New Features

This release of ForgeRock Identity Management software includes the following new features:

The sync-with-azuread sample uses the MS Graph API connector to synchronize users between IDM and Azure AD.

The latest version of the Active Directory Password Synchronization Plugin supports a new registry key that helps prevent infinite password update loops. For more information, see the registry key, pwdChangeInterval.

The latest version of the Active Directory Password Synchronization Plugin supports a new registry key to configure the maximum retry attempts for password changes. For more information, see the registry key, maxFileRetry.

The latest version of the Active Directory Password Synchronization Plugin supports a new registry key to configure a search filter to omit users/groups from password syncing. For more information, see the registry key, userSearchFilterStrict.

The latest versions of the DS and Active Directory password synchronization plugins now support the use of AM bearer tokens as an authentication method. For more information, see:

Previously, KBA answers were always hashed as SHA-256 upon save, which is still the default setting; however, you can now specify an alternative hashing algorithm.

You can now specify default values for properties in the managed object configuration. For example, the default managed object configuration includes a default value that makes accountStatus:active, which effectively replaces the onCreate script that was previously used to achieve the same result.

Note

IDM assumes all default values are valid for the schema. Although IDM skips policy validation for objects with default values, you can force validation on property values.

You can now perform REST queries on properly configured array fields.

For more information, see:

The optional waitForCompletion parameter is now available to the config endpoint for create, update, and patch requests.

For more information, see:

To protect production servers from unauthorized API descriptor requests, IDM now requires admin authentication for the API endpoint. For more information, see "Securing the API Explorer".

Queries on explicit tables in JDBC now support bool:, num:, and long: in addition the previously supported query parameters (strings, list:, and int:).

Security Advisories

ForgeRock issues security advisories in collaboration with our customers and the open source community to address any security vulnerabilities transparently and rapidly. ForgeRock's security advisory policy governs the process on how security issues are submitted, received, and evaluated as well as the timeline for the issuance of security advisories and patches.

For details of all the security advisories across ForgeRock products, see Security Advisories in the Knowledge Base library.

Read a different version of :