IDM 7.2.2

Fixed issues

IDM 7.2.2

The following important bugs were fixed in this release:

  • OPENIDM-16906: Sample audit jdbc causes increasing flow of exceptions

  • OPENIDM-18238: Clustered recon: schedule creation in response to orphaned job may incorrectly propagate source pages, resulting in hung recon

  • OPENIDM-18360: One-to-many relationship not enforced when delegated admin has no openidm-admin role

  • OPENIDM-18388: ClusteredReconWatchdog will incorrectly schedule sourcePageCompletionCheck jobs for a reconById recon running against a mapping configured for clustered recon

  • OPENIDM-18544: AD user with a manager cannot update manager in IDM

  • OPENIDM-18625: Top-level router contains route to empty subrouter on route deregistration

  • OPENIDM-18807: IDM sample "Provision user with workflow" is not working as expected

  • OPENIDM-18875: Incorrect behavior in handling variables in workflow subprocesses

  • OPENIDM-18895: ManagedObjectSet patch contract lacks proper MVCC retry

IDM 7.2.1

The following important bugs were fixed in this release:

  • OPENIDM-18153: Throw statement truncates user-defined exception

  • OPENIDM-18123: Correctly load scripts that use ISO 8859-1 encoding

  • OPENIDM-18067: SourcePageToken equals, toString, and hashCode incomplete

  • OPENIDM-18066: NPE getting a schedule for a job

  • OPENIDM-17980: Inconsistent Policy Validation message on Admin UI for some policyId’s

  • OPENIDM-17924: Conditional policy, with required policyId, modifies the schema

  • OPENIDM-17876: Query filter editor incorrectly removes double quotes from all properties that aren’t of type "string"

  • OPENIDM-17531: Conditional policy is not enforced for patch remove

IDM 7.2.0

The following important bugs were fixed in this release:

  • OPENIDM-17858: Deferred Trigger JobCompletion never completes when Trigger NOT_FOUND

  • OPENIDM-17856: Possible multiple X-Not-Modified headers appended to response

  • OPENIDM-17836: ObjectMapping constructor exception on startup

  • OPENIDM-17802: Inconsistent display with viewable option for managed object creation on Admin UI

  • OPENIDM-17792: 7.1 doesn’t start on M1 mac

  • OPENIDM-17790: In samples/audit-jdbc, the column for response_detail is missing from the sample files.

  • OPENIDM-17783: ReconProgressState culling should occur for reconById invocations if amendAssociation not specified

  • OPENIDM-17773: Delete operations fail with DB2 repository

  • OPENIDM-17766: Some variables are undefined when triggering "Sample source preview" in mapping

  • OPENIDM-17750: From field not allowing saving email address with multiple "domains" after the @

  • OPENIDM-17743: With dynamic roles enabled, using social provider login results in a return to the login page

  • OPENIDM-17720: Missing ldapAttribute in repo.ds.json properties configuration causes nullPointer when using fieldPolicy with failed patch

  • OPENIDM-17707: The Connector UI "Object Classes to Synchronize" parameter is storing values incorrectly

  • OPENIDM-17692: Audit handlers in IDM do not use any of the filterPolicies configuration documented

  • OPENIDM-17687: Admin UI updates manager relationship using only the _ref field

  • OPENIDM-17664: Adding whitespace in BaseDN results in invalid configuration

  • OPENIDM-17591: NPE when creating object with null value for singleton relationship

  • OPENIDM-17582: Generic Add Connector template incorrectly sets enabled boolean to string value

  • OPENIDM-17555: Attempting to write certain data to the audit logs on a SQL DB results in a retry-loop event.

  • OPENIDM-17535: IDM stack releases that include bundled connectors should continue to work with existing provisioner configuration

  • OPENIDM-17532: Unable to access to audit data using auditdb connector

  • OPENIDM-17521: PUT on managed user with conditional grant returns alternating responses

  • OPENIDM-17513: Multi-column index on DB2 should be replaced by multiple single-column indexes

  • OPENIDM-17498: LiveSync stops working with RCS

  • OPENIDM-17475: CSV Import fails for the very first time in a newly deployed IDM cluster

  • OPENIDM-17436: Recon fails due to PreconditionFailedException when updating interim recon progress state

  • OPENIDM-17435: Update scripted-powershell-with-ad sample to fix memory leak

  • OPENIDM-17428: SCIM connector: httpProxyUsername and httpProxyPassword missing in sample provisioner

  • OPENIDM-17423: ScriptedREST Connector sample: import org.identityconnectors.common.security.SecurityUtil is missing

  • OPENIDM-17414: flattenProperties is removed from managed.json after saving changes

  • OPENIDM-17405: temporalConstraints behavior with DS different when the object is mapped for generic vs. explicit

  • OPENIDM-17388: Relationship Properties label is invisible due to white font

  • OPENIDM-17367: target phase run for reconById when using clustered recon

  • OPENIDM-17306: Nullable boolean variables are set to false

  • OPENIDM-17254: handleSignalVertexUpdateFromEdge MVCC retry semantics lack virtual property constitution

  • OPENIDM-17204: Improve IDM REST API query performance

  • OPENIDM-17198: REST calls without Accept-API-Version header sometimes get 2 Warning headers back

  • OPENIDM-17195: Change password button disabled state is inverted

  • OPENIDM-17164: Conditional on rdvp relationships not being consistently removed on grantee update

  • OPENIDM-17138: JsonValueException thrown when using Social providers Authentication

  • OPENIDM-17133: JsonValueException thrown when using Passthrough Authentication

  • OPENIDM-17092: Conditional grants processing differently for grantor vs. grantee operations

  • OPENIDM-17076: Migration service not fully ready after create on the config endpoint when using waitForCompletion=true

  • OPENIDM-17071: NullPointerException with augmentSecurityContext

  • OPENIDM-17065: Return idm_sync_queue_failed error in Prometheus when an implicit sync fails

  • OPENIDM-17048: Incorrect label for LDAP server type in IDM Admin UI

  • OPENIDM-17007: Patch to selfservice to update KBA questions does not allow for custom questions with all non-word characters

  • OPENIDM-17002: Can’t tune hash settings from openidm.hash script invocations

  • OPENIDM-16987: Recon operation fails with NPE when dynamic link qualifiers and link pre-fetching are enabled

  • OPENIDM-16978: Neither clustered, nor non-clustered recon updates persisted ReconProgressState when target phase starts

  • OPENIDM-16969: Adding incorrect type to managed attribute expecting a map results in 500 error

  • OPENIDM-16931: SynchronizationException caught on clustered recon node not propagated to other nodes

  • OPENIDM-16929: Values of relationship properties lost when updating another relationship property on the same object

  • OPENIDM-16920: base contexts and base contexts to synchronize not properly compared

  • OPENIDM-16887: Tag not closed on Native UI for scripted rest connector "/button"

  • OPENIDM-16871: RDVPs not updated when allowed API request to modify edge is performed

  • OPENIDM-16866: Setting managed/user/roles schema to returnByDefault = true breaks password tab in user edit page

  • OPENIDM-16864: IDM Admin UI 'Help ?' links are broken

  • OPENIDM-16836: Releasing acquired triggers in RepoJobStore shutdown causes Quartz NPE when job/trigger next executed

  • OPENIDM-16819: Scheduler Service may execute before scheduled service is ready

  • OPENIDM-16816: Node added to cluster causes recon exceptions

  • OPENIDM-16810: SCIM sample provisioner: bad format for maximumConnections

  • OPENIDM-16809: Config changes are not always ready after using waitForCompletion

  • OPENIDM-16808: connectionTimeout is string instead of integer in Oracle repo sample config

  • OPENIDM-16774: Provide full details of schedules in the IDM admin UI

  • OPENIDM-16771: Updating managed/user property from the EndUserUI fails with policy validation error if there are Required relationships

  • OPENIDM-16748: Clustered recon: target phase can run during first source page if page size only slightly less than total number of entries reconciled

  • OPENIDM-16731: Bulk import - user gets updated when imported twice

  • OPENIDM-16727: Admin UI displays object relationships incorrectly when uninitialised virtual property is present

  • OPENIDM-16725: managed.json updated incorrectly when relationship property is modified in the UI

  • OPENIDM-16696: Failing to load a CA-signed certificate due to restrictive KeyUsage constraints in the certificates themselves

  • OPENIDM-16687: Improve error handling when creating managed object with an invalid condition

  • OPENIDM-16678: Clustered recon fails with "Schedule does not exist"

  • OPENIDM-16677: Cannot retrieve entries from /recon endpoint when using DS as a repo if reconprogressstate size exceeds index limits

  • OPENIDM-16641: UI: Legacy Admin - config logic field "deleteQueryConfig" is leaking into UI generated managed config

  • OPENIDM-16640: Updated relationship properties are no longer available to property onRetrieve hooks after object onUpdate

  • OPENIDM-16633: OpenIDM fails to start with custom properties on Windows

  • OPENIDM-16607: If deletion of the previous recon data under ou=assoc fails the data is never cleaned up

  • OPENIDM-16581: DS maximum entry size exceeded when writing target ids corresponding to source ids for large page sizes in clustered recon

  • OPENIDM-16571: default truststore doesn’t include root cert required for MS Graph API Connector

  • OPENIDM-16567: Workflow: store task complete variables in process

  • OPENIDM-16565: NPE when querying report/audit/* endpoint

  • OPENIDM-16557: managedUserLink is in docs and samples for PASSTHROUGH authn but is not used

  • OPENIDM-16545: Custom endpoint API Descriptor not being loaded

  • OPENIDM-16530: Concurrent Modification Exception serializing VertexTraversalContext

  • OPENIDM-16519: QueryFilters on reference properties do not work with ds as a repo

  • OPENIDM-16510: Delegated Admin UI cannot demote owner/admin from org

  • OPENIDM-16484: Error when accessing managed user object that has relationship to itself

  • OPENIDM-16479: Privileges not displayed when user authenticates with certificate

  • OPENIDM-16478: Environment Variables do not get parsed when added to managed.json

  • OPENIDM-16472: Relationship properties sent to repo as part of defaultPostMapping patch

  • OPENIDM-16452: Explicitly mapped boolean fields return as Strings in JSON payloads

  • OPENIDM-16449: End User UI allows DA to perform operations that are disallowed by Admin UI on “relationship” type attributes

  • OPENIDM-16444: Content-API-Version header does not appear in REST call in IDM 7.0.1

  • OPENIDM-16424: UI does not save changes to "Action to perform after retry attempts"

  • OPENIDM-16420: The valid-email-address-format policy requires refinement

  • OPENIDM-16414: Re-installing bundles via Felix webconsole generates errors/stacktraces on console

  • OPENIDM-16386: Inconsistent policy evaluation between replace and add no-op PATCH requests

  • OPENIDM-16379: Removing values from a multi-valued managed/user property fails with policy validation error if the property is set to Required

  • OPENIDM-16377: PATCH operations fail with unmapped fields on explicit repos under certain conditions

  • OPENIDM-16335: NPE on org model children endpoint when making a request that contains an error

  • OPENIDM-16296: Intermittent failure to parse timestamp when querying the report/audit endpoint

  • OPENIDM-16290: DA: Resulting privileges calculated incorrectly if object update modifies the qualifying attribute

  • OPENIDM-16238: Deadlock on IDM shutdown

  • OPENIDM-16233: Percent encoded slashes are NOT FOUND while running RECON using changelog

  • OPENIDM-16081: Prevent users saving managed objects with invalid names

  • OPENIDM-15975: Multi-column index on Postgresql should be replaced by multiple single-column indexes

  • OPENIDM-15932: Blank Page shown for Admin UI Login-in Page in IE11

  • OPENIDM-15911: Dropwizard Table with Graph causing unexpected behavior in the Admin UI

  • OPENIDM-15905: socialUserClaim endpoint to support a hashed password

  • OPENIDM-15843: RouterAuditEventHandler groovy script throws an error when trying to write out Scheduler events to activity audit.

  • OPENIDM-15792: Selfservice registration submits input as string for boolean attribute

  • OPENIDM-15670: Workflow Invocation Does Not Work with Platform Enduser UI 7.0 in AM/IDM Integrated deployments

  • OPENIDM-15511: IDM Admin console - Paging controls in managed objects are disabled

  • OPENIDM-15050: Please add SchemaScript.groovy to audit-jdbc sample

  • OPENIDM-14666: SCIM connector cannot be configured through the UI

  • OPENIDM-11765: Warnings on startup with Java 11