The following repositories are supported for use in production:

• ForgeRock Directory Services (DS) 6.5

  By default, IDM uses an embedded DS instance for testing purposes. The embedded instance is not supported in production. If you want to use DS as a repository in production, you must set up an external instance.

• MySQL version 5.6 and 5.7 with MySQL JDBC Driver Connector/J 5.1.18 or later

• MariaDB version 10.0, 10.1, and 10.2 with MySQL JDBC Driver Connector/J 5.1.18 or later

• Microsoft SQL Server 2012, 2014, and 2016

  Warning

  For deployments using Microsoft JDBC Driver 7.x for SQL Server with Java 11, see Known Issues IDM 6.5.0.3.

• Oracle Database 11gR2, 12c, 12c Release 1 (12.1), 12c Release 2 (12.2), and 19c

• PostgreSQL 9.3.10, 9.4.5, 9.5, 9.6, and 10.x

• IBM DB2, 10.1, 10.5, 11

ForgeRock has tested many browsers with the IDM UI, including the following browsers:

• Chrome and Chromium, latest stable version

• Firefox, latest stable version

• Safari, latest stable version

• Internet Explorer 11 and later

IDM is supported on the following operating systems:

• Red Hat Enterprise Linux (and CentOS Linux) 6.5 and later, 7.x

• Ubuntu Linux 16.04, 18.04

• Windows 2008 R2, 2012 R2, 2016

• OPENIDM-17053: Registration form is not loading

• OPENIDM-15283: Unable to login to Admin console after setting enableDynamicRoles==true

• OPENIDM-17195: Change password button disabled state is inverted

• OPENIDM-17634: sustaining/6.5.x - Links for account creation and password reset are not being shown

• OPENIDM-13745: Add the ability to configure the failover variable for the LDAP Connector to the Admin UI

• OPENIDM-17126: Changing schedule to 15 min intervals breaks the admin UI

• OPENIDM-14791: 401 is returned 30 minutes after authentication in fullstack

• OPENIDM-16674: Need to check for presence of OriginResourceContext before trying to use it

• OPENIDM-16394: IDM 6.5.0.3 end-user UI blank in IE11

• OPENIDM-15805: End User UI doesn't format page correctly within Delegated Admin's view of managed/users with very long details

• OPENIDM-17638: sustaining/6.5.x - missing locale in enduser UI

• OPENIDM-15988: Remove Manager does not work with external DS repo (using the UI or PATCH via curl)

• OPENIDM-17600: entryExpireSeconds for UUID token longer than 1 hour expires early

• OPENIDM-17779: Update npm to match version in pom.xml

• OPENIDM-17867: sustaining/6.5.x - Forgot username/password and registration - Access denied error

• OPENIDM-17826: Upgrade Webpack to version 4 for to facilitate security fixes

• OPENIDM-17748: sustaining/6.5.x - Remove obsolete files for 6.5.2.0 upgrade

• OPENIDM-15931: IDM Startup issues (Java 11) during upgrade 6.5.0.4-->6.5.1.0 and also OOTB with some Java 11.x

• OPENIDM-16771: Updating managed/user property from the EndUserUI fails with policy validation error if there are Required relationships

• OPENIDM-17591: NPE when creating object with null value for singleton relationship

• OPENIDM-17792: 7.1 doesn't start on M1 mac

• OPENIDM-14459: Unable to remove relationship on origin via PATCH with link-expanded field

• OPENIDM-12326: JWT dynamic role calculation configuration is invalid for auth module role properties

• OPENIDM-16931: SynchronizationException caught on clustered recon node not propagated to other nodes

• OPENIDM-17204: Improve IDM REST API query performance

• OPENIDM-15507: Paging controls in connector data tab are disabled and should not be

• OPENIDM-15718: triggerSyncProperties does not work properly when using roles

• OPENIDM-13845: Sorting by default leads to extreme slowness in Admin UI

• OPENIDM-16379: Removing values from a multi-valued managed/user property fails with policy validation error if the property is set to Required

• OPENIDM-16259: Unable to add situational event scripts to mappings via the Admin UI

• OPENIDM-16297: Add support for boolean column types in explicit mappings

• OPENIDM-16249: cURL PATCH remove request does not delete relationship when _fields are specified

• OPENIDM-16037: UI does not reflect the default sync failure handler if none is specified

• OPENIDM-10087: Merge JDBC and DJ retry logic

• OPENIDM-16091: 'length' attribute in managed object causes 'Uncaught TypeError' error in web console

• OPENIDM-17071: NullPointerException with augmentSecurityContext

• OPENIDM-16774: Provide full details of schedules in the IDM admin UI

• OPENIDM-15150: IE11 script error in End-User UI

• OPENIDM-15103: UI: New version of workflow breaks UI forms

• OPENIDM-14046: Duplicates of the same workflow process show within the end user UI

• OPENIDM-14583: using ForgeRock github end-user-ui does not allow you to use "|\/" in the password

• OPENIDM-15024: Settings userEditable: false for mail disables changes in end UI profile page

• OPENIDM-14205: Exception caught marshalling a SynchronizationEvent for requests made with CLIENT_CERT authentication

• OPENIDM-14489: PKCS12 keystore in IDM

• OPENIDM-14025: Deadlock during concurrent generic object update operations with MySQL repository

• OPENIDM-12372: A managed object is not capable of handling simultaneous requests from an edge

• OPENIDM-12681: Admin GUI: Role condition with attribute type boolean are treated as string

• OPENIDM-13265: reconById fails with sourceQueryFullEntry true on an external source

• OPENIDM-10660: User metadata is logged in the audit log when an object is changed

• OPENIDM-15135: sustaining/6.5.x - Changed fields are incorrect in audit file

• OPENIDM-15391: Inconsistent results in enduser UI with delegated admin

• OPENIDM-15705: sustaining/6.5.x - unable to add widget in admin UI

• OPENIDM-12330: Notification create date no longer stored by default

• OPENIDM-15584: Using SalesForce connector and changing the updated context URL is not picked up

• OPENIDM-13633: Enabling password history causes error for existing users when they log into the enduser UI and edit their profile

• OPENIDM-15650: UI: Misalignment of managed Object Attributes

• OPENIDM-15598: Notification Time and Date incorrect in End User UI

• OPENIDM-15776: UI: Maven build does not fail on Eslint Errors

• OPENIDM-15196: Fullstack with social IDP provisioning - arbitrary redirect_uri value is not respected

• OPENIDM-15320: Changing connectionTimeout in datasource.jdbc makes no difference in behavior

• OPENIDM-14832: triggerSyncProperties does not work when using an encrypted password

• OPENIDM-15223: Base Connector Details not changing when updated context URL

• OPENIDM-15446: Missing indexes on relationship table

• OPENIDM-15861: sustaining/6.5.x - scriptedcrest 1.5.1.0 not compatible with groovy connector 1.5.19.1

• OPENIDM-15859: sustaining/6.5.x - update example sample provisioner for databasetable 1.5.19.1

• OPENIDM-15875: sustaining/6.5.x - multiple password example is not working anymore

• OPENIDM-15862: sustaining/6.5.x - sample for scriptedrest is not working with scriptedrest connector 1.5.19.1

• OPENIDM-14125: Synchronization fails for mappings with names longer than 50

• OPENIDM-12632: queryFilter on recon audit fails using MSSQL as repo

• OPENIDM-9962: Exclude unmodified attributes for UPDATE operations against ICF targets

• OPENIDM-12207: UI login fails with non-ASCII username or password

• OPENIDM-12334: UI: IDM Recon result failure summary doesn't respond to click on "View Entries"

• OPENIDM-12591: authzMembers can have duplicate entries when added using openidm.create() in scripts

• OPENIDM-13213: Editing the members property of the managed role object schema breaks conditional provisioning role members

• OPENIDM-13238: Using runAs for a user with delegated administration priviledges doesn't seem to return the correct results

• OPENIDM-13821: Queued sync event getting stuck in state PENDING

• OPENIDM-13854: REST - Deleting user with a non existent relationship object returns 404

• OPENIDM-13900: Allow exceptions to be thrown from workflow scripts

• OPENIDM-13966: Modifying the Display Properties of a relationship within the admin UI causes the notify attribute to be lost

• OPENIDM-13983: Unable to delete attribute when it has "scope": "private"

• OPENIDM-14051: NullPointerException on jdbc explicit tables with explicitMapping type NUMBER

• OPENIDM-14066: Recon status report showed extra recon was done

• OPENIDM-14099: queued sync doesn't work for mappings with names longer than 38 characters in JDBC repo

• OPENIDM-14287: cli.sh keytool export and import causes IDM startup failure with 'Invalid AES key length' error

• OPENIDM-14322: Unable to delete private properties via openidm.update()

• OPENIDM-14324: We need to be able to run Jetty.xml from a Project directory

• OPENIDM-14340: Workflow callActivity not working with Cron Expression

• OPENIDM-14349: Relationship properties not in source object when returnByDefault is true

• OPENIDM-14432: Restarting IDM cluster generates error message on first node: Scheduled service "scheduler-service-group.liveSync" invocation reported failure:

• OPENIDM-14462: Trailing spaces stripped from input after " in Admin UI

• OPENIDM-14468: Delegated Admin access on array attributes

• OPENIDM-14520: Admin UI: IDM Recon result failure summary "View Entries" does not display entries

• OPENIDM-14534: Fix exception in delegated admin code

• OPENIDM-14548: External REST: Calling endpoints which return a JSON array throws error

• OPENIDM-14692: Workflow: Need to show who approved what when

• OPENIDM-14771: Managed user property that is userEditable and nullable isn't visible on Enduser UI.

• OPENIDM-14911: Self-registration with email validation enabled disables field validation on registration form

• OPENIDM-15025: Managed user property that is userEditable and nullable isn't visible in the admin UI under privileges

• OPENIDM-12208: Clustered reconciliation fails due to paging cookie from ldap AD

• OPENIDM-12498: UI: Schedule Task Scanner with empty Object Property Field gets unexpected value added

• OPENIDM-12710: API descriptor not available after setting minLength property via admin UI

• OPENIDM-12969: Assignment of workflow to candidate user/group fails

• OPENIDM-13041: Workflow approval displaying all attributes

• OPENIDM-13415: managed/user is duplicated in UI Authentication Client Cert Query

• OPENIDM-13421: Unable to sort by _id in ScriptedSQL Sample

• OPENIDM-13721: NULL not set correctly when adding users. It is set to string of 'null'

• OPENIDM-13737: Self-service registration fails in multi-node cluster scenario when configured for full-stack

• OPENIDM-13740: Explicit repo table: validate mapping before CREATE

• OPENIDM-13763: Admin UI: Japanese input not working for managed user and role

• OPENIDM-13807: Reset Button in Edit Role Immediately Following New Creation Secretly Allowed to be Clicked

• OPENIDM-13811: Windows Service does not start up IDM with JDK 11

• OPENIDM-13814: Salesforce Provider - "User Info Endpoint" doesn't work in UI - typo

• OPENIDM-13847: Workflow task asignee doesn't display username in the UI

• OPENIDM-13882: Admin UI sends multiple REST requests with opposite values in the payload when disabling a connector

• OPENIDM-14163: Workflow: Groovy classpath problem

• OPENIDM-14184: Selfservice password reset gives no warning/explanation for passwords failing CANNOT_CONTAIN_OTHERS policy

• OPENIDM-14253: Admin UI: Tab key to move to next textbox does nothing after selecting Japanese input

• OPENIDM-14266: Remove security/realm.properties

• OPENIDM-12152: IDM needs a openidm encrypt script binding that allows specification of a purpose to use for encryption

• OPENIDM-12190: Router authz fails in multiple-passwords sample

• OPENIDM-12248: Data races in state shared across threads in recon

• OPENIDM-12312: UNIQUE policy on properties other than userName not correctly check during self-registration

• OPENIDM-12318: Unable to create new contacts because reCaptcha load failure

• OPENIDM-12353: Processing an array attribute containing null element results in null pointer exception

• OPENIDM-12376: Error retrieving scheduler jobs and firing triggers after upgrading to 6.5

• OPENIDM-12529: IDM 6.5.0 Encrypt / Decrypt section includes behaviour which only works in 7.0.0+

• OPENIDM-12613: UI Bug ( a missing Admin in the user profile drop down menu ) for managed object user

• OPENIDM-12664: Target phase run when reconById dispatched on mapping configured for clustered recon

• OPENIDM-12680: Reconciliation stuck in ACTIVE_QUERY_ENTRIES (or other ACTIVE_ state) and cannot be cancelled

• OPENIDM-12755: Editing of task in admin console throws validatorErrors in handlebars-4.0.5.js

• OPENIDM-12804: uuid token expiry doesn't work with jdbc repo

• OPENIDM-12813: Admin UI login requires auto-reload of End-User interface

• OPENIDM-12802: API Explorer getting 401 Unauthorized after Full-Stack

• OPENIDM-12886: Registration "Sign In" link does nothing

• OPENIDM-12897: Large integers not handled correctly in JavaScript

• OPENIDM-12904: Sending mail with null "to" field causes IDM to hang

• OPENIDM-12954: Ensure signout works properly when access token has expired

• OPENIDM-12964: 'Try resetting your password again' link is not working after entering KBA incorrectly.

• OPENIDM-13064: End User admin link broken when Self-Service relative URL is not "/"

• OPENIDM-13086: Do not cache Managed Roles and Assignments within ReconContext during reconciliation

• OPENIDM-13111: !== in mergeWithTarget.js (and possibly other scripts) doesn't check if value is undefined only if value is null

• OPENIDM-13119: UI does not correctly display validation for Password History

• OPENIDM-13160: PATCH may succeed although If-Match does not match _rev

• OPENIDM-13162: ManagedObject UPSERT contract creates orphan meta object on update via PUT

• OPENIDM-13229: 'Sign in' in the registration interface has a broken link due to trailing "/"

• OPENIDM-13241: Sample password history policy results in 500 error when used with SelfService registration/reset

• OPENIDM-13242: Updating relationship with the same object in a different relationship will not delete reverse references of the updated relationship.

• OPENIDM-13261: Fix exception in PendingLinkAction.getPendingActionContext

• OPENIDM-13411: identityServer.getProperty() returns null pointer if property isn't set rather than being handled gracefully

• OPENIDM-13457: UI broken for social auth registration

• OPENIDM-13721: NULL not set correctly when adding users. It is set to string of 'null'

• OPENIDM-12017: OPENIDM-12017: IDM CAUD syslog product name (APP-NAME) is null

• OPENIDM-12192: OPENIDM-12192: Modifying virtual property corrupts managed.json

• OPENIDM-12200: OPENIDM-12200: Uncaught TypeError in JavaScript console when saving reverse relationship

• OPENIDM-12228: OPENIDM-12228: remove the INFO message for ScriptedFilter

• OPENIDM-12254: OPENIDM-12254: IDM UI doesn't render linked view for SAP R3

• OPENIDM-12309: OPENIDM-12309: "require" javascript changes are not picked up by IDM 6.5

• OPENIDM-12370: OPENIDM-12370: enable HSM data decryption from IDM 3.1.0 instances

• OPENIDM-12383: OPENIDM-12383: API descriptor not available after setting relationship-type property to nullable

• OPENIDM-12413: OPENIDM-12413: Multi-nodes clustered recon may fail with wrong situation

• OPENIDM-12517: OPENIDM-12517: Adding the triggerSyncProperties in sync.json stops pushing a newly created managed object implicitly to the end resource

• OPENIDM-12796: OPENIDM-12796: jsonstorage "local" self-service with "uuid" option fails in multi-node cluster scenario

• OPENIDM-12865: OPENIDM-12865: jwt token fails in multi-node cluster scenario

The following important bugs were fixed in ForgeRock Identity Management 6.5.2:

• OPENIDM-10542: IDM decryption fails with AES 256-bit key

• OPENIDM-11292: Registration autologin with full-stack not working

• OPENIDM-9665: Startup of OpenIDM with MySQL repo ends in ACTIVE_READY state even if repo-jdbc bundle fails to initialize

• OPENIDM-11602: Recons failing due to memory issues via the scripted sql connector

• OPENIDM-11480: With Oracle repo, Create or Update Managed user via UI results in 500 error

• OPENIDM-6514: JDBC repo errors on startup when using mysql

• OPENIDM-10132: IDM does not start, when configured with HSM and Embedded DS

• OPENIDM-9446: Random startup failures when using DB2 as a repo

• OPENIDM-9520: Update via REST with PUT removes private fields which are not included in the request

• OPENIDM-9331: Enabling CSV tamper prevention through the Admin UI may fail with a keystore password error

• OPENIDM-10600: Internal error "no deployed process definition found" after deleting process definition

• OPENIDM-5465: Performance Issue updating conditional role memberships

• OPENIDM-7665: Admin UI mapping view returns HTTP 400 error

• OPENIDM-10653: Password reset fails using explicit tables

• OPENIDM-9576: Records with missing _sortKeys are not returned in query results

• OPENIDM-8043: Unable to initialize keystore and truststore when passwords are different

• OPENIDM-10720: If a user does not exist in the workflow identity service there will be an NPE when trying to retrieve that user

• OPENIDM-10793: Problems with propvalue column size in properties tables

• OPENIDM-11052: Admin UI Mappings page load delay on system?_action=test REST call

• OPENIDM-11597: IllegalArgumentException updating external account if trace is enabled

• OPENIDM-10948: OpenerHandler require does not work with Internet Explorer

• OPENIDM-10919: JavaScript in Internet Explorer does not support the "includes" method of String

• OPENIDM-11863: Default configuration for jsonstore.json is incorrect

• OPENIDM-10603: Unexpected "manager" property in the "before" of activity audit records when patching manager on a user

• OPENIDM-11055: In some Full Stack configurations, you might need to increase the default header size

• OPENIDM-11237: The `openidm.workflow.enabled` property does not affect workflows

• OPENIDM-10749: Require modules appear to be reloaded with every script reference

• OPENIDM-10321: Salesforce provisioner fails to activate and throws NPEs at runtime

• OPENIDM-10787: The javascript.recompile.minimumInterval config values incorrect for common-js modules

• OPENIDM-10974: openidm.objecttypes.objecttype definition not consistent across DBs

• OPENIDM-11510: UI: Can't edit properties of newly added object type in connector configuration

• OPENIDM-11024: NPE can be thrown if the authentication service comes up before the identityService

• OPENIDM-10263: Salesforce connector error while accessing data from User and Profile objects

• OPENIDM-11822: migrateRepoRelationshipsData.js script does not set relationships correctly for >1000 relations

• OPENIDM-10828: MongoDB Connector UI configuration has an incorrect documentation link

• OPENIDM-11215: IDM hangs using IE11 with error "Promise is undefined" in ResourceQueryFilterEditor.js

• OPENIDM-10823: UI intermittently doesn't work with a changed REST context when using Firefox

• OPENIDM-11862: Setting a timeout on a uuid token via jsonstore.json has no effect

• OPENIDM-11739: Concurrent recons could cause exception deleting interim state instance deleteInterimStateInstance

• OPENIDM-11737: Missing relationship references when link expanding on missing resourceCollection in schema

• OPENIDM-11810: When generating full config, "id": "FIX_ME" is returned under operationOptions

• OPENIDM-10833: Cluster widget doesn't show shutdown time for killed node correctly

• OPENIDM-11235: Recon shows error "Target does not support attribute lastSync"

• OPENIDM-11174: Unable to resume scheduler jobs after successful pause

• OPENIDM-11852: Clustered recon in a multi-node environment may never complete

• OPENIDM-10740: Sharing and Activity (UMA) sections in the Self-Service UI do not display thumbnails

• OPENIDM-10400: When configuring a new LDAP Connector config for AD using the Admin UI, the groupMembership, groupType, and groupScope attributes in the user schema are not set up properly

• OPENIDM-10867: Email password string property substitution is not displayed in UI

• OPENIDM-11554: Health service does not identify ds repo bundle correctly

• OPENIDM-11231: IDM logs has suspicious INFO message in clustered recon

• OPENIDM-10578: Unable to specify the authenticationId within augmentSecurityContext script

• OPENIDM-11511: Changing the name of an object type in connector config creates erroneous entries

• OPENIDM-11667: If Salesforce is unavailable, testing the Salesforce Connector throws a 500 error

• OPENIDM-11704: UI: Can't edit validation policy without specifying a parameter

• OPENIDM-10758: openidm.read() returns different content if called from managed.json action or a custom endpoint

• OPENIDM-10829: PUT modifications to workflow/taskInstance/[_id] return 'Task updated' even when no changes occur

• OPENIDM-11393: assigning a userTask to openidm-admin could cause null pointer exception

• OPENIDM-10537: Deleting a previously set field during profile completion does not work

• OPENIDM-11640: null exception in defaultMappings.json

• There are no limitations in functionality in this release, other than what is listed in IDM 6.5.0.

• There are no limitations in functionality in this release, other than what is listed in IDM 6.5.0.

• There are no limitations in functionality in this release, other than what is listed in IDM 6.5.0.

• There are no limitations in functionality in this release, other than what is listed in IDM 6.5.0.

• There are no limitations in functionality in this release, other than what is listed in IDM 6.5.0.

• There are no limitations in functionality in this release, other than what is listed in IDM 6.5.0.

ForgeRock Identity Management 6.5 has the following known limitations:

• When you add or edit a connector through the Admin UI, the list of required Base Connector Details is not necessarily accurate for your deployment. Some of these details might be required for specific deployment scenarios only. If you need a connector configuration where not all the Base Connector Details are required, you must create your connector configuration file over REST or by editing the provisioner file. For more information, see "Configuring Connectors" in the Integrator's Guide.

• For OracleDB repositories, queries that use the queryFilter syntax do not work on CLOB columns in explicit tables.

• A conditional GET request, with the If-Match request header, is not currently supported.

• IDM provides an embedded workflow and business process engine based on Activiti and the Business Process Model and Notation (BPMN) 2.0 standard. As an embedded system, local integration is supported. Remote integration is not currently supported.

• When using privileges, relationships are not returned in queries. This means information that is handled as a relationship to another object (such as roles for a managed user) will not be available.

• Support for running remote connector servers with the legacy communication protocol has been removed. Connections to remote connector servers must use the websocket protocol.

• There are no new known issues in this release, other than those issues listed in IDM 6.5.0, IDM 6.5.0.3, and IDM 6.5.1.0.

• OPENIDM-15931: IDM startup issues on Java 11

  On certain OS variants, running Java 11, errors are seen from the logging service when the server starts up.

  Workaround:

  • If you are upgrading to IDM 6.5.1 from a previous 6.5.x version, copy the openidm/bundle/javax.annotation-api-1.2.jar file from your old instance to the bundle directory of your new 6.5.1.0 instance.

  • If you are not upgrading to IDM 6.5.1 from a previous 6.5.x version, download the javax.annotation-api-1.2.jar file from the Maven repository, and copy it to the bundle directory of your 6.5.1.0 instance.

• There are no new known issues in this release, other than those issues listed in IDM 6.5.0 and IDM 6.5.0.3.

• OPENIDM-15650: UI: Misalignment of managed Object Attributes

• Microsoft JDBC Driver 7.x for Java 11 Does Not Work with IDM 6.5.x

  ForgeRock has found that the Java 11 version of the Microsoft JDBC Driver 7.x for SQL Server (mssql-jdbc-7.2.2.jre11.jar, mssql-jdbc-7.4.1.jre11.jar) does not work with IDM 6.5.x due to a class loading problem.

  One possible workaround is to use the Java 8 version of the driver (mssql-jdbc-7.2.2.jre8.jar and mssql-jdbc-7.4.1.jre8.jar), which we have found to work with Java 11. Note that Microsoft does not recommend this configuration and may not support it.

  If you are using Java 11 and must use the Java 11 version of the driver (mssql-jdbc-7.2.2.jre11.jar, mssql-jdbc-7.4.1.jre11.jar), the only workaround is to update your IDM version from 6.5.x to an upcoming major release, which fixes this issue.

• There are no known issues in this release, other than those issues listed in IDM 6.5.0.

• There are no known issues in this release, other than those issues listed in IDM 6.5.0.

The following important issues remained open at the time of this release:

• OPENIDM-14099: Queued sync does not work for mappings with names longer than 38 characters (JDBC repo)

  Workaround: Queued synchronization creates locks when it acquires the mappings to process on a particular IDM node. The length of the objectid column in the locks table is 38 characters by default. Because the lock _id is set to the mapping name, it can easily exceed 38 characters. You should increase the length of this column to 255 characters.

• OPENIDM-12170: Delete on managed or internal object does not return the included relationship fields that were included in the request

• OPENIDM-12177: Notifications service does not work with relationship fields

• OPENIDM-12109: Able to add managed object property with illegal character via Admin UI

• OPENIDM-12106: Delegated Admin query filter and fields requests does not work properly with object type

• OPENIDM-12105: Delegated Admin UI Should Only Display Supported Fields in grid

• OPENIDM-12100: An existing privilege should default new schema fields to READ

• OPENIDM-12078: You cannot customize the aliases of the default keys added to the IDM keystore and truststore

  Workaround: To generate the default keys and certificates with custom aliases, see "To Generate Keys and Certificates With Custom Aliases (Workaround for OPENIDM-12078)".

• OPENIDM-12077: UI has JSON type pulldown for _rev for internal users

• OPENIDM-12074: Authentication Provider does not work after restarting IDM and AM

  Workaround: If you have shut down IDM and AM, start AM first. When you can log in, start IDM then navigate to the IDM Admin UI.

• OPENIDM-12063: Repo init service fails in audit-jdbc sample

• OPENIDM-12060: Sync triggers can get stuck after nodes are recycled

• OPENIDM-12017: IDM CAUD syslog product name (APP-NAME) is null

• OPENIDM-11960: Complex query expressions are not correctly parsed to SOQL for Salesforce

• OPENIDM-11950: Infinite loop possible for Managed PATCH operations

• OPENIDM-11921: Errors logged when password-reset email URL is expired and clicked

• OPENIDM-11879: Workflow time zone handling is not consistent and leads to unexpected results

• OPENIDM-11765: Warnings on startup when using embedded DS repo with Java 11

• OPENIDM-11714: Full Stack: /admin endpoint redirects to self-service page

• OPENIDM-11536: Cannot set user password for user created through full-stack social registration

• OPENIDM-11408: Paging is not working in 'Association/Data Association Management for mapping detail'.

  Workaround: The JSON audit handler does not support paging. If you use an audit audit handler that supports paging (such as the repository or elasticsearch handlers), you will not encounter this issue.

• OPENIDM-11370: Activiti workflow mail task goes to default localhost:25

  Workaround: Use the external email service described in "Configuring Outbound Email" in the Integrator's Guide.

• OPENIDM-10761: Progressive Profiling scripted condition does not include user fields within "object" map

• OPENIDM-10660: User metadata is logged in the audit log when an object is changed

• OPENIDM-10455: Query and non-read operations not authorised for openidm-admin role with OAuth

• OPENIDM-10072: Scheduler service registered too early by OSGi

• OPENIDM-9791: Error while generating process diagram, image will not be stored in repository

• OPENIDM-9554: Workflow Processes Completed have "Not Found Error" for managed/user

• OPENIDM-9353: IDM does not audit the http response headers in the access audit log

• OPENIDM-9081: WARNING about extensions directory not existing appears in felix console upon restart of IDM

• OPENIDM-8518: Not Found error when accessing a process instance via Admin UI

• OPENIDM-8295: Non-required single relationship properties should be nullable

• OPENIDM-8122: OpenIDM Cluster incorrectly shows ready and running

• OPENIDM-8052: Cannot create a remote (.NET) connector through the UI

• OPENIDM-6467: syslog audit event handler created although required property not set

• OPENIDM-4149: availableConnectors are not updated after remote ICF shut down

• OPENIDM-4068: Config Changes made in config files should get logged by the Config Audit Logger.

• Embedded Workflow Database

  Previously, you could use the Activiti workflow engine's embedded H2 database for demo and testing purposes. IDM no longer includes this database. Before you use workflow, you must install a JDBC repository.

  For more information, see "Enabling Workflows" in the Integrator's Guide.

• New bundled connector versions

  All connectors bundled with IDM 6.5.1 have been upgraded to version 1.5.19.1. See Connector Changes in IDM 6.5.1.0.

• IDM 6.5.0.4 has upgraded its Jetty library from version 9.4.15 to 9.4.27. The SslContextFactory class has changed to SslContextFactory.(Server|Client). Users who have custom Jetty configurations and are upgrading from versions 6.5.0.x to 6.5.0.4 may encounter an error due to this class change.

  You can do one of two workarounds:

  1. Use the Jetty library 9.4.27 as-is, instead of your custom Jetty configuration.

  2. Manually update the sslContextFactory to sslContextFactory$Server

     For example, if you are using IDM 6.5.0.2, the Jetty class would be:

     <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">

     After updating to IDM 6.5.0.4, update the new Jetty class to the following:

     <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">

• There are no important changes or enhancements in functionality in this release.

• There are no important changes or enhancements in functionality in this release.

• There are no important changes or enhancements in functionality in this release.

• All connectors that are bundled with IDM 6.5.2.0 have been upgraded to version 1.5.20.8.

  For a list of changes to the connectors in version 1.5.20.8 and earlier, see "Connector Release Notes Overview" in the Connector Release Notes.

• All connectors that are bundled with IDM 6.5.1.0 have been upgraded to version 1.5.19.1.

  The main changes with these upgraded connectors are as follows:

  • Connector dependencies are now bundled with the connectors. This means that you do not have to download the dependencies separately. Because the dependencies are included in the connector, and not in the IDM lib directory, the bundled connector dependency files will have no impact on existing dependency files in that directory.

  • Several connectors are now bundled with the remote connector server (RCS). If you are running connectors remotely, through RCS 1.5.19.1, the following connectors are in the openicf/connectors directory, and do not need to be copied to the remote server:

    • CSV File Connector

    • Database Table Connector

    • Groovy Connector

    • Kerberos Connector

    • LDAP Connector

    • SCIM Connector

    • Scripted REST Connector

    • Scripted SQL Connector

    • SSH Connector

  This list shows the main issues fixed in version 1.5.19.1 of the connectors:

  • OPENICF-1445: SSH connector: Stale or disconnected SSH sessions are not detected when borrowing from the pool

  • OPENICF-1433: SSH connector: Kerberos username prompt for public key and password auth

  • OPENICF-1414: Scripted Groovy (v3) based connectors fail to load with IDM releases prior to 7.0

  • OPENICF-1408: Java RCS: NPE when we set proxyHost for client mode

  • OPENICF-1407: Java RCS: Incorrect url in Debug message of HttpRequestPacket header for non-SSL

  • OPENICF-1404: Java connector server proxy config for port is incorrect

  • OPENICF-1400: Java Connector Server: Property name usessl should match docs and code

  • OPENICF-1399: restarting IDM with active RCS causes RCS to decrement websocket connection count

  • OPENICF-1396: OPENIDM-15448 changes seemingly broke querying ldap via the data tab

  • OPENICF-1395: Investigate and clean up the following start up error message

  • OPENICF-1394: missing connectorserver.scope in connectorserver property file

  • OPENICF-1388: LDAP Connector 1.5.5.0 throws java.lang.NoSuchMethodError on Java 8

  • OPENICF-1373: Java RCS: default connectorserver.connectionTtl breaks the connection housekeeping

  • OPENICF-1371: Java Connector server does not always reestablish closed websockets

  • OPENICF-1352: Salesforce connector: pagination and cookies not working properly

• There are no new ICF and connector changes in this release.

• There are no new ICF and connector changes in this release.

• There are no new ICF and connector changes in this release.

• There are no new ICF and connector changes in this release.