ICF 1.5.20.21

ICF release notes

These release notes cover the ICF releases that are supported in a deployment of ForgeRock Identity Management, Remote Connector Server (RCS), or ForgeRock Identity Cloud.

Recent updates
Version Product Date

1.5.20.21

2024/03/19

1.5.20.20

2024/02/06

1.5.20.19

2023/11/17

1.5.20.18

2023/11/17

1.5.20.17

2023/09/07

1.5.20.16

2023/08/02

1.5.20.15

2023/05/12

1.5.20.14

2023/03/20

1.5.7.0

2023/02/02

1.5.20.12

2022/12/09

1.5.20.11

2022/11/01

1.5.20.9

2022/09/09

1.5.20.8

2022/08/08

1.5.20.7

2022/06/06

1.5.20.6

2022/05/05

1.5.20.5

2022/02/14

1.5.20.4

2021/12/08

1.5.20.3

2021/11/22

1.5.20.2

2021/07/27

1.5.20.1

2021/05/28

1.5.20.0

2021/04/16

1.5.19.6

2021/02/26

1.5.19.5

2021/02/12

1.5.19.4

2021/01/22

1.5.19.3

2020/12/13

1.5.19.2

2020/11/30

1.5.19.1

2020/11/18

1.5.19.0

2020/10/20

1.5.18.0

2020/09/14
IDM support

The releases listed in this document cover the connector releases since ICF 1.5.18.0. In most cases, these releases are backwards compatible with previous versions of IDM. Check the IDM / ICF Compatibility Matrix for your version of IDM for compatibility before installing a new version of a connector.

This document does not describe all ICF connectors. Additional connectors are available from the ForgeRock BackStage download site. If a connector release is listed here, but is not yet on the site, contact ForgeRock Support for access.

ForgeRock Identity Platform™ serves as the basis for our simple and comprehensive Identity and Access Management solution. We help our customers deepen their relationships with their customers, and improve the productivity and connectivity of their employees and partners. For more information about ForgeRock and about the platform, see https://www.forgerock.com.

The ForgeRock Common REST API works across the platform to provide common ways to access web resources and collections of resources.

Connector release notes

Refer to Connector framework release notes for details regarding any changes to the ICF Connector Framework that can affect connector behavior.

All updated connectors can include security, formatting, and other internal-facing fixes.

1.5.20.21

Updated connectors with change details

Dropbox connector

  • OPENICF-2664: SaaS Client Initializer should not automatically add default HTTP headers

  • OPENICF-2655: Logging levels in use by generated connector class are too verbose

Google Apps connector

  • OPENICF-2617: Deprecate __SECONDARY_EMAIL__ in favor of __SECONDARY_EMAILS__ attribute

LDAP connector

  • OPENICF-2544: LiveSync timestamp strategy may lose changes when remote handler returns false

PingOne connector

  • OPENICF-2507: Initial release of the PingOne connector. Refer to PingOne connector for more information.

SAP connector

  • OPENICF-2410: Additional attributes in the Profile Object Type

  • OPENICF-2411: Additional attributes in the Activity Groups Object Type

Scripted REST connector

  • OPENICF-1917: Support for throttling

Webex Connector

  • OPENICF-2047: Initial release of the Webex connector. Refer to Webex Connector for more information.

Updated connectors without change details

Connectors without change details can include security, formatting, and other internal-facing fixes.

  • AWS connector

  • Epic connector

  • Kerberos connector

1.5.20.20

Updated connectors with change details

Database Table connector

  • OPENICF-2606: Schema is unnecessarily regenerated for every operation.

Google Apps connector

  • OPENICF-2194: PATCH remove operation doesn’t update the object when both the field and value are provided.

  • OPENICF-2351: Include 503 errors in the retry logic for GoogleApps connector.

  • OPENICF-2490: Requests hang if the Google Admin SDK API has not been enabled within the configured Google Project.

Microsoft Graph API connector

  • OPENICF-2593: Upgrade azure-identity dependency to latest version.

Salesforce connector

  • OPENICF-2626: A duplicate header sent by the connector prevents successful OAuth flow.

SCIM connector

  • OPENICF-2575: Running liveSync for object classes other than the Account object results in an error.

  • OPENICF-2601: Inject common attributes within dynamically generated schemas for all resource types.

Updated connectors without change details

Connectors without change details can include security, formatting, and other internal-facing fixes.

  • Adobe Marketing Cloud connector

  • Marketo connector

  • ScriptedREST connector

  • ScriptedSQL connector

1.5.20.19

Updated connectors with change details

SCIM connector

  • OPENICF-1296: HTTP Status and Error Response Handling.

  • OPENICF-2574: Authorization header contains an extra space which breaks client_credentials flow.

  • OPENICF-2579: TestOp should catch all exceptions thrown by the initial attempt to read the alternate ServiceProviderConfig endpoint.

Updated connectors without change details

Connectors without change details can include security, formatting, and other internal-facing fixes.

  • Microsoft Graph API connector

1.5.20.18

Updated connectors with change details

Dropbox connector

  • OPENICF-2354 Missing property messages.

Google Apps connector

  • OPENICF-2487 License assignment account attribute should be an array of strings.

LDAP connector

  • OPENICF-2296: Bad IP address for the LDAP host should be caught, and a 503 error code should be returned by IDM.

  • OPENICF-2401: queryFilter true or false against isActive attribute returns all results.

  • OPENICF-2526: Specify a negative offset (in seconds) to be applied to the timestamp token when querying for changes on the remote LDAP server using the timestampSyncOffset configuration property.

  • OPENICF-2555: Ability to define custom octet string attributes using the customOctetStringAttributes configuration property.

Microsoft Graph API connector

  • OPENICF-2006: Clicking on Azure AD connector for the first time throws a 500 error.

  • OPENICF-2027: Support single quotation marks in query filters.

  • OPENICF-2140: Info level logging is overused for this connector.

Salesforce connector

  • OPENICF-1527: Returns a generic ConnectorException 'Error: 400' on expired/revoked refresh_token.

  • OPENICF-2246: Implement support for Client Credentials Grant type. Refer to Configure the Salesforce connector.

  • OPENICF-2266: User schema is not cached.

  • OPENICF-2505: createFullConfig NPEs when supportedObjectTypes contains FeatureLicense.

SAP connector

  • OPENICF-2371: Scripts for SAP HR searching and filtering.

  • OPENICF-2465: Prevent activity group assignment from being deleted when the assignment is end-dated.

  • OPENICF-2480: SAP Central User Administration (CUA) support.

SAP HANA Database connector

Initial release of the SAP HANA Database connector. Refer to SAP HANA Database connector for more information.

  • OPENICF-2368: SAP HANA Database connector.

SCIM connector

  • OPENICF-1528: Salesforce returns a generic ConnectorException 'Error: 400' on expired/revoked refresh_token.

  • OPENICF-2472: access_token validation checked on issued_at claim instead of expires_in for refresh_token grant.

  • OPENICF-2500: Extension attributes not flattened when converted to ConnectorObject.

  • OPENICF-2504: Map JSON integer type to Java Long.

Updated connectors without change details

Connectors without change details can include security, formatting, and other internal-facing fixes.

  • Adobe Marketing Cloud connector

  • AS400 connector

  • AWS connector

  • Box connector

  • Cerner connector

  • CSV connector

  • Database Table connector

  • DocuSign connector

  • Epic connector

  • GCP connector

  • HubSpot connector

  • IBM RACF connector

  • Oracle EBS connector

  • Peoplesoft connector

  • SAP S/4HANA connector

  • SAP SuccessFactors connector

  • ScriptedREST connector

  • ScriptedSQL connector

  • ServiceNow connector

  • Workday connector

1.5.20.17

Database Table Connector

No public changes were made specific to this connector, though a new version was released.

Microsoft Graph API Connector

No public changes were made specific to this connector, though a new version was released.

Oracle EBS connector

No public changes were made specific to this connector, though a new version was released.

Salesforce connector

  • OPENICF-1723: Clarify usage of proxyUri configuration property

SCIM connector

  • OPENICF-900: Implement the /Schemas endpoint discovery

  • OPENICF-2297: Roles attribute should be a list of Strings, not a list of Objects

  • OPENICF-2482: Dynamic schema does not default to static schema on all exceptions

  • OPENICF-2483: Creating a user with special attributes fails with dynamically generated schema

  • OPENICF-2484: PUT w/schemas attribute fails for Providers that support Patch

  • OPENICF-2448: HTTP Client fails to handle OAuth errors

  • OPENICF-2453: Persist optional refresh_token issued upon successful access_token renewal

ScriptedSQL Connector

No public changes were made specific to this connector, though a new version was released.

1.5.20.16

Dropbox connector

No public changes were made specific to this connector, though a new version was released.

DocuSign connector

No public changes were made specific to this connector, though a new version was released.

Google Apps connector

  • OPENICF-2356: GoogleApps Connector doesn’t allow listing of licenses

Groovy connector toolkit

  • OPENICF-2394: Align Scripted Connector templates

HubSpot connector

No public changes were made specific to this connector, though a new version was released.

Kerberos Apps connector

  • OPENICF-2400: Kerberos Search operation logs incorrect operation type

  • OPENICF-2394: Align Scripted Connector templates

Marketo Connector

  • OPENICF-2394: Align Scripted Connector templates

Microsoft Graph API connector

  • OPENICF-2355: MSGraphAPI Connector doesn’t support assigning servicePlans to an Azure user

MongoDB Connector

  • OPENICF-2394: Align Scripted Connector templates

Salesforce connector

  • OPENICF-2357: Salesforce Connector doesn’t allow listing of licenses

SAP connector

  • OPENICF-2035: SAP Account Object Type attributes

  • OPENICF-2036: SAP Role Object Type Attributes

  • OPENICF-2037: SAP UM Profile Object Type Attributes

  • OPENICF-2292: Group Object Type attributes

  • OPENICF-2350: R3 script uses deprecated methods to parse date

  • OPENICF-2360: NPE getting SAP configuration

  • OPENICF-2377: Active Group memberships should not sync activity group name

  • OPENICF-2379: Should not retrieve, display, or allow manipulation of password hashing attributes

  • OPENICF-2386: Router should not be a required attribute

  • OPENICF-2388: Must throw an error upon user create/update/delete error

  • OPENICF-2394: Align Scripted Connector templates

  • OPENICF-2397: Add pagination

  • OPENICF-2419: Timestamp filtering support

  • OPENICF-2432: Default location for the ScriptRoots is incorrect

  • OPENICF-2435: Respect boolean response from search result handler

  • OPENICF-2452: Filter CODVN, CODVC, and CODVS from User LOGONDATA

  • OPENICF-2459: Query with _queryFilter=true no longer returns full user object

ScriptedREST Connector

  • OPENICF-2430: Search and Sync operations do not respect handler result

  • OPENICF-2394: Align Scripted Connector templates

ScriptedSQL Connector

  • OPENICF-2429: Search and Sync operations do not respect handler result

  • OPENICF-2394: Align Scripted Connector templates

SSH Connector

  • OPENICF-2394: Align Scripted Connector templates

Workday connector

  • OPENICF-2438: externalFieldAndParameterCriteria config parameter should not be set to null by default

1.5.20.15

Adobe Marketing Cloud connector

No public changes were made specific to this connector, though a new version was released.

Database Table Connector

  • OPENICF-2308: Database Table Connector - Possible regression of OPENICF-903

  • OPENICF-1987: ORA-00933 - SQL command not properly ended error using Database Table Connector

Dropbox Connector

Initial release of the Dropbox connector. Refer to Dropbox connector for more information.

  • OPENICF-2051: Dropbox connector

Microsoft Graph API connector

  • OPENICF-2306: MS Graph API Connector: Creating and updating applications with certificates fails

  • OPENICF-2269: MS Graph API Connector: Implement application role assignments

  • OPENICF-1964: MS Graph API Connector: Add the ability to handle User’s Contacts object

  • OPENICF-2315: MS Graph API Connector: otherMails attribute should be an array of strings

Salesforce connector

  • OPENICF-2343: Cannot delete a list of PermissionSetAssignments

SCIM connector

  • OPENICF-2320: SCIM Connector: totalResults is not used when query is using paging

  • OPENICF-2321: SCIM Connector: pagedResultsOffset is not used properly

  • OPENICF-2325: SCIM Connector: HTTP error 429 should have a more explicit message

  • OPENICF-2323: SCIM Connector: prevent query with sorting when the Service Provider does not accept sorting

  • OPENICF-1916: SCIM Connector: Support for throttling

ScriptedSQL Connector

No public changes were made specific to this connector, though a new version was released.

ServiceNow connector

No public changes were made specific to this connector, though a new version was released.

1.5.20.14

AS400 Connector

  • OPENICF-2236 - AS400 Connector: does not expose all the AS400ConnectionPool configuration properties

Google Apps connector

  • OPENICF-2252: GoogleApps Connector: Unable to configure connector via UI

LDAP connector

  • OPENICF-2225: LDAP Connector: syncToken nativeType to be configurable / updated - mismatch with DS type stops livesync

Marketo connector

No public changes were made specific to this connector, though a new version was released.

Microsoft Graph API connector

  • OPENICF-1976: MS Graph API Connector: Ability to create guest users

  • OPENICF-2208: MS Graph API Connector: add the ability to read "application" and "servicePrincipal" object

  • OPENICF-2238: MS Graph API Connector: unable to retrieve roles

  • OPENICF-2247: MS Graph API Connector: Query filters on collections and filters requiring advanced query parameters cause errors

  • OPENICF-2248: MS Graph API Connector: Implement role assignment and role eligibility schedules

  • OPENICF-2251: MS Graph API Connector: __ACCOUNT__ data listing fails in native console for assignedLicenses

  • OPENICF-2257: MS Graph API Connector: Clicking Role Assignment in Data tab throws a Graph API error

  • OPENICF-2267: MS Graph API Connector: Proxy -→ Java.lang.ClassCastException: class okhttp3.OkHttpClient cannot be cast to class com.azure.core.http.HttpClient (okhttp3.OkHttpClient and com.azure.core.http.HttpClient are in unnamed module of loader

  • OPENICF-2270: MS Graph API Connector: Adding API permissions to applications fails

  • OPENICF-2271: MS Graph API Connector: proxy basic auth not implemented but referenced

  • OPENICF-2275: MS Graph API Connector: Refactor connector new object handlers and UnsupportedOperationException handling

Oracle EBS connector

Initial release of the EBS connector. Refer to Oracle EBS connector for more information.

  • OPENICF-1781: EBS Connector V1.0

Peoplesoft connector

  • OPENICF-2311: PeopleSoft Connector: Remove embedded psft-2.0 and psjoa-1.0 Jar files

Salesforce connector

  • OPENICF-2176 - Salesforce Connector: Support Feature License Elements as List on User Object

SCIM connector

  • OPENICF-1922 SCIM Connector: PATCH operation should use path attribute for "add" and "replace"

  • OPENICF-2241: SCIM Connector: Service Provider Config settings don’t work for Salesforce

1.5.20.12

AS400 Connector

Initial release of the AS400 connector. Refer to AS400 connector for more information.

Google Apps connector

  • OPENICF-2192: NPE when updating LicenseAssignments through a user update

  • OPENICF-2117: Hide Alternate Emails from the schema

  • OPENICF-2195: Intermittent NPE when we try to read newly created user

LDAP connector

  • OPENICF-400: LDAP connector should be able to properly handle reading the AD tokenGroups attribute

PeopleSoft connector

  • OPENICF-2033: PeopleSoft Connector v2.0

SAP connector

  • OPENICF-2183: Exception when SAP connector is running in OpenIDM

SAP SuccessFactors connector

  • OPENICF-2007: SAP SuccessFactors v2

SCIM connector

  • OPENICF-1916: Support for throttling

  • OPENICF-2207: Ability to define Accept: and Content-Type: HTTP headers

Workday connector

  • OPENICF-2030: Connector breaks when workerID is empty when using RCS

  • OPENICF-2150: Ability to add field and parameter to the request criteria

1.5.20.11

Adobe Marketing Cloud connector

No public changes were made specific to this connector, though a new version was released.

AWS connector

No public changes were made specific to this connector, though a new version was released.

Box connector

No public changes were made specific to this connector, though a new version was released.

Cerner connector

  • OPENICF-1960: Cerner Connector v2

CSV connector

No public changes were made specific to this connector, though a new version was released.

DocuSign connector

No public changes were made specific to this connector, though a new version was released.

Epic connector

No public changes were made specific to this connector, though a new version was released.

GCP connector

Initial release of the GCP connector. Refer to Google Cloud Platform connector for more information.

  • OPENICF-1749: GCP Connector

Google Apps connector

  • OPENICF-2039: GoogleApps Connector: missing some user attributes

  • OPENICF-2040: GoogleApps Connector: Manage role attributes

  • OPENICF-2041: GoogleApps Connector: Group attributes

  • OPENICF-2064: Google Apps Connector: Query the Google Workspace instance for Licenses

  • OPENICF-2066: GoogleApps Connector: Ability to query Roles and RoleAssignments

  • OPENICF-2136: Google Apps Connector: Exponential Back off for reading google objects required

HubSpot connector

No public changes were made specific to this connector, though a new version was released.

IBM RACF connector

  • OPENICF-1762: IBM RACF API Connector

There was a previous RACF connector, which is deprecated. Users of the previous RACF connector should migrate to the new connector.
LDAP connector

  • OPENICF-1856: LDAP Connector: Assignment of static group to IDM User fails to assign it on LDAP side if user is already a member of a Dynamic Group on LDAP side

  • OPENICF-2089: LDAP Connector: ldapGroups membership does not take into account nested membership of other groups

  • OPENICF-2108: LDAP Connector: slow group membership updates with unindexed member/uniqueMember attributes in DS

  • OPENICF-2126: Assignment Issue: Managed User to DS Groups Failure to Select Target Group

Marketo connector

No public changes were made specific to this connector, though a new version was released.

Microsoft Graph API connector

  • OPENICF-2068: MSGraphAPI Connector: Implement Azure AD Directory Roles support

  • OPENICF-2088: MSGraphAPI Connector: Implement Azure AD custom role creation

PeopleSoft connector

No public changes were made specific to this connector, though a new version was released.

Salesforce connector

No public changes were made specific to this connector, though a new version was released.

SAP S/4HANA connector

No public changes were made specific to this connector, though a new version was released.

SAP SuccessFactors connector

No public changes were made specific to this connector, though a new version was released.

SCIM connector

  • OPENICF-2112: SCIM Connector: caseSensitive

  • OPENICF-2113: SCIM Connector: problem with "issuedAt" from OAuth neg

  • OPENICF-2114: SCIM Connector: use authenticationBasic as an option for OAuth neg

  • OPENICF-2125: SCIM Connector: Fix Filter

Scripted REST connector

No public changes were made specific to this connector, though a new version was released.

ServiceNow connector

  • OPENICF-2130: ServiceNow connector query results do not match what is returned from API

Workday connector

No public changes were made specific to this connector, though a new version was released.

1.5.20.9

LDAP Connector

No public changes were made specific to this connector, though a new version was released.

Microsoft Graph API Connector

  • OPENICF-1614: MS Graph API Connector: Livesync on user/group does not populate membership

  • OPENICF-1858: MS Graph API Connector: Add Group Owners management

SAP Connector

  • OPENICF-1675: SAP Connector: Groovy deps should be embedded

  • OPENICF-2071: SAP Connector: Cannot update ACTIVITY GROUPS for users

1.5.20.8

CSV File Connector

  • OPENICF-1935: CSV Connector: generates a stacktrace for Read Only permission files

  • OPENICF-1969: CSV Connector: Update csv connector parsing library

  • OPENICF-1258: CSV Connector: stripping empty strings, replacing with nulls.

DatabaseTable Connector

No public changes were made specific to this connector, though a new version was released.

Google Apps Connector

  • OPENICF-2038: Google Apps Connector: Updating user’s group membership may return NPE

LDAP Connector

  • OPENICF-1977: LDAP Connector: Detect CA LDAP directory server

Microsoft Graph API Connector

  • OPENICF-1606: MS Graph API Connector: Upgrade to MS Graph Java SDK v3

  • OPENICF-1807: MS Graph API Connector: Better handle failure of hard delete

  • OPENICF-1819: MS Graph API Connector: "performHardDelete" should be set to false by default

PeopleSoft Connector

No public changes were made specific to this connector, though a new version was released.

Salesforce Connector

  • OPENICF-2002: Salesforce Connector: syncFailureHandler can exceed maxRetries

ScriptedSQL Connector

No public changes were made specific to this connector, though a new version was released.

1.5.20.7

AWS Connector

Initial release of the AWS IAM connector. Refer to Amazon Web Services (AWS) connector for more information.

  • OPENICF-1780: AWS IAM Connector

DatabaseTable Connector

No public changes were made specific to this connector, though a new version was released.

Google Apps Connector

No public changes were made specific to this connector, though a new version was released.

LDAP Connector

  • OPENICF-1897: LDAP Connector: Add support for nested AD groups

MongoDB Connector

No public changes were made specific to this connector, though a new version was released.

PeopleSoft Connector

Initial release of the Oracle PeopleSoft connector. Refer to PeopleSoft connector for more information.

  • OPENICF-1748: PeopleSoft Connector

Salesforce Connector

  • OPENICF-1812: SalesForce Connector: syncFailureHandler maxRetries is not working

SAP S/4HANA Connector

Initial release of the SAP S/4HANA connector. Refer to SAP S/4HANA connector for more information.

  • OPENICF-1782: SAP Hana Connector

ScriptedSQL Connector

No public changes were made specific to this connector, though a new version was released.

1.5.20.6

Cerner Connector

Initial release of the Cerner connector. Refer to Cerner connector for more information.

  • OPENICF-1737: Cerner Connector

Epic Connector

  • OPENICF-1818: Epic V2 Connector

  • OPENICF-1878: Epic Connector: Query filter not matching uid returns HTTP 404

Google Apps Connector

  • OPENICF-1181: Google Apps Connector: Unable to delete custom attributes

LDAP Connector

  • OPENICF-1901: LDAP Connector: Reduce JVM garbage from ConnectorObjectBuilder and AttributeBuilder

MongoDB Connector

  • OPENICF-1833: Update MongoDB driver to the latest for compatibility with newer versions of MongoDB

1.5.20.5

Adobe Marketing Cloud Connector

No public changes were made specific to this connector, though a new version was released.

Database Table Connector

  • OPENICF-1711: Database Table Connector - ORA-22816 error when using Oracle trigger

Epic Connector

Initial release of the Epic connector. Refer to Epic connector for more information.

Google Apps Connector

  • OPENICF-1808: Google Apps Connector: when user is provisioned using a role assignment, group isn’t set correctly

LDAP Connector

  • OPENICF-1859: LDAP Connector: _memberId is not returned with AD & liveSync if attribute range is used

Marketo Connector

No public changes were made specific to this connector, though a new version was released.

Salesforce Connector

No public changes were made specific to this connector, though a new version was released.

SCIM Connector

No public changes were made specific to this connector, though a new version was released.

Scripted REST Connector

No public changes were made specific to this connector, though a new version was released.

Scripted SQL Connector

No public changes were made specific to this connector, though a new version was released.

SAP SuccessFactors Connector

  • OPENICF-1822: SuccessFactors should not require PEM formatted file on disk

1.5.20.4

Google Apps Connector

No public changes were made specific to this connector, though a new version was released.

Microsoft Graph API Connector

No public changes were made specific to this connector, though a new version was released.

1.5.20.3

Database Table Connector

  • OPENICF-1692: Database Table Connector: throwing a null pointer exception

Google Apps Connector

  • OPENICF-1716: Google Apps Connector: Add recoveryEmail and recoveryPhone attributes for User

LDAP Connector

  • OPENICF-1731: LDAP Connector: Escape characters (\) not properly handled on delete and updates ops

Scripted SQL Connector

No public changes were made specific to this connector, though a new version was released.

ServiceNow Connector

No public changes were made specific to this connector, though a new version was released.

Workday Connector

No public changes were made specific to this connector, though a new version was released.

1.5.20.2

CSV File Connector

  • OPENICF-1677: CSV Connector returns pagedResultsCookie for queries with _pageSize=0.

LDAP Connector

  • OPENICF-1666: LDAP Connector: ldapGroups should restrict membership to the specified contexts.

Microsoft Graph API Connector

  • OPENICF-1656: MS Graph API Connector: Unable to update onPremisesExtensionAttributes.

  • OPENICF-1687: MS Graph API Connector: Should be able to work behind an HTTP Proxy.

  • OPENICF-1698: MS Graph API Connector: get the cause of exception if test() fails.

Workday Connector

  • OPENICF-1689: Workday Connector: Workers transaction logs are filtered.

  • OPENICF-1691: Workday Connector: Reduce Garbage collection when building connector objects.

1.5.20.1

1.5.20.1 is a limited release, where only the Database Table Connector was released to Backstage.
Database Table Connector

  • OPENICF-1477: Database Table Connector: ORA-01000: maximum open cursors exceeded

  • OPENICF-1596: PSQLException: FATAL: terminating connection due to idle-in-transaction timeout

1.5.20.0

Generic LDAP Connector

  • OPENICF-1560: LDAP Connector: RFE Disable Paged Results Control

  • OPENICF-1586: LDAP Connector: Timestamp sync strategy: Synchronization filters are not used properly

MongoDB Connector

  • OPENICF-1553: MongoDB Connector: convertBSONtoICF() does not traverse Arrays.

Microsoft Graph API Connector

  • OPENICF-1538: MS Graph API Connector: Sync() does not work

  • OPENICF-1541: MS Graph API Connector: Add ConsistencyLevel: eventual' header and $count=true for endsWith filter

  • OPENICF-1557: MS Graph API Connector: Handle user employeeHireDate attribute and Calendar data type

  • OPENICF-1558: MS Graph API Connector: Make sure sortKey is supported by the objectClass

  • OPENICF-1559: MS Graph API Connector: Implement Authenticate() call

  • OPENICF-1595: MS Graph API Connector: test() should connect to the MS Graph endpoint to validate the connectionThe following known issues will be addressed in a later release:

  • OPENICF-1614: MS Graph API Connector: Livesync on user/group does not populate membership

  • OPENICF-1615: MS Graph API Connector: Deleting Azure AD group works but throws HTTP 500

SCIM Connector

  • OPENICF-1589: SCIM Connector: NPE caused by exception not properly handled

  • OPENICF-1591: SCIM Connector: Parsing OAuth response should not fail on unknown properties

  • OPENICF-1598: SCIM Connector: NPE when updating attribute with null value

  • OPENICF-1600: SCIM Connector: unknown attributes in a query result should not throw parsing exception

  • OPENICF-1601: SCIM Connector: Implement a global connection timeout property

1.5.19.6

No issues specific any connectors were addressed in this release.

1.5.19.5

CSV File Connector

  • OPENICF-1530: system?_action=createFullConfig validation does not return consistent errors

Database Table Connector
Groovy connector toolkit

  • OPENICF-1523: ScriptedGroovy connectors fail to load in IDM 7.x when embedded Groovy version does not match IDM Groovy version

Microsoft Graph API Connector

  • OPENICF-1493: MS Graph API Connector: add the ability to read/assign license for the user

  • OPENICF-1499: MS Graph API Connector: remove the maximumConnections property

  • OPENICF-1507: MS Graph API Connector: add the ability to read subscribedSku object

  • OPENICF-1525: MS Graph API Connector: replace the default Graph SDK logger

  • OPENICF-1526: MS Graph API Connector: add the ability to read Team objects

Salesforce Connector

  • OPENICF-1522: Salesforce Connector : implement StatefulConfiguration to allow persistence of accessToken in memory

SCIM Connector

  • OPENICF-1518: SCIM connector: Http client ConnectionManager is not set properly

Workday Connector

  • OPENICF-1504: Workday Connector: SyncToken should be updated even if no events

  • OPENICF-1506: Workday Connector: SyncToken should be set to tenant timestamp after call to sync()

  • OPENICF-1508: Workday Connector: Query on SCR objects should not include date range as a search criteria

1.5.19.4

No issues specific any connectors were addressed in this release.

1.5.19.3

Microsoft Graph API Connector

  • OPENICF-1475: MS Graph API Connector: the 'manager' only returns the id and not the full object

  • OPENICF-1481: MS Graph API Connector: add the ability to assign/remove user’s manager

  • OPENICF-1483: MS Graph API Connector: can’t remove all groups a user belongs to

Salesforce Connector

  • OPENICF-1471: SalesForce Connector: should not implement PoolableConnector interface

1.5.19.2

Generic LDAP Connector

  • OPENICF-1448: LDAP Connector: Enabling changelog livesync for oracle unified directory (OUD)

  • OPENICF-1466: LDAP Connector: Update filterWithOrInsteadOfAnd to apply to timestamp and Active Directory liveSync

  • OPENICF-1470: LDAP Connector: Null Check in ADUserAccounControl.addControl

  • OPENICF-1472: LDAP Connector: Data not synced from AD to IDM via livesync on __ALL__ object

Microsoft Graph API Connector

  • OPENICF-1469: MS Graph API Connector: implement a read/write rate limiter

SCIM Connector

  • OPENICF-1401: SCIM Connector: Align exceptions for not configured (blank/null) configurationProperties

1.5.19.1

Microsoft Graph API Connector

  • OPENICF-1446: MS Graph API Connector: implement PoolableConnector

Salesforce Connector

  • OPENICF-1352: Salesforce connector: pagination and cookies not working properly

SCIM Connector

  • OPENICF-1444: SCIM connector - provide support for 'scope'

SSH Connector

  • OPENICF-1433: SSH connector: Kerberos username prompt for public key and password auth

  • OPENICF-1445: SSH connector: Stale or disconnected SSH sessions are not detected when borrowing from the pool

Workday Connector

  • OPENICF-1383: Workday Connector: Upgrade to API v35.0

  • OPENICF-1419: Workday Connector: Implement Service Center Representative object type

  • OPENICF-1426: Workday Connector: Ability to update email for Service Center Representative object

  • OPENICF-1432: Workday Connector: Implement OR filter

  • OPENICF-1447: Workday Connector: add the Contingent_Worker_ID as a search criteria

1.5.19.0

Starting in version 1.5.19.0, ICF connectors that previously had external library dependencies now have those dependencies bundled inside the connector.

Initial release of the MS Graph API Connector.

Generic LDAP Connector

  • OPENICF-1388: LDAP Connector 1.5.5.0 throws java.lang.NoSuchMethodError on Java 8

  • OPENICF-1396: OPENIDM-15448 changes seemingly broke querying ldap via the data tab

Groovy connector toolkit

  • OPENICF-1414: Scripted Groovy (v3) based connectors fail to load with IDM releases prior to 7.0

1.5.18.0

Starting in version 1.5.18.0, the ICF Connector Framework and all connectors bundled with IDM share a unified version number.

No issues specific any connectors were addressed in this release.

Java RCS release notes

Refer to Connector framework release notes for details regarding any changes to the ICF Connector Framework that may affect RCS behavior.

Updates to the Java RCS can also include security, formatting, and other internal-facing fixes.

1.5.20.21

  • OPENICF-2228: logback.xml moved to conf/ directory

  • OPENICF-2152: Provide a default SSL truststore file

  • OPENICF-2511: Connection to IDM becomes dysfunctional after a period of inactivity in RCS

  • OPENICF-2643: Timeout waiting to acquire a websocket to send a message has been decreased from 2 minutes to 30 seconds

  • OPENICF-2644: NPE may be thrown on WebSocketConnectionGroup shutdown

  • OPENICF-2154: RCS now logs any connector exception to the log file and console

1.5.20.18

  • OPENICF-1638: The default logback.xml logging configuration rolls log files daily. Refer to Rolling log policy.

  • OPENICF-2547: New local connector facade created --> Method: newConnectorFacadeInstance

1.5.20.15

  • OPENICF-2336: Java RCS: Change the default connector.groupCheckInterval=900 seconds to 60 seconds

1.5.20.14

  • OPENICF-1418: Java RCS: Invalid interval properties not handled properly for client mode

  • OPENICF-2181: Java RCS: Housekeeping task should log which endpoint/instance it is working with

  • OPENICF-2274: Java RCS: Response to unknown protobuf request should contain RCS version

1.5.20.12

  • OPENICF-1473: Java RCS: ConnectorServer.properties template should include config for FRAAS

  • OPENICF-1889: Java RCS: Include relevant defaults for RCS config

1.5.20.11

  • OPENICF-2132: Java RCS: docker-entrypoint.sh uses -run instead of -service to start the RCS

  • OPENICF-2137: Java RCS: When running in -service mode, version is not displayed at startup.

  • OPENICF-2174: Java RCS: Incompatible with AM macaroons: Unrecognized field "expireTime"

1.5.20.9

Bundled connectors were updated, though no changes to the remote connector server were made.

1.5.20.8

  • OPENICF-2000: potential log flooding resulting from operation cancel request messages for LocalOperations which have already completed

1.5.20.7

  • OPENICF-1883: Java RCS: Improve stability of RCS WebSocket connection management

  • OPENICF-1975: Java RCS: Increase default heap size from 512m to 1g

  • OPENICF-1925: Java RCS: require explicitly set property to enable agent deployment

1.5.20.6

  • OPENICF-1832: Java RCS: High CPU usage when running as a service

1.5.20.5

  • OPENICF-1855: Investigate handling query 'poison pill' termination via recon automatic retry upon exception receipt

1.5.20.4

  • OPENICF-1726: Java RCS: OAuth access token should be cached and reused till expired

  • OPENICF-1744: Java RCS: Unable to run RCS with Marketo connector using a different groovy version

  • OPENICF-1796: Java RCS: NPE if connectorserver.url has a bad hostname

1.5.20.3

  • OPENICF-1725: Java RCS: classPath issue in JAVA_DLL when running as a service on Windows

  • OPENICF-1730: Client ConnectorInfos cache not refreshed upon RCS instance restart when using RCS Agent

  • OPENICF-1743: Java RCS: windows service starts up and stops abruptly

  • OPENICF-1751: Sporadic issues managing RCS-hosted connectors through IDM Native Admin Console

  • OPENICF-1783: Java RCS: Rename the windows service name

  • OPENICF-1792: Java RCS: message hostId missing and causing a connection drop

  • OPENICF-1746: Java RCS: Should display its current version in console and jar files should have their version in file name

  • OPENICF-1764: Java RCS: on Windows, ConnectorServer.bat /setKey does not work

  • OPENICF-1774: Java RCS: upgrade Procrun to latest version for RCS as a Windows service.

1.5.20.2

  • OPENICF-1655: Java RCS: When using TLS, the RCS does not work behind a proxy.

1.5.20.0

  • OPENICF-1366: Java Connector Server: /setDefaults does not revert config to default properly

  • OPENICF-1502: RCS: requests not cancelled when websocket closes

  • OPENICF-1540: RCS: requests bearer token from AM, but doesn’t look for error status code in response

  • OPENICF-1544: Fix double-checked locking in WebSocketConnectionGroup

  • OPENICF-1549: Update default ConnectorServer.properties

  • OPENICF-1555: Clarify locking behavior in ConnectorServer for Grizzly server lifecycle

  • OPENICF-1561: RCS: Reduce log level for common debug messages

1.5.19.6

  • OPENIDM-16178: IDM recon would fail w/ remote Java connector server

1.5.19.5

  • OPENICF-1516: Failed ICF Search Query confuses total number of search results

  • OPENICF-1520: Java RCS: Connection groups can accumulate many more websockets than they should have

1.5.19.4

  • OPENICF-1485: Java RCS: Non operational ConnectionGroup should be closed and removed

  • OPENICF-1486: Java RCS: Connection housekeeping task may stop running

  • OPENICF-1494: Java RCS: Housekeeping task gets blocked

  • OPENICF-1500: Java RCS: Improve default logging

1.5.19.3

  • OPENICF-1482: Java RCS: fails to reestablish connections to IDM after IDM is restarted

1.5.19.2

  • OPENICF-1467: RCS: endless loops on connection loss and shutdown

1.5.19.1

No issues specific to the Remote Connector Server were addressed in this release.

1.5.19.0

  • OPENICF-1393: Java Connector Server: useSSL property use should be clarified

  • OPENICF-1394: missing connectorserver.scope in connectorserver property file

  • OPENICF-1395: Investigate and clean up the following start up error message

  • OPENICF-1397: Java Connector Server: javax.net.ssl trustStore and keyStore properties should be set

  • OPENICF-1399: restarting IDM with active RCS causes RCS to decrement websocket connection count

  • OPENICF-1400: Java Connector Server: Property name usessl should match docs and code

  • OPENICF-1404: Java connector server proxy config for port is incorrect

  • OPENICF-1407: Java RCS: Incorrect url in Debug message of HttpRequestPacket header for non-SSL

  • OPENICF-1408: Java RCS: NPE when we set proxyHost for client mode

1.5.18.0

  • OPENICF-1371: Java Connector server does not always reestablish closed websockets

  • OPENICF-1390: Java RCS: Prevent use of websockets that are about to be closed

  • OPENICF-1392: Java Connector Server: TTL should be in seconds

.NET RCS release notes

Refer to Connector framework release notes for details regarding any changes to the ICF Connector Framework that can affect RCS behavior.

Unless you have a specific need for the .NET version of the remote connector server (RCS), such as needing to use the PowerShell connector toolkit, we recommend using the Java-based remote connector server instead.

1.5.7.0

Connection improvements

  • .NET remote connector server should be able to initiate connection to IDM (OPENICF-731)

  • Client mode should support IDM authentication (OPENICF-1311)

  • Unable to start in client mode when no intervals used (OPENICF-1314)

  • When we attempt to stop in client mode, the connection is re-initiated (OPENICF-1315)

  • ConnectorObject should default the Name to Uid if Name is not present (OPENICF-1318)

  • Add the ability to connect to multiple IDM endpoints (OPENICF-1376)

  • Connection TTL should be in seconds (OPENICF-1626)

  • ConnectionGroup fixes for improved connection handling (OPENICF-1630)

  • Handle failure HTTP status codes when requesting OAuth 2.0 tokens (OPENICF-1631)

  • Fix handshake timing problem (OPENICF-1682)

  • Prevent use of websockets that are about to be closed (OPENICF-1685)

  • Ensure that IDM gets notification that a websocket is about to be closed (OPENICF-1700)

  • Stagger connection starts if webSocketConnections > 1 (OPENICF-1706)

  • SocketClosingSoonException introduces null values that break protobuf3 (OPENICF-2001)

  • Improve stability of RCS WebSocket connection management (OPENICF-2008)

  • If OAuth token endpoint is defined, .NET RCS still tries to use Basic Auth to connect to ID Cloud (OPENICF-2188)

  • Support for HTTP proxy authentication (OPENICF-2197)

  • Closing WebSockets are not handled properly (OPENICF-2217)

Configuration improvements

  • Separate config properties in the ConnectorServerService.exe.Config (OPENICF-1313)

  • Make Pong interval configurable (OPENICF-1362)

  • Update default properties values (OPENICF-1628)

  • Support for hostId (OPENICF-1512)

  • Align HTTP proxy property names with Java RCS (OPENICF-2204)

PowerShell connector now included with .NET connector server

  • Embed the PowerShell connector with the .NET connector server (OPENICF-1906)

  • Align PowerShell connector version number with the .NET RCS version (OPENICF-1962)

  • Integrate the PowerShell samples in the project (OPENICF-1970)

  • PowerShell connector: Query might return HTTP 500 when sorting by some properties (OPENICF-2205)

  • AD PowerShell samples should filter __NAME__ as a sort key (OPENICF-2172)

Dependency updates and cleanup

  • Update and cleanup some dependencies. (OPENICF-1963, OPENICF-1971)

  • Upgrade protocol buffer version and package (OPENICF-1836, OPENICF-2173)

  • Upgrade .NET framework (OPENICF-1707)

  • Fix the Wix project, get rid of legacy dlls (OPENICF-1913)

  • Exception upon start due to a missing dependency (OPENICF-1951)

General fixes and improvements

  • Sporadic issues managing RCS-hosted connectors through IDM Native Admin Console (OPENICF-2011)

  • Query filter on name attribute with pageSize and pagedResultsCookie returns HTTP 500 (OPENICF-1954)

  • PagedResultsCookie should be set to null if empty when deserialized from protobuf message (OPENICF-1679)

Connector framework release notes

Updates to the connector framework can also include security, formatting, and other internal-facing fixes.

1.5.20.21

  • OPENICF-2642: Align Jetty servlet WebSocketConnectionGroup check interval with default Java RCS value

1.5.20.18

No public changes were made to the framework, though a new version was released.

1.5.20.15

  • OPENICF-2384: Java Framework: Allow __PASSWORD__ removal via null values

1.5.20.11

No public changes were made to the framework, though a new version was released.

1.5.20.8

  • OPENICF-1998: Local/RemoteRequest congruence checks should throw a retryable exception upon failure

1.5.20.7

  • OPENICF-1883: Java RCS: Improve stability of RCS WebSocket connection management

1.5.20.6

  • OPENIDM-17535: IDM stack releases that include bundled connectors should continue to work with existing provisioner configuration

1.5.20.5

  • OPENICF-1855: Investigate handling query 'poison pill' termination via recon automatic retry upon exception receipt

1.5.20.4

No public changes were made to the framework, though a new version was released.

1.5.20.3

  • OPENICF-1704: Framework: resetConnectorInfos does not implement intent

  • OPENICF-1730: Client ConnectorInfos cache not refreshed upon RCS instance restart when using RCS Agent

  • OPENICF-1735: Upgrade to groovy 3.0.9

1.5.20.0

For a list of security issues addressed in this release, refer to the related Security Advisory in the ForgeRock Knowledge Base.

  • OPENICF-1566: Framework: ICF Jetty servlet default maxMessageSize is too small

1.5.19.6

No issues specific to the ICF Connector Framework were addressed in this release.

1.5.19.5

No issues specific to the ICF Connector Framework were addressed in this release.

1.5.19.4

No issues specific to the ICF Connector Framework were addressed in this release.

1.5.19.3

No issues specific to the ICF Connector Framework were addressed in this release.

1.5.19.2

No issues specific to the ICF Connector Framework were addressed in this release.

1.5.19.1

No issues specific to the ICF Connector Framework were addressed in this release.

1.5.19.0

Starting in version 1.5.19.0, ICF connectors that previously had external library dependencies now have those dependencies bundled inside the connector.

  • OPENICF-1413: Use framework version 1.5.11.0 for ldap-connector to support Java8-compatible release

  • OPENICF-1414: Scripted Groovy (v3) based connectors fail to load with IDM releases prior to 7.0

1.5.18.0

Starting in version 1.5.18.0, the ICF Connector Framework and all connectors bundled with IDM share a unified version number.

No issues specific to the ICF Connector Framework were addressed in this release.

Deprecation

The following functionality is deprecated and likely to be removed in a future release.

1.5.20.21

Google Apps connector

The __SECONDARY_EMAIL__ user attribute is deprecated. Use the newer attribute __SECONDARY_EMAILS__. These two attributes are mutually exclusive.

Earlier than 1.5.18.0

JAVA_TYPE_DATE attribute type

Support for the native attribute type JAVA_TYPE_DATE is deprecated and will be removed in a future release. This property-level extension is an alias for string. Any dates assigned to this extension should be formatted per ISO 8601.

Changed functionality

The following changes may impact existing deployments when you update. Adjust existing scripts, files, configurations, and so on, as necessary.

RCS

1.5.20.21

Logging configuration file

The default location for logback.xml was moved from lib/framework/ to conf/. You can now edit the path and filename, refer to Logging configuration file.

Known issues

This topic lists issues that remain open at the time of release.

ICF/Connector issues

  • OPENICF-1365: PyForge: Triggered livesync using timestamps on a custom object returns HTTP 500

  • OPENICF-1826: Java RCS: IDM RuntimeExceptionHandler throws NPE when we stop RCS Client with SSL and shutdown IDM

  • OPENICF-1874: Epic Connector: No validation when using an invalid attribute in the request

  • OPENICF-1881: DocuSign Connector does not embed requisite 3rd party dependencies

  • OPENICF-1905: Database Table Connector: Error when using NAME and pr operator in queryFilter

  • OPENICF-1982: Java RCS: Installing and uninstalling RCS as a Windows service always prints a successful message

  • OPENICF-1983: Java RCS: Success message when installing RCS as multiple Windows services

  • OPENICF-1991: Java RCS: No logging when we start RCS with /run and then /install as a Windows service

  • OPENICF-2147: MSGraphAPI Connector: Passthrough authentication rejects correct credentials on B2C tenants

  • OPENICF-2193: GoogleApps Connector: pagedResultsCookie is no longer returned for pages with 0 results

  • OPENICF-2211: RCS failover documentation is incorrect

  • OPENICF-2223: MS Graph API Connector: query filter using "pr" does not work

  • OPENICF-2234: ScriptedSQL Connector: Throws "Unable to load FastStringService"

  • OPENICF-2235: AS400 Connector: connectionTimeout setting is incorrectly applied to the maxLifetime pooled connections

  • OPENICF-2256: Framework: RPC RequestDistributorTest unit test intermittently fails

  • OPENICF-2258: MSGraphAPI Connector: Clicking on Directory Role Template gives oData error

  • OPENICF-2265: MS Graph API Connector: Invalid filter clause when paging certain filtered results

  • OPENICF-2288: SAP Successfactors Connector: Query on non-existing group returns HTTP 500

  • OPENICF-2289: SCIM Connector: Update operation fails on Salesforce using scimv2

  • OPENICF-2302: LDAP Connector: createFullConfig doesn’t throw a uniform error when invalid connection details provided

  • OPENICF-2319: SCIM Connector: GoTo system returns non-404 code when trying to read a deleted record

  • OPENICF-2348: ServiceNow Connector: query filter on non-existing id returns HTTP 404

  • OPENICF-2349: ServiceNow Connector: query filter with complex expression including negation "!" doesn’t work

  • OPENICF-2364: Java RCS: Scheduled liveSync stops and recovers on its own at random times

  • OPENICF-2369: MSGraphAPI Connector: Attributes embedded in the additionalDataManager should be exposed upon request

  • OPENICF-2399: HubSpot Connector: can return wrong OWNER when single querying

  • OPENICF-2403: Marketo Connector: cannot get the list of all leads when the result set is paged by the external system

  • OPENICF-2416: SAP Connector: InternalServerError thrown when requesting _pagedResultsOffset which exceeds number of available records

  • OPENICF-2422: ServiceNow Connector: costCenter attribute is missing from provisioner schema

  • OPENICF-2495: SCIM Connector: Do not log failure to retrieve AccessToken issued_at time at SEVERE level

  • OPENICF-2501: Java RCS: Unable to set key when full path to properties file specified in ConnectorServer.bat script

  • OPENICF-2516: SAP Connector: Unsupported Filter operators are not rejected by the connector

  • OPENICF-2518: SAP Connector: Info level logging is overused in this connector

  • OPENICF-2524: Workday Connector: does not include the IntegrationFieldOverrideData search criteria for liveSync calls

  • OPENICF-2539: Dropbox connector: improve error handling that throws java.lang.IllegalStateException

  • OPENICF-2541: LDAP Connector: switching between changelog and timestamp livesync throws HTTP 500

  • OPENICF-2581: Java RCS: "waiting to connect" issue when IDM restarts

  • OPENICF-2613: Epic Connector: Request calls return HTTP 500 with connection timeout when using v3 connector

  • OPENICF-2625: GoogleApps Connector: document new SECONDARY_EMAILS connector attribute

  • OPENICF-2629: SaasCommon: HTTP client default headers need to be defined per operation basis

  • OPENICF-2640: Java RCS: if remote IDM process is stopped, Websocket connections will increase until IDM process is back

  • OPENICF-2669: SCIM Connector: The read rate limit may be exceeded during queries

Copyright © 2010-2024 ForgeRock, all rights reserved.