• OPENIDM-2611: review queries using QueryFilter with explicit tables in Oracle referring to CLOB field

• OPENIDM-2610: QueryFilter used with explicitTables not working with Oracle or MS SQL Server

• OPENIDM-2605: Missing queries from Oracle repo.jdbc.json

• OPENIDM-2589: provisioner files in sample2x do not have enableFilteredResultsHandler set to false

• OPENIDM-2549: unexpected results for queryFilters on integer properties when using JDBC repo

• OPENIDM-2547: Base64 encoded attributes are not properly decoded to byte[]

• OPENIDM-2538: Unable to login after changing the Session timeout setting via the UI

• OPENIDM-2531: QueryFilter-generated SQL for OrientDB for sw "" is incorrect

• OPENIDM-2529: searchBases in powershell2AD sample are not aligned among the scripts

• OPENIDM-2526: Repo README.txt files need to be updated

• OPENIDM-2525: QueryFilter-generated SQL for OrientDB does not parse

• OPENIDM-2500: properties set as encrypted in managed.json written in plain text in activity audit when new and old values are the same

• OPENIDM-2497: Query queryId=audit-by-recon-id not working on MS-SQL

• OPENIDM-2489: Task scanner does not work using MS-SQL repository

• OPENIDM-2485: Country Empty, but State is filled in

• OPENIDM-2484: Multiple provisioner instances created for the same name

• OPENIDM-2481: PostgreSQL query using wrong value

• OPENIDM-2480: Enable READ_COMITTED_SNAPSHOT isolation w/MSSQL

• OPENIDM-2456: Workflow Sample not working with MS-SQL as repo

• OPENIDM-2446: The exception attribute in the audit sync entries is not being pre-formatted before the entry is created.

• OPENIDM-2437: TaskScannerContext should store the ScriptEntry

• OPENIDM-2429: disabled connectors returned from system?action=test need to return connectorRef details

• OPENIDM-2425: Query with queryFilter on managed users fails when using MS-SQL as repo

• OPENIDM-2424: The __ALL__ object class should use a default object class endpoint if it is not defined in the provisioner config.

• OPENIDM-2421: Consider making the ObjectType properties value in provisioner configs not required or allow it to be empty.

• OPENIDM-2406: Update UID and DN of an ldap entry returns status 500 and Internal Server Error

• OPENIDM-2394: Cannot REST query with a single quote in parameter value

• OPENIDM-2386: Service creation scripts hard-code memory options to 1024m

• OPENIDM-2385: queryFilter support for _id fields

• OPENIDM-2381: condition on route config entries are ignored

• OPENIDM-2375: obsolete router.json file in samples/misc and openidm-api-servlet/src/tests

• OPENIDM-2364: update main samples README with last additions/modifications

• OPENIDM-2355: Update linkedView to use queryFilter

• OPENIDM-2344: OpenAM sample UI is not working

• OPENIDM-2330: system?action=test disabled connectors need to return with the same details as an broken/active connector.

• OPENIDM-2324: ScriptedRest connector 1.4 sample scripts exceptions are not properly thrown

• OPENIDM-2323: ScriptedRest connector 1.4 - GET_LATEST_SYNC_TOKEN throws exception - /changelog doesn't support paged search

• OPENIDM-2321: external/rest calls to SSL endpoints result in jetty exception

• OPENIDM-2315: linkedView throws null exception when there is no sync defined

• OPENIDM-2314: Script launched from router.json by onResponse hook is unable to update response data

• OPENIDM-2312: SmartEvent framework maintains a unbounded event name cache which consumes the entire heap

• OPENIDM-2288: Single Quote character in managed object causes OrientDB error

• OPENIDM-2283: A node in a cluster doesn't currently listen for configuration changes

• OPENIDM-2269: unable to use a ScriptTaskListener

• OPENIDM-2240: Recon with situation MISSING and action CREATE behave differently in MySQL and PostgreSQL

• OPENIDM-2238: Sync Audit Log record storage in PostgreSQL fails with error 'column "rev" of relation "auditsync" does not exist'

• OPENIDM-2237: Create default connector configuration for Scripted SQL connector version 1.4.0.0 raises a 500 error

• OPENIDM-2233: ScriptedSQL sample3 - liveSync doesn't work

• OPENIDM-2224: Enhance recon service to return a result indicating the status of the request reconciliation run

• OPENIDM-2223: Update of connector info provider causes all remote connectors unavailable.

• OPENIDM-2203: Pagination on managed users not working with PostgreSQL as repo

• OPENIDM-2202: TaskScanner not working with PostgreSQL as repo

• OPENIDM-2201: In Recon Summary the situation FOUND_ALREADY_LINKED is missing

• OPENIDM-2200: Failure on writing sync audit log when action is exception with MySQL as repo

• OPENIDM-2190: With PostgreSQL as repo, creating same user twice gets a 500 instead of 412

• OPENIDM-2189: With PostgreSQL as repo, DELETE on managed user is not working

• OPENIDM-2184: NPE thrown from within ObjectMapping$SyncOperation.isValidSource() during reconciliation.

• OPENIDM-2180: Repo command action should be disallowed via HTTP

• OPENIDM-2179: Sample 6 : The sample LDIF file provided is not valid

• OPENIDM-2165: sourceCondition must work with maps

• OPENIDM-2154: Use effectiveRoles of managed user instead of roles attribute in UI workflow scripts

• OPENIDM-2153: Column name mismatch for notification tables when using SQLServer repository

• OPENIDM-2134: only the last role was applied when multiple replaceTarget roles with the same property name were assigned to a user

• OPENIDM-2127: Switching existing schedule from persisted=false to persisted=true results in duplicate scheduled jobs.

• OPENIDM-2116: mergeWithTarget and replaceTarget on role definition fails if using Dynamic Assignment

• OPENIDM-2106: Audit filter assumes action is a RequestType and improperly filters recon entries

• OPENIDM-2089: Remove the need to store certificates in the default java keystore when doing ssl over jdbc.

• OPENIDM-2087: Enabled:false needs to not return an error state for provisioners

• OPENIDM-2079: Cannot PATCH managed user when ID contains special characters.

• OPENIDM-2078: PermGen leak in "source" scripts

• OPENIDM-2074: When the workflow module is disabled, shutdown errors are displayed on the console

• OPENIDM-2067: For an MS SQL repository, queries in the repo config file containing concatenation functions do not work

• OPENIDM-2062: openidm/system/NAME?_action=createFullConfig does not properly handle encrypted values causing the tests to fail.

• OPENIDM-2061: Recon Fails to create users from AD "REV" : invalid identifier [Oracle]

• OPENIDM-2058: Issues on status code and response content for REST API of Configuration with put and delete

• OPENIDM-2057: Issues on status code and response content for REST API of System with post, and delete

• OPENIDM-2056: Recon audit log entry formatting has issues (missing entries and extra entries)

• OPENIDM-2055: Issues on status code and response content for REST API of Scheduler with query, put, and delete

• OPENIDM-2046: Failed to start user onboarding workflow in usercase2 when external repo(MSSQL) was used.

• OPENIDM-2021: If a query is made on an attribute that is not part of the object schema, OpenIDM returns an inaccurate message

• OPENIDM-2002: Failed to Decrypt Jwt errors (badPaddingException)

• OPENIDM-1990: OpenIDM ignoring min/max pool sizes in orient repo config

• OPENIDM-1988: Scripted SQL 1.4 unable to find jdbc driver

• OPENIDM-1959: cli.bat fails to export configuration when we give an absolute path in argument on Windows

• OPENIDM-1954: Enabling the OrientDB Studio UI doesn't take effect until the second restart of OpenIDM

• OPENIDM-1949: Update managed user with patch by query in POST should return modified object instead of null

• OPENIDM-1946: Working location flag (-w) not working as documented

• OPENIDM-1935: The ICF 1.4's RetryableException is wrapped incorrectly by IDM.

• OPENIDM-1889: UI failed to recover from password changing failure

• OPENIDM-1866: Delete of workflow definitions and instances via REST should return the deleted object

• OPENIDM-1784: OpenIDM doesn't throw error on startup for provisioner's incorrect connectorRef

• OPENIDM-1756: Cancelling "completed" taskscanner task sets its state to "cancelled" whereas it should have no effect

• OPENIDM-1658: Hard-coded reference to database schema and table name in jdbc config files

• OPENIDM-1560: when starting OpenIDM with -p option logging.properties file is not taken in project location

• OPENIDM-1409: The query-all and get-users-of-direct-role queries are not consistent across different repos

• OPENIDM-1365: Recon Audit Log Entries Should Contain "messageDetails" for ScriptExceptions During Reconciliation

• OPENIDM-1354: Recon Log Entries Missing "messageDetail" From Errors During Recon

• OPENIDM-1337: Recon.csv and recon detail over REST are not aligned.

• OPENIDM-1252: Unable to perform search queries with AND or OR operators in where clause for ScriptedSQL.

• OPENIDM-1101: Inform administrator when property specified in sync.json as a target is missing from provisioner conf

• OPENIDM-746: CLI.SH command "validate" does not detect an extra bracket that makes a JSON file not valid

• OPENIDM-469: The ObjectMapping can change the _id and then the OpenIDM can not find the original target object any more

OpenIDM 3.1 has the following known limitations:

• When you add or edit a connector through the Admin UI, the list of required Base Connector Details is not necessarily accurate for your deployment. Some of these details might be required for specific deployment scenarios only. If you need a connector configuration where not all the Base Connector Details are required, you need to create your connector configuration file over REST (see Section 11.6, "Creating Default Connector Configurations" in the Integrator's Guide) or edit the connector configuration file (conf/provisioner.openicf-connector-type.json) directly.

• For OracleDB repositories, queries that use the queryFilter syntax do not work on CLOB columns in explicit tables.

• A conditional GET request, with the If-Match request header, is not currently supported.

• OpenIDM provides an embedded workflow and business process engine based on Activiti and the Business Process Model and Notation (BPMN) 2.0 standard. As an embedded system, local integration is supported. Remote integration is not currently supported.

• The OpenIDM implementation of roles does not enforce referential integrity. In other words, you can set up users with a hypothetical role x, before you create that referential role x. Conversely, if you delete an existing referential role y, users with that role will retain that role.

  When dynamically assigned roles are added, OpenIDM does not set up provisioning for previously existing users. Any updates to dynamically assigned roles will not update users assigned with those roles.

• OPENIDM-2637: OpenID Connect Auth Module is shown in the Admin UI, but is not supported

• OPENIDM-2627: Connectors with an underscore in the ID cannot be edited via Admin UI

• OPENIDM-2626: On IE11 update of a users profile throws Unknown error

• OPENIDM-2622: For JDBC repos, accessing the audit log over REST shows incorrect "userid" and "roles" attribute values

• OPENIDM-2621: Attempting to read a non-existent audit record over REST raises an exception in the console

• OPENIDM-2612: queryFilter command in sample3 fails with status 500

• OPENIDM-2607: Validating the connector configuration from the UI fails for Sample 3

• OPENIDM-2604: For the ScriptedCREST sample, the connection to OpenDJ occasionally times out

• OPENIDM-2593: RuntimeException using OSGI Service for datasource

• OPENIDM-2590: Missing records in LDAP cause Data Association Management grid to fail

• OPENIDM-2580: Workflow can not be started by key by a non-admin user

• OPENIDM-2569: When OpenIDM is started with a provisioner.openicf.connectorinfoprovider.json file, the required bundle is not loaded correctly

  Workaround : Add a space or a line to the provisioner.openicf.connectorinfoprovider.json file, which reloads the associated bundle.

• OPENIDM-2568: Reconcile Duration counter remains at 0:00 until reconciliation is complete

• OPENIDM-2560: Required script file fields for Scripted Groovy Connector configuration preventing validation

• OPENIDM-2502: Instructions associated with RC init creation script are incomplete

• OPENIDM-2496: When SSL is enabled on LDAP connector with right CA certificate, validation failed on UI

• OPENIDM-2460: JAVA_TYPE_DATE nativeType not supported

• OPENIDM-2454: REST errors (4xx and 5xx) interfere with CORS response headers

• OPENIDM-2349: Implement openidm.xx() method resolution running in the remote Activiti engine

• OPENIDM-2348: Implement external webapp for the remote Activiti server

• OPENIDM-2347: Implement OpenIDM -> external resource communication

• OPENIDM-2265: Got "ORA-01843: not a valid month" while trying to liveSync from Oracle database

• OPENIDM-2260: Inconsistencies in encoding/decoding the IDs used of managed users

• OPENIDM-2244: AD PW Sync Setup script wizard fails when browsing for a PKCS12 format certificate file

• OPENIDM-2141: When creating a provisioner with CREST no errors are thrown when a provisioner already exists

• OPENIDM-2107: Deleting managed/user via REST or UI leaves links records behind

• OPENIDM-2034: Support arbitrary [commons] auth modules via className

• OPENIDM-2028: The .NET Connector Server Exception displays an incorrect connector error

• OPENIDM-2016: sync on unsupported object class with remote java connector returns 500 instead of 400

• OPENIDM-2005: OpenICF query filter does not support literal expressions

• OPENIDM-2004: NPE in OpenICF Provisioner query w/o filter

• OPENIDM-1991: IDM blocked accessing Orientdb ReadWriteDiskCache

• OPENIDM-1981: Importing all config files with CLI configimport fails with Java 8

• OPENIDM-1948: Creating managed user with PUT on managed/user// endpoint is accepted whereas it should be refused

• OPENIDM-1941: "pattern" property in access.js rules does not work when used on system endpoints

• OPENIDM-1907: Recon failures as a result of policy violations do not indicate the cause of the violation in the recon audit log.

• OPENIDM-1898: Representation of request-object differs between code and json-representation

• OPENIDM-1860: Null pointer exception when setting target attribute during onUnlink

• OPENIDM-1823: getScriptBindings function of ServiceScript (ScriptRegistryImpl.java) slows down extremely when accessed paralell from multiple threads

• OPENIDM-1742: Launching a recon by ID on a non-existent ID is not handled correctly

• OPENIDM-1664: Memory usage of AD connector continue to increase.

• OPENIDM-1654: No sync/ service is registered if a sync.json file is not present in the configuration

• OPENIDM-1632: create-openidm-logrotate.sh is not properly defined

• OPENIDM-1619: OperationOptions specified within the provisioner configuration are not passed to connectors by OpenIDM

• OPENIDM-1600: Cluster with Oracle DB backend

• OPENIDM-1564: __NAME__ attribute incorrectly required as part of object definition for a create action

• OPENIDM-1562: Route to endpoint service not found if there is a resourcename after the name of the endpoint

• OPENIDM-1530: OpenIDM self-signed certificates in keystore and truststore does not match

• OPENIDM-1504: OpenICFProvisionerService handle method performs logger.isDebugEnabled() checks but logs at the error level

• OPENIDM-1501: sync?_action=performAction with an action=DELETE results in a delete on the source rather than the target

• OPENIDM-1488: XDate locales could not be initialized correctly

• OPENIDM-1465: cannot access Remote Activiti engine - http://localhost:9090/openidm-workflow-remote-2.1.0-SNAPSHOT/, because of 500 - Internal server error

• OPENIDM-1452: Incorrect bundleVersion in provisioner config yields confusing error

• OPENIDM-1445: Provisioner service does not decrypt encrypted attributes before passing them to OpenICF framework

• OPENIDM-1430: OpenIDM needs a restart after importing a new cert via REST API

• OPENIDM-1269: some issues with Case Sensitivity options for Sync

• OPENIDM-1219: DB/Config bootstrapping should use IdentityServer support for getting properties, including boot prop

• OPENIDM-1186: PATCH with POST using MVCC are successful even if revision wrong

• OPENIDM-1165: EXCEPTION action when doing liveSync stops the synctoken processing

• OPENIDM-1074: disabling automatic polling for changes of config file not possible on new install

• OPENIDM-848: Conflicting behavior might be observed between the default fields set by the onCreate script and policy enforcement

• OPENIDM-662: query-all-ids always returns the revision as 0, even after the object has been updated to a newer revision

• OPENIDM-470: OpenIDM cannot rename objects - if the identifier of the object changes, the associated link breaks