Incompatible Changes

When you update to IDM 7.1.6, the following changes may impact existing deployments. Adjust existing scripts, files, and clients, as necessary:

Changes between IDM 7.1.4 and 7.1.6

No additional incompatible changes were made between 7.1.4 and 7.1.6.

Changes between IDM 7.1.2 and 7.1.4

No additional incompatible changes were made between 7.1.2 and 7.1.4.

Changes between IDM 7.1.0 and 7.1.2

Previously, you could use the Flowable workflow engine's embedded H2 database for demo and testing purposes. IDM no longer includes this database. Before you use workflow, you must install a JDBC repository.

For more information, see Enable Workflows.

Previously, workflows would break when upgrading from version 7.0.2 to 7.1.0 of IDM, due to out of sync versions of the Flowable workflow engine. This is fixed in version 7.1.2 of IDM. If you are upgrading IDM from version 7.0, please use IDM version 7.1.2 or higher.

Changes between IDM 7.0.x and 7.1.0

For external DS repositories, with explicitly mapped managed objects, the stored data format has changed for certain data types.

In IDM versions prior to 7.1, certain property values were always considered as strings, so the returned JSON format of a managed object would look something like this:

  "boolean": "true",
  "integer": "12345",
  "timestamp": "20210315010101Z",
  "json": "{\"key\":\"value\"}"

In IDM 7.1, these properties are returned with the correct data type, so a similar object in IDM 7.1 looks something like this:

  "boolean": true,
  "integer": 12345,
  "timestamp": "2021-03-15T01:01:01Z",
  "json": { "key": "value" }

New deployments are not impacted by this change. If you are upgrading an existing deployment with an external DS repository, with explicit object mappings, you should test this change and adapt your scripts and REST API calls, if necessary.

The data types affected by this change are as follows:

  • Booleans: from string to JSON boolean

    Affected OIDs: and

  • Integers: from string to JSON integer

    Affected OIDs: and

  • Generalized time: from string in LDAP generalized time format, to string in ISO 8601 format

    Affected OIDs: and

  • JSON: from JSON embedded in a string to structured JSON

    Affected OIDs:


If you want to retain the legacy behavior, set the following property in conf/


This is not recommended in a production deployment, and should be used only temporarily, as part of a plan to adapt to these changes.

The JsonStdoutAuditEventHandler is now pre-configured in the standard audit configuration, but is disabled by default.

Previously, to enable/disable audit handlers, you needed to modify conf/audit.json directly. Now, you can set the following properties in the resolver/ file to true or false:

  • openidm.audit.handler.json.enabled

  • openidm.audit.handler.stdout.enabled

  • openidm.audit.handler.repo.enabled

For more information, see:

Previously, to enable/disable HTTP or HTTPS, you could modify conf/ directly. Now, you can set the following properties in the resolver/ file to true or false:

  • openidm.https.enabled

  • openidm.http.enabled

For more information, see "Property Value Substitution".

Previously, to change the Felix web console credentials, you could modify the conf/felix.webconsole.json file directly. Now, you can set the following properties in the resolver/ file:

  • openidm.felix.webconsole.username

  • openidm.felix.webconsole.password

For more information, see:

Notifications are now disabled, by default. Previously, to enable/disable notifications, you could modify the applicable conf/notificationType.json file directly. Now, you can set the following properties in the resolver/ file to true or false:

  • openidm.notifications.passwordUpdate

  • openidm.notifications.profileUpdate

  • openidm.notifications

For more information, see Configure Notifications.

The following files have been moved from the /path/to/openidm/conf/ directory:

  • auth.profile.json moved to /path/to/openidm/samples/example-configurations/self-service/.

  • jsonstore.json moved to /path/to/openidm/samples/example-configurations/self-service/.

  • identityProviders.json moved to /path/to/openidm/samples/example-configurations/self-service/.

Previously, API requests containing the validateProperty action to unknown resources or those with invalid POST body content could result in an invalid true response, or a generic 500 Internal Server Error. Both of these situations now return a 400 Bad Request Error with an explanation.

Error Comparison


      "code": 500,
      "reason": "Internal Server Error",
      "message": "TypeError: Cannot call method "hasOwnProperty" of null",
      "detail": {}
  • AFTER:

      "code": 400,
      "reason": "Bad Request",
      "message": "object and properties were not provided in request content, and they are unable to be retrieved.",
      "detail": {}

The default router.json file no longer includes system in the matching pattern.

Read a different version of :