org.forgerock.openam.ldap.secure.protocol.version)

Advised that changes to Authentication Naming Attribute after setup require existing identities to be updated

Enhanced the documentation of the Provision Dynamic Account node

Advised administrators to increase DS search limits for large numbers of SAML entities SAML Deployment Considerations)

Documented evalThreadSize setting as tuning parameter for policy evaluation

Clarified that SAML assertion must be signed when using HTTP-POST

Clarified use of auditEntryDetail for scripted decision node

Added missing HTTP connector setting to JBoss setup instructions

Updated instructions on validating a goto URL

Enhanced the documentation on the LDAP availability / KeepAlive changes, new in 7.1.3

Removed incorrect wording about namespaces in the node development docs

Noted that the JavaScript Origins property of an OAuth2 client does not support non-standard headers

Creating a SAML2 entity with a double space results in SAML2 entity with a single space

Updated Changes in AM 7.1.x with changes to the TreeContext class

Updated the upgrade instructions with information on custom server default properties

Updated Changes in AM 7.1.x with changes to the TreeContext class.

Added the org.forgerock.openam.introspect.token.query.param.allowed advanced server property.

Added the org.forgerock.openam.ldap.dncache.expire.time advanced server property, which sets the DN cache timeout.

Updated the OATH Registration node and Push Registration node documentation for the customizable QR code message.

Updated the Remote consent documentation to describe the new JWKs URI.

Clarified the limitation on using ID tokens as access tokens. For details, refer to Additional Use Cases for ID Tokens.

Improved the logback documentation.

Updated the documentation on scripted policy conditions.

Documented the crypto settings in the IDM Provisioning service.

Added information on specifying remote entity encryption methods.

Added subject and body to the OTP Email Sender Node and OTP SMS Sender Node.

Added guidance on naming custom nodes.

Corrected an error in the ForceAuth documentation for authentication trees.

Corrected an error in the OIDC hybrid flow documentation.

Described how to customize account lockout messages.

Updated the documentation on custom post-authentication plugin hooks.

Updated the documentation on the OAuth2 Device flow.

Add information on overriding and customizing OIDC claims scripts.

Clarified change to CORS filter configuration from AM 7 onwards.

Documented the nonProxyHosts advanced server property for HTTP client connections.

Added guidance on protecting user profile attributes.

Updated Multi-Factor Authentication Nodes with details of the OATH nodes that replicate the existing OATH module functionality:

Updated the examples in the Accessing Shared State Data section.

Added documentation in Supported Callbacks about the following callbacks:

Updated the Preparing for Development section to specify that you must include a nodeDescription property in nodes to ensure that they appear in the authentication tree designer.

Improved the procedure on mapping files in file system secret volumes to add more detail about how to encrypt and create filesystem-based secrets.

Updated the Directory Server Requirements to indicate that DS 5.+ is required as External Directory Server for 7.1.+.

Updated Changes in AM 7.0.x with changes to the TreeContext class.

Indicated that scripts should be upgraded as part of the upgrade process.

Improved the documentation about the request parameter of the /oauth2/authorize endpoint.

Noted support for Internet Explorer 11 ends August 17, 2021, in alignment with the announcement from Microsoft ending support for Internet Explorer 11.

Updated Session Upgrade documentation to clarify that the ForceAuth parameter used with an authentication tree causes AM to issue a new session token, regardless of the security requirements.

Updated the Supported Upgrade Paths section to remove the upgrade from OpenAM 13.X and add upgrade path from AM 7.x.

Added a new section, Managing the Secure Cookie Filter.

Removed information about Oracle Weblogic from the installation guide as it is not supported in this version.

Added a new section, OAuth 2.0 Scopes Policy Script API Functionality.

Updated the Scripting Environment documentation to show how to obtain the Groovy and JavaScript engine version that AM is using.

As part of hardening the security around the SAML v2.0 implementation that occurred in AM 7, the URLs specified in the Assertion Consumer Service must exactly match the SP’s scheme, FQDN, and port.

Added a new section, Setting Session Properties.

Added documentation on Adding Audit Information.

Improved the documentation on Tuning Authentication Node/Module LDAP Connections.

Added information on determining if an existing session is present before using the Get Session Data Node.

Added information on configuring the public key or HMAC secret in Authenticating Clients Using JWT Profiles.

Added information on using the ssoadm command with secure connections in Setting Up Administration Tools.

Updated Web or Java Agents SSO and SLO with Java Agent 5.7 and Web Agent 5.7 properties.

Updated JVM tuning properties.

Documented commands to export policy and application store LDIF files.

Clarified documentation on OAuth 2.0 JWK URI cache settings in To Create and Configure a Client Profile.

Clarified documentation on SAML v2.0 hosted SP attribute map in Hosted Service Provider Configuration Properties.

Corrected the Device Tampering Verification documentation to indicate that the device determines the score, rather than the node or the ForgeRock SDKs.

Updated how to create an HTTPS connector for Tomcat in Configuring AM’s Container for HTTPS.

Corrected the account mapper classes in Example: Protecting a Web Site With OAuth 2.0.

Added documentation about HTTP options when configuring a JVM proxy in front of AM in Preparing the Environment.

Updated the Linking Identities Automatically with Auto-Federation section to use the new UI.

Corrected the user required to perform policy evaluation with REST in To Evaluate a Policy.

Corrected the procedure on SAML v2.0 chains, in Linking Identities by Using Authentication Trees or Chains.