The automated update process is not currently supported on Windows platforms.

When you add or edit a connector through the Admin UI, the list of required Base Connector Details is not necessarily accurate for your deployment. Some of these details might be required for specific deployment scenarios only. If you need a connector configuration where not all the Base Connector Details are required, you must create your connector configuration file over REST (see "Creating Default Connector Configurations" in the Integrator's Guide) or edit the connector configuration file (conf/provisioner.openicf-connector-type.json) directly.

For OracleDB repositories, queries that use the queryFilter syntax do not work on CLOB columns in explicit tables.

A conditional GET request, with the If-Match request header, is not currently supported.

There are some issues with CREATE requests with client-assigned IDs on system objects. Currently, not all connectors behave the same in this regard. For more information, see the following issues:

OpenIDM provides an embedded workflow and business process engine based on Activiti and the Business Process Model and Notation (BPMN) 2.0 standard. As an embedded system, local integration is supported. Remote integration is not currently supported.

For updates and patches from OpenIDM 4.0.0, you can use the CLI, and any supported browser listed in "Before You Install OpenIDM Software", except Internet Explorer 9.

If you're using the OPENAM_SESSION module to help OpenIDM work with OpenAM software, modify the JWT_SESSION module to limit token lifetime to 5 seconds. For more information, see OPENAM_SESSION Module in the Integrator's Guide and the "Supported Session Module" in the Integrator's Guide.

OPENIDM-7644: Admin UI should create schedule config instead of direct scheduler entries

OPENIDM-6514: JDBC repo errors on startup when using mysql

OPENIDM-6509: JMX enable prevents GC of discarded BoneCPDataSource objects

OPENIDM-6481: OpenIDM creates redundant BoneCPDataSource

OPENIDM-6212: After update there should be only a single .new-timestamp per file

OPENIDM-6188: Full PATH to PROJECT_HOME is being misinterpreted

OPENIDM-6170: Update process creates erroneous new keystore and truststore files that should be removed

Workaround - After the update process, delete any files named keystore.jceks.new-timestamp and truststore.new-timestamp from your security directory.

OPENIDM-6135: DatabaseTableConnector does not reconnect

OPENIDM-6117: The execute.clustered.schedules=false setting does not work as described

OPENIDM-6106: Paging with scriptedcrest connector is not working

OPENIDM-6083: Sample 2d -- Admin UI rendering of group recon is illegible in the UI

OPENIDM-6072: Multiple answers to the same security question are possible

OPENIDM-6071: OpenIDM changes port from 389 to 1389 when configuring LDAP connector through the UI

Workaround - Change the LDAP port in the UI manually to the port you had originally set.

OPENIDM-6068: Target reconciliation does not finish for large datasets

OPENIDM-6067: When a mapping is deleted through the Admin UI, links associated with the mapping are not deleted

OPENIDM-6043: ScriptedREST and ScriptedCREST samples do not work with OpenDJ 3.5.0

OPENIDM-6031: Some workflow use cases show the wrong property name (_body instead of body)

OPENIDM-6029: Recon throughput from CSV to Managed user doesn't scale

OPENIDM-6025: "Filter Actions" message for "authentication" and "access" event is not correct

OPENIDM-6015: Clicking the '-' button next to 'The Value for' Reconciliation Query Filters in the Admin UI throws JavaScript errors in the console

OPENIDM-5986: cli.sh configimport returns success when errors occur

OPENIDM-5963: Connector schema data preview can fail depending on the order of automatically generated schema fields

OPENIDM-5962: Managed User Edit page displays changes pending warning

OPENIDM-5933: NPE caught by OpenICFProvisionerService during IDM startup due to Async call usage in Activate()

OPENIDM-5930: CSV Audit Event Handler - Saving in the UI leads to error messages

OPENIDM-5923: ScriptedSSH sample - group members create/update is not working

OPENIDM-5914: Role is still showing as assigned in effectiveRoles attribute on query-all output if role is unassigned via the admin UI

Workaround - When you delete a role grant, delete it from the managed user object, rather than the managed role object. For example, delete managed/user/user-id/roles/grant-id rather than managed/role/role-id/members/grant-id. If you cannot delete the role from the managed user object, add executeOnRetrieve=true to your user query to retrieve the correct role state, for example:

http://localhost:8080/openidm/managed/user?_queryId=query-all&executeOnRetrieve=true

OPENIDM-5911: Identity Relationship widget: legendCheckbox does not appear in IE

OPENIDM-5909: ScriptedSSH incorrect sample provisioner group members nativeName

OPENIDM-5907: ScriptedSSH search script unsupported filter cause timeout exception

OPENIDM-5905: Removing a workflow definition file from the filesystem does not delete it in the config

OPENIDM-5900: ScriptedSSH ErrorCodes.groovy is not loaded

OPENIDM-5896: Role grant_type requires unique index

OPENIDM-5893: Recon on AD LDAPS mapping (tap association) gives 500 Server Error

OPENIDM-5892: Group Assignments: Admin UI errors with AD LDAPS Connector

OPENIDM-5887: SyncResult always specifies default situation action and not the actual action determined during synchronization

OPENIDM-5878: Newly added Object type doesn't appear in mappings

OPENIDM-5858: Sync fails to update password in AD

OPENIDM-5851: Backgrid: Clicking on filter reset button sorts the column

OPENIDM-5850: groupRoleMapping in passthrough authentication not working with LDAP

OPENIDM-5792: UI Problems with Bidirectional Reference Attributes

OPENIDM-5791: JNDI Config for JMS Audit Handler not rendered correctly.

OPENIDM-5754: onUpdate trigger on managed user called twice with a patch operation

OPENIDM-5739: authenticationId used instead of authorization.id in UI (tasks)

OPENIDM-5736: Can not remove an element of a relationship map by value

OPENIDM-5731: In Usecase 2 date validation in the Admin UI does not reject an invalid date

OPENIDM-5727: Error after removing notification in Use Case 3

OPENIDM-5726: Workflow usecase 2 onboarding email sent twice

OPENIDM-5724: unAssignment event not executing inline script

OPENIDM-5721: Admin UI does not respond after setting connector nativeType to array

OPENIDM-5705: Removal of multiple elements of an array in a single patch set produces incorrect results

OPENIDM-5698: AD User Filter does not persist

OPENIDM-5697: Cluster state failure yields permanent persistent schedule failure in cluster when a cluster node is shutdown

OPENIDM-5685: Error when viewing data (account) of a connector with incorrect configuration properties

OPENIDM-5654: Audit event queryHandler returns results even if event handler is disabled

OPENIDM-5579: Unable to download Update Report using Safari

OPENIDM-5568: Aggressive caching issues in OpenIDM cause inconsistent UI behavior

OPENIDM-5554: Managed object revision increases after reconcilitation even if no change occured

OPENIDM-5509: Updating a dynamically assigned role will not update users assigned with the role.

OPENIDM-5504: Unable to use cli.sh for administration over a secure port

OPENIDM-5486: Via REST API it is possible to create an assignment with an invalid mappingName

OPENIDM-5482: Tasks in UI cause random server errors when updating/assigning tasks

OPENIDM-5472: OpenAM fullStack sample: session timeout option not available

OPENIDM-5468: BoneCP: JDBC repo startup should retry until DB comes up

OPENIDM-5465: Performance Issue updating conditional role memberships

OPENIDM-5461: Update/Create user may fail with 500 error when scriptedrest2dj sample was used.

OPENIDM-5450: When Buffering is not enabled, related options should not be available

OPENIDM-5442: CLI.SH configexport creates unneccessary ui-iconlist.json backup file

OPENIDM-5416: PUT REST call to AD with LDAP adapter is interpreted as create instead of update

OPENIDM-5412: Felix console displays Error removing job reconcile_systemXmlAccounts_managedUser when performing update

OPENIDM-5399: Spaces in CSV field names result in an exception when creating a CSV connector

OPENIDM-5345: Connector names need to be validated as alpha-numeric

OPENIDM-5339: goto=undefined in redirect URL in OpenIDM/OpenAM integrated setup with IE9/10

OPENIDM-5315: If-Match default header not applied for Update - AzureAD PowerShell

OPENIDM-5303: Cannot edit a canceled reconciliation mapping

OPENIDM-5297: Property substitution is lost when saving from the UI

OPENIDM-5263: Mapping Details page doesn't refresh if Internal Server Error occurs during Reconciliation

OPENIDM-5235: Sample configuration for explicit mapping for managed user table is missing description

OPENIDM-5185: Failure to Load Configuration for Sync

OPENIDM-5174: Random issue while creating new configuration via REST

OPENIDM-5166: Changing CSV audit event handler formatting fields causes an exception

OPENIDM-5138: OpenIDM timeout does not redirect to OpenAM login screen

OPENIDM-5133: openidm-admin user login looping with exclusive OpenAM SSO enabled

OPENIDM-5107: PUT with no "If-Match" header fails to update an object with the Google Apps Connector

OPENIDM-5096: Configuring OpenAM session authentication via GUI causes OpenIDM hang

OPENIDM-5091: CORS servlet filter should read https port from boot.properties

OPENIDM-5086: Illegal State Exception REST with invalid credentials and Accept header

OPENIDM-5038: Creating connector with underscore in its name fails with exception

OPENIDM-5033: No validation is done when using the Admin UI to configure an LDAP connector

OPENIDM-4918: Attempt by openidm-admin to add Security Questions leads to Problem During Profile Update error

OPENIDM-4829: Admin UI, Audit, CSV Handler configuration, fails without proper signatureInterval entry

OPENIDM-4799: with OrientDB repo, reading managed user with encoded quote in ID is failing with server error on policy

OPENIDM-4797: Connector info provider needs to be updated to connect to .NET server

OPENIDM-4792: When a sync mapping references source or target routes other than "managed" or "system", the Mapping UI won't render

OPENIDM-4692: ALL_GONE situation for deleted entries leads to NPE in JS

OPENIDM-4521: Custom attributes submitted in request to store in jdbc repo are not stored but the request returns them.

OPENIDM-4462: Delete request with HTTP "If-Match *" header does not work on repo endpoints

OPENIDM-4227: Use value of managed object prior to save for sync events to use hashed values

OPENIDM-4149: availableConnectors are not updated after remote ICF shut down

OPENIDM-4127: Endpoint system/os returns cpu usage above available

OPENIDM-3966: If you replace an attribute with null via patch, the attribute is incorrectly removed from the object

OPENIDM-3857: Cannot pass along custom context when making router requests from script

OPENIDM-3199: When a mailtask can't be completed in an Activiti workflow, an exception is thrown

OPENIDM-3197: '%' character in object id of openidm.read calls has to be encoded

OPENIDM-3187: Custom authentication headers cannot handle Unicode characters

OPENIDM-3149: Custom Endpoint Example: object request.patchOperations is wrong for Groovy scripts

OPENIDM-2348: Implement external webapp for the remote Activiti server

OPENIDM-2028: The .NET Connector Server Exception displays an incorrect connector error

OPENIDM-2016: Sync on unsupported object class with remote java connector returns 500 instead of 400

OPENIDM-1898: Representation of request-object differs between code and json-representation

OPENIDM-1823: getScriptBindings function of ServiceScript (ScriptRegistryImpl.java) slows down extremely when accessed in parallel from multiple threads

OPENIDM-1664: Memory usage of AD connector continue to increase.

OPENIDM-1488: XDate locales could not be initialized correctly

OPENIDM-1445: Provisioner service does not decrypt encrypted attributes before passing them to OpenICF framework

OPENIDM-1430: OpenIDM needs a restart after importing a new cert via REST API

OPENIDM-1269: some issues with Case Sensitivity options for Sync

OPENIDM-1165: EXCEPTION action when doing liveSync stops the synctoken processing

OPENIDM-1074: Disabling automatic polling for changes of config file not possible on new install

OPENIDM-848: Conflicting behavior might be observed between the default fields set by the onCreate script and policy enforcement

OPENIDM-470: OpenIDM cannot rename objects - if the identifier of the object changes, the associated link breaks

When configuring connectors, (see "Configuring Connectors" in the Integrator's Guide), you can set up nativeType property level extensions. The JAVA_TYPE_DATE extension is deprecated.

Support for a POST request with ?_action=patch is deprecated, when patching a specific resource. Support for a POST request with ?_action=patch is retained, when patching by query on a collection.

Clients that do not support the regular PATCH verb should use the X-HTTP-Method-Override header instead.

For example, the following POST request uses the X-HTTP-Method-Override header to patch user jdoe's entry:

$ curl \
 --cacert self-signed.crt \
 --header "X-OpenIDM-Username: openidm-admin" \
 --header "X-OpenIDM-Password: openidm-admin" \
 --header "Content-Type: application/json" \
 --request POST \
 --header "X-HTTP-Method-Override: PATCH" \
 --data '[
    {
    "operation":"replace",
    "field":"/description",
    "value":"The new description for Jdoe"
    }
  ]' \
  "https://localhost:8443/openidm/managed/user/jdoe"

The XML file connector is deprecated and support for its use in OpenIDM will be removed in a future release. This connector is really useful only in a demonstration context and should not be used in the general provisioning of XML data stores. In real deployments, if you need to connect to a custom XML data file, you should create your own scripted connector by using the Groovy connector toolkit.