• OPENIDM-957: Ability to launch startup.sh and cli.sh from any directory

• OPENIDM-1764: New launcher.bat override, including install-service.bat

OpenIDM 2.1.0 provides many new features, including the following:

• Browser-based user interface

  Includes self service capabilities, a generic platform to expose and invoke workflows, and a notification service for tasks.

  For more information, see OpenIDM User Interface in the Integrator's Guide in the Integrator's Guide.

• BPMN 2.0 workflow engine, embedded as an OSGi bundle and accessible over REST.

  For more information, see Integrating Business Processes and Workflows in the Integrator's Guide in the Integrator's Guide.

• Configurable task scheduling service, including support for clustered schedules and scanning tasks.

  For more information, see Scheduling Tasks and Events in the Integrator's Guide in the Integrator's Guide.

• Configurable policy service.

  For more information, see Using Policies to Validate Data in the Integrator's Guide in the Integrator's Guide.

• Ability to perform batch scans to execute tasks

  For more information, see Scanning Data to Trigger Tasks in the Integrator's Guide in the Integrator's Guide.

• Ability to create custom RESTful endpoints.

  For more information, see Adding Custom Endpoints in the Integrator's Guide in the Integrator's Guide.

• Support for MS SQL JDBC as an internal repository.

  For more information, see Procedure 4.2, "To Set Up OpenIDM With MS SQL" in the Installation Guide.

• Enhanced, multi-threaded reconciliation service, accessible over REST.

  For more information, see Configuring Synchronization in the Integrator's Guide in the Integrator's Guide.

• Support for Powershell scripts on the Active Directory connector.

  For more information, see Using PowerShell Scripts With the Active Directory Connector in the Integrator's Guide in the Integrator's Guide.

• Reusable server configuration and property value substitution in the configuration.

  For more information, see Using Property Value Substitution in the Configuration in the Integrator's Guide in the Integrator's Guide.

• Support for calling LiveSync operations over REST, or using the resource API.

  For more information, see Triggering LiveSync Over REST in the Integrator's Guide in the Integrator's Guide.

• OPENIDM-2776: Install path with space not handled correctly in shutdown.sh

• OPENIDM-2500: properties set as encrypted in managed.json written in plain text in activity audit when new and old values are the same

• OPENIDM-2480: Enable READ_COMITTED_SNAPSHOT isolation w/MSSQL

• OPENIDM-2127: Switching existing schedule from persisted=false to persisted=true results in duplicate scheduled jobs.

• OPENIDM-1915: Add ability to configure the HTTP session timeout for the OpenIDM UI

• OPENIDM-1907: Recon failures as a result of policy violations do not indicate the cause of the violation in the recon audit log.

• OPENIDM-1885: onUnlink trigger throws NPE if invoked for SOURCE_MISSING situation (action=UNLINK) during target reconciliation

• OPENIDM-1755: Recon target phase is always single threaded regardless of the number of configured taskThreads

• OPENIDM-1739: Changes made to target objects by onLink triggers should be persisted if the situation action is UPDATE

• OPENIDM-1665: Startup failure when connectors directory contains arbitrary sub-directories

• OPENIDM-1663: Deadlock within OpenIDM when updating managed users w/MSSQL as the repository

• OPENIDM-1658: Hard-coded reference to database schema and table name in jdbc config files

• OPENIDM-1655: External Rest Service erroneously sets the remote auth ChallengeScheme to HTTP_COOKIE instead of HTTP_BASIC

• OPENIDM-1652: Policy violation doesn't prevent managed objects creation

• OPENIDM-1647: LiveSync fails when using Generic LDAP Connector if readSchema=false

• OPENIDM-1629: Policy cannot-contain-others raises an exception when one of the fields to check against is absent

• OPENIDM-1624: Linux rc script generated by create-openidm-rc.sh fails to shutdown OpenIDM when installed to a directory other than 'openidm'

• OPENIDM-1584: java.lang.OutOfMemoryError exception

• OPENIDM-1583: OpenIDM should not enforce the REAUTH_REQUIRED policy for openidm-cert role.

• OPENIDM-1563: Task scanner creates a new thread pool for each execution resulting in a thread leak.

• OPENIDM-1433: OpenIDM renames entry on update (OpenIDM ICF glue code sets __NAME__ to __UID__)

• OPENIDM-1416: Default onCreate script of UI sets the accountStatus to 'active', overrides the value of the managed user attribute

• OPENIDM-1281: Query for "get-by-field-value" is incorrect

• OPENIDM-1256: additionalPolicies option in policy.json not working

• OPENIDM-1236: ScriptableList: cannot put 0 (zero) index element

• OPENIDM-1170: Linux startup script generator is not working correctly

• OPENIDM-1147: Install path with space not handled correctly in startup.sh

• OPENIDM-969: Console login fails and leaves OpenIDM in unusable state

• A conditional GET request, with the If-None-Match request header, is not currently supported.

• The keystore password, the truststore password and the secret key passwords must all be set to the same value. If you use different passwords, OpenIDM is unable to read the required keys and certificates.

• Connectors generally use the global JVM settings for keystore and truststore, rather than the settings that are specified in the boot.properties file. You can work around this by specifying a path to the keystore or truststore in the conf/system.properties file. For example:

  # Set the truststore
  javax.net.ssl.trustStore=/path/to/openidm/security/truststore

• OPENIDM-2595: OpenIDM failed to start-up during installation

• OPENIDM-2312: SmartEvent framework maintains a unbounded event name cache which consumes the entire heap

• OPENIDM-2184: NPE thrown from within ObjectMapping$SyncOperation.isValidSource() during reconciliation.

• OPENIDM-2078: PermGen leak in "source" scripts

• OPENIDM-2034: Support arbitrary [commons] auth modules via className

• OPENIDM-1946: Working location flag (-w) not working as documented

• OPENIDM-1912: Exception from OpenIDMResolverFactory if used in a parallel execution workflow task

• OPENIDM-1878: DELETE situation-actions on managed objects in bidirectional mappings result in incorrect LINK_ONLY

• OPENIDM-1860: Null pointer exception when setting target attribute during onUnlink

• OPENIDM-1823: getScriptBindings function of ServiceScript (ScriptRegistryImpl.java) slows down extremely when accessed paralell from multiple threads

• OPENIDM-1770: CLI tool needs the ability to authenticate as a user other than openidm-admin w/default password

• OPENIDM-1664: Memory usage of AD connector continue to increase.

• OPENIDM-1637: Problem in UI when the username contains a space char.

• OPENIDM-1632: create-openidm-logrotate.sh is not properly defined

• OPENIDM-1619: OperationOptions specified within the provisioner configuration are not passed to connectors by OpenIDM

• OPENIDM-1600: Cluster with Oracle DB backend

• OPENIDM-1574: AD sync service might crash after applying latest Windows updates

• OPENIDM-1564: __NAME__ attribute incorrectly required as part of object definition for a create action

• OPENIDM-1562: Route to endpoint service not found if there is a resourcename after the name of the endpoint

• OPENIDM-1560: when starting OpenIDM with -p option logging.properties file is not taken in project location

• OPENIDM-1535: incomplete handleQuery implementation in ScriptedRequestHandler

• OPENIDM-1530: OpenIDM self-signed certificates in keystore and truststore does not match

• OPENIDM-1513: Inconsistency in script context: request object has different representations

• OPENIDM-1511: Policy.java overwrites the action parameter of async recon

• OPENIDM-1509: false 'validSource' entries still being evaluated, and returned correlation records are unexpectedly DELETEd

• OPENIDM-1507: Logging level change to FINE causes NullPointerException in OrientDBRepoService

• OPENIDM-1504: OpenICFProvisionerService handle method performs logger.isDebugEnabled() checks but logs at the error level

• OPENIDM-1503: InvalidCredentialException thrown from OpenICFProvisionerService uses 500 HTTP error code

• OPENIDM-1501: sync?_action=performAction with an action=DELETE results in a delete on the source rather than the target

• OPENIDM-1489: Command line needs to allow supplying user/pwd

• OPENIDM-1483: Pool size settings not effective for OrientDB repo

• OPENIDM-1445: Provisioner service does not decrypt encrypted attributes before passing them to OpenICF framework

• OPENIDM-1444: json schema package needs to specify export version and import version ranges

• OPENIDM-1430: OpenIDM needs a restart after importing a new cert via REST API

• OPENIDM-1417: Throwing 401 exception in augment security context javascript ends up being a 500 in the response

• OPENIDM-1413: In async recon starter script (workflow.js) the query of the already running instances is executed before all it's parameters are set

• OPENIDM-1412: Missing 'not undefined' check for sourceId and targetId in async recon workflow starter script (workflow.js)

• OPENIDM-1411: Add not null check to async recon starter script (workflow.js) for sourceId query parameter, fill businessKey field of the workflow when starting a new workflow

• OPENIDM-1390: Unable to parse boolean configuration values from custom OpenICF provisioner

• OPENIDM-1380: opendj-accountchange-handler schema does not load schema provided after install

• OPENIDM-1379: ADD operation failed for OpenDJ account notification handler

• OPENIDM-1361: Exception from UI when a workflow started by scheduler has a user task in it

• OPENIDM-1358: Connector test of LDAP fails

• OPENIDM-1338: Validation for create without objectId is always true

• OPENIDM-1329: OrientDB as repo does not initialize if there is no network connection

• OPENIDM-1293: OpenIDMELResolver should use component.name to bind JavaDelegate implementations instead of component.id

• OPENIDM-1269: some issues with Case Sensitivity options for Sync

• OPENIDM-1267: Add Enum and DateFormType specific data to the taskdefinitions returned by Activiti

• OPENIDM-1265: liveSync process should never get stuck because of exceptions with the synchronizationListener.

• OPENIDM-1245: Align openidm and activiti contract on scripting(openidm.action() and openidm.patch() failed in a workflow on managed object.)

• OPENIDM-1219: DB/Config bootstrapping should use IdentityServer support for getting properties, including boot prop

• OPENIDM-1218: Audit filter on eventTypes for recon.csv does not work properly

• OPENIDM-1210: Directly-assigned workflow tasks disappear when "Requeue" button is hit

• OPENIDM-1190: Disable Quartz update check by default

• OPENIDM-1186: PATCH with POST using MVCC are successful even if revision wrong

• OPENIDM-1184: sample/sample3 and sample/provisioner use hardcoded path in provisioner configuration.

• OPENIDM-1175: IE9 and below aggressively cache AJAX requests, causing the UI to behave strangely

• OPENIDM-1174: Some UI Features are Indistinguishable From Plaintext

• OPENIDM-1165: EXCEPTION action when doing liveSync stops the synctoken processing

• OPENIDM-1162: With OrientDB, for a MISSING/CREATE situation/action, reconciliation creates a new link instead of using an existing link

• OPENIDM-1142: Harmless error message may appear when starting OpenIDM

• OPENIDM-1141: OrientDB config bootstrap repository does not use .json config file, only properties

• OPENIDM-1133: Certain sample files contain unnecessary, unused entries

• OPENIDM-1129: OpenIDM freezes when the connection to the repository is interrupted

• OPENIDM-1117: Malformed content-type request header produces 500 error

• OPENIDM-1115: When an LDAP user is created through the REST API, the _id that is returned is not normalized

• OPENIDM-1098: onDelete script generates exception

• OPENIDM-1096: A PUT command on a configuration object may return an incorrect value

• OPENIDM-1094: Starting a second OpenIDM instance with a conflicting port causes the instance to freeze

• OPENIDM-1093: A user's accountStatus (active or inactive) has no effect on the UI or the REST API

• OPENIDM-1074: disabling automatic polling for changes of config file not possible on new install

• OPENIDM-1021: Wrong starting arguments during start could throw an error or warning.

• OPENIDM-964: An incorrect password in boot.properties causes OpenIDM to hang on startup

• OPENIDM-848: Conflicting behavior might be observed between the default fields set by the onCreate script and policy enforcement

• OPENIDM-470: OpenIDM cannot rename objects - if the identifier of the object changes, the associated link breaks

The following functionality is deprecated in OpenIDM 2.1.

• Reconciliation is no longer called on the sync service. For more information, see the list of changes to existing functionality.

These capabilities are expected to change in upcoming releases:

• The way you generate connector configurations for access to external resources, described in Creating Default Connector Configurations in the Integrator's Guide.