IDM 7.3.0

Incompatible changes

When you update to IDM 7.3.0, the following changes may impact existing deployments. Adjust existing scripts, files, clients, and so on, as necessary.

Synchronization JSON array comparison is order-agnostic

JSON array comparison during sync is now order-agnostic. This change may negate the need for certain custom scripts within mappings. For example, scripts that were previously required to sort ldapGroups values to avoid unnecessary target object updates.

Attribute encryption on assignments

Assignment attributes are now encrypted if the corresponding connector attribute indicates confidentiality, based on the attribute’s nativeType (such as JAVA_TYPE_GUARDEDSTRING or JAVA_TYPE_GUARDED_BYTE_ARRAY). As part of this change, the managed assignment object now includes the following property:

"attributeEncryption" : { }

If attributeEncryption is not present, the assignment attributes are not encrypted. If the property is present but empty, it will default to IDM’s default encryption cipher. To specify a different cipher, add the cipher property. For example:

"attributeEncryption" : {
  "cipher" : "AES/CBC/PKCS5Padding"

Additionally, secrets.json has a new secret: idm.assignment.attribute.encryption.

Copyright © 2010-2023 ForgeRock, all rights reserved.