Our application is currently using the SDK 0.0.4. I understand that it will be “retired” in about one year from now (2019-04-09). Does this mean that the service will continue to work until that date and cease working after? I’m just trying to understand how urgently we need to migrate.
Which SDK are you referring to? We have several for different languages (e.g., Java, .NET, Node.js, etc.).
I’m assuming you’re referring to our Java management SDK, which is indeed retiring v0.0.4 in April 2019.
The SDK will continue to work! Nothing changes there. The retirement notice is purely in terms of support and maintenance on our side. After that time, we will not be publishing any more minor or bugfix updates for the 0.x series. We recommend upgrading to the 1.x series so you can stay up to date with fixes and new features.
Hope that makes sense. Let me know if I can clarify further.
Thank you, that does help. Yes, I’m talking about the Java SDK. I’m picking up responsibility for an application whose creator is no longer with the company, so I apologize if these questions seem naïve.
Now, I also read that Okta stopped supporting TLS versions below 1.2 on August 1 of this year. I’m trying to evaluate whether I need do anything about it, and whether the version of Java SDK matters. Users of our service are redirected to our own IAM service for authentication. I think this service acts like a proxy communicating to Okta to verify authentication.
Fact 1, Our service is up and running now and people are able to use it.
Fact 2, When I disable TLS 1.2 on my browser and enable TLS 1.1, our IAM service rejects requests before even trying Okta. I think this means our own web server is set to use TLS 1.2 already. When I reenable 1.2, all is well.
Assuming Okta did stop supporting TLS 1.2 on August 1, AND our service is communicating with Okta just fine (Fact 1)…Does this mean we do not need to migrate anything in our application? Or is there some bomb waiting to go off in the future?
I’d appreciate any clarification or advice you can provide.
@dmilani Makes sense. I doubt there is any bomb ticking in your application.
You could double check by creating a free developer account at http://developer.okta.com/signup and trying your IAM service (+ Java SDK) with that. New accounts are always created with TLS 1.2 on, so that would be a good test.
Let me know if you have any other questions!