Fixed Issues

IDM 7.0.4

IDM 7.0.4 fixes the following issues:

  • OPENIDM-17985: Backport OPENIDM-17750: From field not allowing saving email address with multiple "domains" after the @

  • OPENIDM-17792: 7.1 doesn't start on M1 mac

  • OPENIDM-17591: NPE when creating object with null value for singleton relationship

  • OPENIDM-18211: Backport OPENIDM-17663: Unable to resolve org.forgerock.openidm.workflow-activiti

  • OPENIDM-16478: Environment Variables do not get parsed when added to managed.json

  • OPENIDM-17924: Conditional policy, with required policyId, modifies the schema

  • OPENIDM-15122: validateProperty fails with conditionalPolicies

  • OPENIDM-17870: Backport OPENIDM-17555: Attempting to write certain data to the audit logs on a SQL DB results in a retry-loop event.

  • OPENIDM-17531: Conditional policy is not enforced for patch remove

  • OPENIDM-16906: Sample auditjdbc causes inceasing flow of exceptions

  • OPENIDM-17743: With dynamic roles enabled, using social provider login results in a return to the login page

  • OPENIDM-17498: LiveSync stops working with RCS

  • OPENIDM-16472: Relationship properties sent to repo as part of defaultPostMapping patch

  • OPENIDM-17664: Adding whitespace in BaseDN results in invalid configuration

  • OPENIDM-17984: Backport OPENIDM-17790: In samples/audit-jdbc, the column for response_detail is missing from the sample files.

  • OPENIDM-17989: Backport OPENIDM-16887: Tag not closed on Native UI for scripted rest connector "/button"

  • OPENIDM-17869: Backport OPENIDM-17802: Inconsistent display with viewable option for managed object creation on Admin UI

  • OPENIDM-17687: Admin UI updates manager relationship using only the _ref field

  • OPENIDM-17360: Subsequent logins with social provider throws 500 error

  • OPENIDM-17980: Inconsistent Policy Validation message on Admin UI for some policyId's

  • OPENIDM-15266: Admin UI defaults number attributes to 0 when creating a managed resource

IDM 7.0.3

IDM 7.0.3 fixes the following issues:

  • OPENIDM-16944: ttf-dejavu font is deprecated. Review for removal from dockerfile

  • OPENIDM-17195: Change password button disabled state is inverted

  • OPENIDM-17053: Registration form is not loading

  • OPENIDM-16216: Delegated Admin UI should not attempt to load first page of whole dataset

  • OPENIDM-15562: Schedule will be invoked when changing schedule properties even if the schedule is "enabled" : false

  • OPENIDM-16727: Admin UI displays object relationships incorrectly when uninitialised virtual property is present

  • OPENIDM-16519: QueryFilters on reference properties do not work with ds as a repo

  • OPENIDM-16484: Error when accessing managed user object that has relationship to itself

  • OPENIDM-16771: Updating managed/user property from the EndUserUI fails with policy validation error if there are Required relationships

  • OPENIDM-16640: Updated relationship properties are no longer available to property onRetrieve hooks after object onUpdate

  • OPENIDM-16388: LDAP Connector created through Admin UI not setting credentials and baseContexts

  • OPENIDM-16818: Unable to create new LDAP connector through admin UI

  • OPENIDM-16444: Content-API-Version header does not appear in REST call in IDM 7.0.1

  • OPENIDM-15372: ldapGroups cannot be used as the attribute with assignments

  • OPENIDM-16322: Unable to create new LDAP connector through admin UI

  • OPENIDM-15871: Policy validation fails for nested attributes in managed.json

  • OPENIDM-15792: Selfservice registration submits input as string for boolean attribute

  • OPENIDM-15805: End User UI doesn't format page correctly within Delegated Admin's view of managed/users with very long details

  • OPENIDM-15842: Virtual properties displayed in resource editor should be read only

  • OPENIDM-15695: IDM Admin UI: shows Unauthorized message for Forbidden errors

  • OPENIDM-15718: triggerSyncProperties does not work properly when using roles

  • OPENIDM-17331: Investigate delegated admin role_grants_with_temporal_constraint test failures

  • OPENIDM-17306: Nullable boolean variables are set to false

  • OPENIDM-16931: SynchronizationException caught on clustered recon node not propagated to other nodes

  • OPENIDM-16929: Values of relationship properties lost when updating another relationship property on the same object

  • OPENIDM-16920: base contexts and base contexts to synchronize not properly compared

  • OPENIDM-12157: Notifications should not be created for no-op PATCH requests

  • OPENIDM-13845: Sorting by default leads to extreme slowness in Admin UI

  • OPENIDM-16386: Inconsistent policy evaluation between replace and add no-op PATCH requests

  • OPENIDM-17364: Some variables are undefined when triggering "Sample source preview" in mapping

  • OPENIDM-17567: audit data while using samples/audit-jdbc throws 500 Error

  • OPENIDM-17532: Unable to access to audit data using auditdb connector

  • OPENIDM-15843: RouterAuditEventHandler groovy script throws an error when trying to write out Scheduler events to activity audit.

  • OPENIDM-17204: Improve IDM REST API query performance

  • OPENIDM-16392: Can no longer print security context with Platform 7.1 AM/IDM Integrated deployments

  • OPENIDM-16091: 'length' attribute in managed object causes 'Uncaught TypeError' error in web console

  • OPENIDM-15331: UI always warns of 'Pending Changes' to time constraint when a role condition is defined

  • OPENIDM-17394: Two tabs for privileges when Internal roles created on UI

  • OPENIDM-17071: NullPointerException with augmentSecurityContext

  • OPENIDM-16037: UI does not reflect the default sync failure handler if none is specified

  • OPENIDM-16774: Provide full details of schedules in the IDM admin UI

  • OPENIDM-15050: Please add SchemaScript.groovy to audit-jdbc sample

IDM 7.0.2

IDM 7.0.2 fixes the following issues:

  • OPENIDM-16127: JWT_SESSION module consults previous authenticating module config for state necessary for org model privilege calculation

  • OPENIDM-15368: Value of ldapGroups isn't visible in the admin UI as an assignement attribute

  • OPENIDM-15796: User creation form in end-user-ui, unable to <tab> to boolean fields

  • OPENIDM-15576: Unable to save the 'Reconciliation Query Filters' under Mappings in the Admin UI.

  • OPENIDM-15507: Paging controls in connector data tab are disabled and should not be

  • OPENIDM-15511: IDM Admin console - Paging controls in managed objects are disabled

  • OPENIDM-14832: triggerSyncProperties does not work when using an encrypted password

  • OPENIDM-15584: Using SalesForce connector and changing the updated context URL is not picked up

  • OPENIDM-15853: Unable to complete connection with Salesforce Connector when using an updated urlContextRoot

  • OPENIDM-15320: Changing connectionTimeout in datasource.jdbc makes no difference in behavior

  • OPENIDM-16206: TaskScanner tries to read object after deletion

  • OPENIDM-16092: Upgrade PaxWeb to v7.3.11 in order to resolve PAXWEB-1117

  • OPENIDM-16219: accountStatus populated in telephoneNumber field ootb in User profile details

  • OPENIDM-16218: Setting userEditable=false for attribute incorrectly populates end user UI profile

  • OPENIDM-13679: Version recon endpoint to reflect addition of recon-association feature

IDM 7.0.1

IDM 7.0.1 introduces important security fixes for current IDM 7.0.0 deployments.

IDM 7.0.0

The following important bugs were fixed in the IDM 7.0.0 release. For details and information on other issues, see the IDM issue tracker:

  • OPENIDM-14771: Managed user property that is userEditable and nullable isn't visible on Enduser UI.

  • OPENIDM-14379: non-unique id: W3C uncompliant coding in Admin UI for multiple linked system

  • OPENIDM-15150: IE11 script error in End-User UI

  • OPENIDM-12131: UI javascript errors when a property does not have a nativeType attribute in a provisioner config file

  • OPENIDM-14082: Admin UI Single Record Reconciliation Find Source Record could result in 400 error

  • OPENIDM-14114: Syslog audit event handler host and port are not automatically populated when editing an existing syslog audit event handler in the admin ui

  • OPENIDM-14046: Duplicates of the same workflow process show within the end user UI

  • OPENIDM-14907: Admin UI displays "ERROR WITH SCRIPT" for any property mapping with transform script

  • OPENIDM-13064: End User admin link broken when Self-Service relative URL is not "/"

  • OPENIDM-12796: jsonstorage "local" self-service with "uuid" option fails in multi-node cluster scenario

  • OPENIDM-14851: Duplicate links may be created with external DS repository

  • OPENIDM-12105: Delegated Admin UI Should Only Display Supported Fields in grid

  • OPENIDM-12170: Delete on managed or internal object does not return the included relationship fields that were included in the request

  • OPENIDM-12109: Able to add managed object property with illegal character via Admin UI

  • OPENIDM-14326: IDM unnecessarily writes to keystore and trustore

  • OPENIDM-13129: PATCH remove a field could result in 500 error: Can not add or remove a 'null' value

  • OPENIDM-13870: Queued sync breaks implicit synchronization

  • OPENIDM-14421: queryFilter boolean handling is inconsistent between JDBC and DS repositories

  • OPENIDM-13096: ConcurrentModificationException when invoking test action on system endpoint

  • OPENIDM-13971: Assigning tasks in enduser UI does not work

  • OPENIDM-13457: UI broken for social auth registration

  • OPENIDM-12698: Custom GitHub end-user UI not working with proxy

  • OPENIDM-13772: End User UI Delegated Administrator search doesn't encode '+' sign properly

  • OPENIDM-13119: UI does not correctly display validation for Password History

  • OPENIDM-12318: Unable to create new contacts because reCaptcha load failure

  • OPENIDM-12613: Missing Admin in the user profile drop down menu for managed object user

  • OPENIDM-13229: 'Sign in' in the registration interface has a broken link due to trailing "/"

  • OPENIDM-13075: Security questions set upon registration are not displayed properly in End User UI profile page

  • OPENIDM-14538: Exception 412 thrown when multiple updates occur on a single managed/user

  • OPENIDM-14554: Missing _NAME_ attribute in a provisioner objectTypes properties throws NPE on create

  • OPENIDM-14324: We need to be able to run Jetty.xml from a Project directory

  • OPENIDM-14519: Generic object properties within map not searchable

  • OPENIDM-14253: Admin UI: Tab key to move to next textbox does nothing after selecting Japanese input

  • OPENIDM-14424: ScriptedREST sample: Update on system endpoint proceeds though Search has no results

  • OPENIDM-11050: Mutual SSL authentication failure with external REST

  • OPENIDM-15000: Rhino: Handlebars.js is not multithreaded

  • OPENIDM-14237: Admin UI: Japanese input not saved when creating new managed object

  • OPENIDM-14184: Self-Service password reset gives no warning/explanation for passwords failing CANNOT_CONTAIN_OTHERS policy

  • OPENIDM-14528: Relationship signal propagation not working for patch operations against singleton relationships

  • OPENIDM-14900: Virtual properties are calculated incorrectly in ManagedObjectSet#handleSignalVertexUpdateFromEdge

  • OPENIDM-14349: Relationship properties not in source object when returnByDefault is true

  • OPENIDM-12964: 'Try resetting your password again' link is not working after entering KBA incorrectly.

  • OPENIDM-13265: reconById fails with sourceQueryFullEntry true on an external source

  • OPENIDM-12695: Slow response time when querying a large dataset

  • OPENIDM-12692: DelegatedAdminFilter does not dissallow relationship attributes

  • OPENIDM-13375: REST2LDAP: Null source on query-all-ids

  • OPENIDM-12513: Two different connector parameters mixed when clicking both in succession in UI

  • OPENIDM-12775: Clustered recon fails if external resource page cookie is non-unique

  • OPENIDM-12550: Workflow forms do not load in Internet Explorer 11

  • OPENIDM-13764: Type Boolean property viewable when creating a new user

  • OPENIDM-13465: Error message on Firefox when validating pattern or min length

  • OPENIDM-12335: Queued sync tasks stuck in PENDING using DS repo, search results cannot be sorted

  • OPENIDM-13314: CLIENT_CERT doesn't concat authzRoles to defaultUserRoles

  • OPENIDM-11838: Foreign language passwords don't work if they are hashed in IDM.

  • OPENIDM-12669: Admin UI Registration Page overwrites customizations in selfservice-registration.json made outside the UI

  • OPENIDM-14314: Performance degradation when using query _fields param and returnByDefault is enabled

  • OPENIDM-14489: PKCS12 keystore in IDM

  • OPENIDM-12379: /openidm/recon endpoint fails on an upgraded repository

  • OPENIDM-12259: New assignment is not reflected in onSync script hook when a new role with its members and assignments is created in one REST call

  • OPENIDM-13241: Sample password history policy results in 500 error when used with SelfService registration/reset

  • OPENIDM-13261: Fix exception in PendingLinkAction.getPendingActionContext

  • OPENIDM-12190: Router authz fails in multiple-passwords sample

  • OPENIDM-13763: Admin UI: Japanese input not working for managed user and role

  • OPENIDM-12309: "require" javascript changes are not picked up by IDM 6.5

  • OPENIDM-12359: Changing "Identity Email Field" in "User Query Form" from "mail" to another managed object property throws an error

  • OPENIDM-12897: Large integers not handled correctly in JavaScript

  • OPENIDM-12517: Adding the triggerSyncProperties in sync.json stops pushing a newly created managed object implicitly to the end resource

  • OPENIDM-13882: Admin UI sends multiple REST requests with opposite values in the payload when disabling a connector

  • OPENIDM-12804: uuid token expiry doesn't work with jdbc repo

  • OPENIDM-12498: UI: Schedule Task Scanner with empty Object Property Field gets unexpected value added

  • OPENIDM-12755: Editing of task in admin console throws validatorErrors in handlebars-4.0.5.js

  • OPENIDM-12904: Sending mail with null "to" field causes IDM to hang

  • OPENIDM-12865: jwt token fails in multi-node cluster scenario

  • OPENIDM-12254: IDM UI doesn't render linked view for SAP R3

  • OPENIDM-12941: Samples: scripted-sql-with-mysql has a syntax error in provisioner

  • OPENIDM-13721: NULL not set correctly when adding users. It is set to string of 'null'

  • OPENIDM-13740: Explicit repo table: validate mapping before CREATE

  • OPENIDM-12969: Assignment of workflow to candidate user/group fails

  • OPENIDM-12680: Reconciliation stuck in ACTIVE_QUERY_ENTRIES (or other ACTIVE_ state) and cannot be cancelled

  • OPENIDM-12376: Error retrieving scheduler jobs and firing triggers after upgrading to 6.5

  • OPENIDM-14398: end-user ui delegated admin loading could degrade with increasing number of entries in managed objects

  • OPENIDM-12206: Invalid filter in Privilege can be created and cannot be fix in UI

  • OPENIDM-12192: Modifying virtual property corrupts managed.json

  • OPENIDM-14290: Internal Server Error reported when entering double quotes into username field

  • OPENIDM-12786: Improve consent service to remove duplicate fields, include fields sourced through transform script

  • OPENIDM-14417: "ActivitiContext class cannot be found" error during queued sync

  • OPENIDM-13993: Access to the old password in a mapping condition should require decrypt()

  • OPENIDM-14535: IDM does not support IBM's PKCS11 provider

  • OPENIDM-12591: authzMembers can have duplicate entries when added using openidm.create() in scripts

  • OPENIDM-12814: Setting returnByDefault for a relationship property to true could cause reconciliation exception with DJ repo explicit mapping managed user

  • OPENIDM-14287: cli.sh keytool export and import causes IDM startup failure with 'Invalid AES key length' error

  • OPENIDM-14099: Queued sync doesn't work for mappings with names longer than 38 characters in JDBC repo

  • OPENIDM-13821: Queued sync event getting stuck in state PENDING

  • OPENIDM-13213: Editing the members property of the managed role object schema breaks conditional provisioning role members

  • OPENIDM-12827: Setting returnByDefault to true on relationship properties in managed objects DJ repo could cause missing attributes in sync.json script hooks

  • OPENIDM-14039: Exception caught marshalling a SynchronizationEvent due to missing serialization in SelfServiceContext

  • OPENIDM-14066: Recon status report showed extra recon was done

  • OPENIDM-14837: When a user has a large number of assignments, every additional assignment added takes an increasing length of time to process

  • OPENIDM-13589: Memory visibility issues dictating persisted sync-token state in the context of live-sync failures

  • OPENIDM-14654: Database creation on Azure Database for PostgreSQL fails with - ERROR: must be member of role "openidm"

  • OPENIDM-10660: User metadata is logged in the audit log when an object is changed

  • OPENIDM-11879: Workflow time zone handling is not consistent and leads to unexpected results

  • OPENIDM-14205: Exception caught marshalling a SynchronizationEvent for requests made with CLIENT_CERT authentication

  • OPENIDM-13983: Unable to delete attribute when it has "scope": "private"

  • OPENIDM-14322: Unable to delete private properties via openidm.update()

  • OPENIDM-12312: UNIQUE policy on properties other than userName not validated during self-registration

  • OPENIDM-14505: ManagedObjectSet handling of patch removal of singleton relationship field will prevent successful calculation of virtual properties based on this field

  • OPENIDM-11921: Errors logged when password-reset email URL is expired and clicked

  • OPENIDM-14501: Reset selfservice stage is checking mail attribute and not identityEmailField

  • OPENIDM-12778: Schedules to execute a file-based script are generated incorrectly via the Admin UI

  • OPENIDM-13787: Workflow filtered-query on task instance with param taskId does not work

  • OPENIDM-12681: Admin GUI: Role condition with attribute type boolean are treated as string

  • OPENIDM-14400: Deletion of roles ignores the userId

  • OPENIDM-12372: A managed object is not capable of handling simultaneous requests from an edge

  • OPENIDM-12304: IDM doesn't add suffix to CAUD transactionId propagated to external DS user store

  • OPENIDM-12332: Unable to register using a managed object other then managed/user

  • OPENIDM-12408: Object properties when set to propertiesToCheck in notification configuration don't work

  • OPENIDM-12330: Notification create date no longer stored by default

  • OPENIDM-12367: Queued sync event processing ignores discard result, possibly discards twice

  • OPENIDM-12465: Managed Object UI forms do not persist all changed fields

  • OPENIDM-12319: Audit Event Handler Port only displays first number in UI

  • OPENIDM-12186: Sample AD LDS Provisioner schema should not include SAMAccountName and is missing uid

  • OPENIDM-12188: Repo init service fails in multiple-password sample

  • OPENIDM-12208: Clustered reconciliation fails due to paging cookie from ldap AD

  • OPENIDM-13633: Enabling password history causes error for existing users when they log into the enduser UI and edit their profile

  • OPENIDM-12017: IDM CAUD syslog product name (APP-NAME) is null

  • OPENIDM-14060: Bug in the at-least-X-capitals policy regex

  • OPENIDM-14548: External REST: Calling endpoints which return a JSON array throws error

  • OPENIDM-13854: REST - Deleting user with a non existent relationship object returns 404

  • OPENIDM-13023: Include an out of the box Oracle specific bnd file in db/oracle/scripts

  • OPENIDM-13130: Viewing roles on a user with empty temporalConstraint array fails

  • OPENIDM-12833: Removing the preferences property causes admin UI mapping/association to stop responding properly

  • OPENIDM-13411: identityServer.getProperty() returns null pointer if property isn't set rather than being handled gracefully

  • OPENIDM-13160: PATCH may succeed although If-Match does not match _rev

  • OPENIDM-13497: /openidm/health/recon data inaccurate

  • OPENIDM-12632: queryFilter on recon audit fails using MSSQL as repo

  • OPENIDM-12383: API descriptor not available after setting relationship-type property to nullable

  • OPENIDM-12200: Uncaught TypeError in JavaScript console when saving reverse relationship

  • OPENIDM-12080: External Email connects to SMTP servers with TLSv1

  • OPENIDM-14520: Admin UI: IDM Recon result failure summary "View Entries" does not display entries

  • OPENIDM-14462: Trailing spaces stripped from input after " in Admin UI

  • OPENIDM-12334: UI: IDM Recon result failure summary doesn't respond to click on "View Entries"

  • OPENIDM-12709: Workflow Processes Completed have "Not Found Error" for managed/user

  • OPENIDM-14193: deletePersistedTargetIds could result in SQL exception: valid column name 'reconId'

  • OPENIDM-13966: Modifying the Display Properties of a relationship within the admin UI causes the notify attribute to be lost

  • OPENIDM-13940: Query workflow via REST with non-string parameter

  • OPENIDM-14432: Restarting IDM cluster generates error message on first node: Scheduled service "scheduler-service-group.liveSync" invocation reported failure:

  • OPENIDM-12691: Scheduler performance in IDM 6.x

  • OPENIDM-7198: Apostrophe (and likely other special HTML characters) do not render properly in the UI in some spots

  • OPENIDM-12877: Exception caught signalling deletion of edge when removing a relationship

  • OPENIDM-12354: Admin UI "Change Source to Target Association" button doesn't respond to click

  • OPENIDM-12425: Uncaught TypeError in Javascript console when editing managed role in admin UI

Read a different version of :