Release 4.2.1.5
Deprecated operations
UserDataWebServiceImpl.getUserBetweenLastDate(Date fromDate, Date toDate)has been deprecated and will be removed from v4.2.2. Migrate to thefindBeansoperation shown in the example below:
import org.openiam.base.ws.DateSearchParamimport org.openiam.base.ws.MatchTypeimport org.openiam.esb.core.batch.tasks.implementation.AbstractLeaverProcessimport org.openiam.idm.searchbeans.UserSearchBeanimport org.openiam.idm.srvc.user.dto.Userimport org.openiam.provision.dto.user.request.DisableUserProvisioningRequestimport org.openiam.srvc.idm.DefaultProvisioningServiceimport org.openiam.srvc.user.UserDataWebServiceimport java.lang.reflect.Array/*** Groovy implementation of ILeaverProcess interface*/public class LeaverProcessTask extends AbstractLeaverProcess {UserDataWebService userWebServiceDefaultProvisioningService provisionService@Overridepublic List<User> getUsers(int daysBeforeLeaver) {Calendar from = Calendar.getInstance()from.add(Calendar.DAY_OF_MONTH, -daysBeforeLeaver)from.set(Calendar.HOUR_OF_DAY, 0)from.set(Calendar.MINUTE, 0)from.set(Calendar.SECOND, 0)Calendar to = Calendar.getInstance()to.add(Calendar.DAY_OF_MONTH, 0)to.set(Calendar.HOUR_OF_DAY, 0)to.set(Calendar.MINUTE, 0)to.set(Calendar.SECOND, 0)println "Search users with Last Date from:" + from.getTime() + " to: " + to.getTime()UserSearchBean usb = new UserSearchBean()usb.setLastDateToken(new DateSearchParam(from.getTime(), to.getTime(), MatchType.BETWEEN))return userWebService.findBeans(usb,null,0,Integer.MAX_VALUE)?.getList()}@Overridepublic void perform(User user) {println(String.format("Disable User %s with Id %s", user.getDisplayName(), user.getId()))DisableUserProvisioningRequest disableUserProvisioningRequest = new DisableUserProvisioningRequest()disableUserProvisioningRequest.setId(user.getId())provisionService.disableUser(disableUserProvisioningRequest);}}
Changes in v4.2.1.5
| Issue key | Summary |
|---|---|
| OE-2167 | Enable Contractor Ops, Initiate Bulk Req buttons should be Access Driven |
| OE-2150 | Implement connector response custom groovy handler |
| OE-2149 | Synchronize Group and User Relationships between OpenIAM and Active Directory (AD) and AD Group synchronization for nested groups for AD Group Sync. |
| OE-2140 | AWS: TF Module with Postgres and Redis (PaaS) |
| OE-2139 | AWS: TF module with MariaDB and Redis (PaaS) |
| OE-2138 | AWS: Helm deployment |
| OE-2135 | Azure: Helm deployment |
| OE-2134 | Azure: Azure TF module with Postgres and Redis (PaaS) |
| OE-2133 | Azure: Azure TF module with MariaDB and Redis (PaaS) |
| OE-2130 | Inconsistency in Data (selfservice) |
| OE-2129 | Add return code for Skip record but with success |
| OE-2125 | Managed systems dashboard shows 'no active connector found' for Rexx and Salesforce MS |
| OE-2122 | Auto Generate Password throwing error -> Only 4 repetitive characters allowed |
| OE-2121 | do not generate provision request if no changes has been done to user |
| OE-2118 | Logo on logout page is always default OpenIAM logo |
| OE-2117 | Bug on filter AUDIT_ACTION for export auditlogs to syslogs. |
| OE-2116 | Clone managed system - do not clone policy map correctly |
| OE-2115 | fix changePassword vulnerabilities |
| OE-2114 | Display name of objects in audit instead of IDs |
| OE-2113 | Managed system clone is broken - OU mappings are not cloned. |
| OE-2112 | Email notifications are being sent to cc and bcc participants of mail even though Mailbox configuration is in Simulation Mode.(When email is sent through post processor) |
| OE-2110 | Terminating error code improvements |
| OE-2033 | Hide terminated users in self service |
| OE-2032 | Introduce auto approval for access revocation request |
| OE-2031 | Self Service-During user creation if custom attribute is left empty later if user tries to modify custom attribute then it is not changed in user profile |
| OE-2030 | Value for custom attribute is not getting updated when end user is modifying through self service |
| OE-2029 | Add filtering options for direct reports in self-service |
| OE-2028 | Business Rule Screen remains editable for user which has read only role |
| OE-2026 | When custom Attribute value is changed for a user from SelfService form; assigned roles are getting removed from the user |
| OE-2025 | UI becomes unresponsive when changing the User Status using Administrative Actions |
| OE-2024 | add audit log into sendEmail method |
| OE-2023 | When user tries to validate a custom attribute using custom validator script, it throws internal error on UI on selfservice but it doesn't display which attribute is it related to. |
| OE-2016 | Self-service forgot password - should always show the MFA options |
| OE-2011 | Revoke access workflow does not remove entitlements in the target system |
| OE-2010 | Create user from orphan doesn't set metadata type even if one was selected |
| OE-2009 | Performed actions are not stored in audit for add/modify user |
| OE-2008 | Stop logging in audit of provisioning_modify/provisioning_add Business rules that were not applied |
| OE-2007 | Attributes need to be supported for Email Template |
| OE-2004 | Enable/disable contractor operations button is absent from the direct reports page |
| OE-2003 | Introduce column Lock manager into popup for manage identities of direct reports |
| OE-2002 | The user table cannot be populated if there are direct reports without an email address. |
| OE-2001 | Policy map - custom user attribute limit |
| OE-2000 | Revoke access request - revoke all user's access |
| OE-1999 | Troubleshooting utilities for all .NET/PS connectors |
| OE-1998 | Users are not able to checkout from the cart |
| OE-1997 | Self registration fails due to wrong code, even if no code has been asked |
| OE-1989 | Can't open history of my submitted requests |
| OE-1988 | Deep link to create requests doesn't always lead to tab #3 |
| OE-1985 | Failure reporting for provisioning / de-provisioning operations by managed systems |
| OE-1983 | Webconsole - Approver association screen is cut off on lower resolutions. |
| OE-1982 | Webconsole - User admin is missing menu options when logging into /webconsole |
| OE-1981 | Direct reports - Identity operations - should pull the identity status information from the managed system |
| OE-1980 | Direct reports - Operations (Create request, Review access, disable, reset password, identity operations) should be enabled based on role. |
| OE-1978 | If Manager not having Super Security Role, he gets forbidden page on clicking reset password for his reporter's |
| OE-1977 | Catalog search is broken when searching using top search bar |
| OE-1976 | Direct Reports - User should not be able to perform Disable User, Restpassword ,and Manage identities for their own account. |
| OE-1975 | Provide otp validation on reset password through direct report |
| OE-1974 | Add description column into access cart table |
| OE-1972 | Password generated by policy map is not saved into openiam DB for non-default managed systems |
| OE-1970 | Orphan Management report is not generated |
| OE-1959 | AD path validation for user operations |
| OE-1957 | When adding group as a child/parent to another group then group attributes/admin/owner got erased |
| OE-1952 | [Entitlement Bulk Operations] "Participate in Access Certification" common field is missing |
| OE-1951 | [Entitlement Bulk Operations] Entitlement Objects pagination is not working as expected |
| OE-1950 | [Entitlement Bulk Operations] Internal Error when clicked Next button without selecting common fields |
| OE-1949 | Direct reports should allow enable, disable, unlock, password reset for a selected application |
| OE-1948 | Change password - extended should not require that the user knows their current password |
| OE-1947 | Allow AD Connector to add user with empty/null 'Manager' attribute |
| OE-1945 | Role and Group with false "is Visible" flag is visible on Webconsole and Selfservice portal |
| OE-1941 | [Entitlements Bulk Operations] Difficult to perform type and search user as Admin and Owner for edit common fields of entitlement |
| OE-1940 | [Entitlements Bulk Operations] "Select All" should consider the filtered entitlements and not all displayed on the page |
| OE-1939 | [Entitlements Bulk Operations] Sort Role name in ascending and descending order is not working |
| OE-1938 | [Entitlements Bulk Operations] Entitlement Type select drop-down content disappears on clicking down arrow |
| OE-1931 | Support update rpm when remote Oracle DB is used |
| OE-1926 | fix error which reflect on export user page on payload |
| OE-1925 | child event's timestamp in the audit log table is not adjusted to brower's time zone |
| OE-1923 | Java doc must be part of each release |
| OE-1922 | some java connectors are login password into log file. it must be masked |
| OE-1920 | Update Exchange connector libraries dependencies |
| OE-1919 | Test Exchange connector against latest version |
| OE-1918 | Improve handling password sync in AD connector |
| OE-1916 | menu 'About' is missing in Db MS SQL |
| OE-1898 | Enable operation can't be simulated |
| OE-1895 | Audit for editing system configuration is poor |
| OE-1894 | Multipart responses sender ability for MSSQL connector |
| OE-1893 | Multipart responses sender ability for Generic connector |
| OE-1892 | Work with Kate to document Entitlement Bulk Operation features. |
| OE-1887 | API Usage - Entitlements |
| OE-1884 | Branding customizations for the Self-service portal |
| OE-1883 | Branding and UI Customization - Login/logout/Change password screens |
| OE-1873 | Password policy priority is ignored |
| OE-1869 | Add/Delete Attributes for Roles/Groups on Entitlement Bulk Operation Screen |
| OE-1856 | Simulation mode improvements |
| OE-1850 | Logging of simulation requests is weak |
| OE-1849 | Bug in access right when linked managed system is deleted |
| OE-1848 | Internal error on save content provider with empty authentication rule |
| OE-1847 | Cassandra does not get started during openiam-cli init |
| OE-1845 | provide httpd_update "without internet" install scenario |
| OE-1844 | Directory Lookup - View User Info - High response times |
| OE-1843 | Add ability to hide items on login page |
| OE-1842 | "404 Page not found" on clicking URI pattern of a page template |
| OE-1831 | Selecting Unselecting Menu not reflecting on User Login |
| OE-1830 | Scheduled batch tasks wrong order |
| OE-1827 | Set up notification when connectors are down on PROD and DEV. |
| OE-1819 | Loaded pair or private and public keys is treated as invalid |
| OE-1818 | Add new action in target of business rules |
| OE-1816 | Complete Swagger (missing some APIs) |
| OE-1807 | IS_NEW_xxxxx adaptive risks - incorrect behavior |
| OE-1806 | Policy map bugs/questions |
| OE-1804 | populate object data for dynamic custom field script |
| OE-1803 | recon refactoring |
| OE-1799 | Access Certification request not going to group members |
| OE-1798 | Users getting duplicated on Access Certification dashboard for Oracle |
| OE-1794 | non sense in logs after performing action 'deActivate' user from webconsole |
| OE-1791 | Access Certification Campaign issues on oracle |
| OE-1787 | Allow users to request access that is going to be expired soon when using catalog |
| OE-1786 | Logo changed but on refresh OpenIAM logo appears for fraction of second |
| OE-1781 | Selfservice: Access Certification is not shown when using OracleDB |
| OE-1777 | Bulk user export |
| OE-1775 | The Orphan accounts on every run adds new record |
| OE-1773 | Synch audit logs do not show the user name for new users during a failure |
| OE-1772 | Synchronization audit logs show an incorrect value |
| OE-1771 | Customer reported issues |
| OE-1770 | Non-admin user should be blocked from performing 'Initiate Transfer' operation. |
| OE-1769 | Remove RES_ATTRIBUTE_VALUES it is causing foreign key constraint fails |
| OE-1768 | Sync running in circle and never ends |
| OE-1766 | add option to request access from the 'not authorized' page |
| OE-1765 | Introduce custom links on 'not authorized page' |
| OE-1762 | Max file upload limit for csv sync needs to be increased from 47 MB |
| OE-1760 | Stack Trace in reports should be removed |
| OE-1757 | Move code for sending out email to new user from idm to esb |
| OE-1753 | [1199 Funds] Performance Issue on clicking User Access Review from Self Service |
| OE-1750 | Provision service stops working when alias has more than one index associated with it |
| OE-1749 | MSSQL replace IFNULL with COLAESCE in mssql.history.select.mapper.xml |
| OE-1746 | Log file after rotation remains 0kb |
| OE-1744 | Add Test case in react for Initiate transfer component |
| OE-1742 | how to setup saml auth using user's email and not principal |
| OE-1735 | Use the access control model to limit what users can to their organization |
| OE-1732 | introduce upgrade util for openiam-cli |
| OE-1714 | Create new user via REST API - wrong requestor is set |
| OE-1710 | When selecting time on UI when to disable user it may not happen when manager wanted |
| OE-1702 | Task progress tracker - take business rules into account |
| OE-1701 | Bussines rules - add new target action 'Create access workflow' |
| OE-1695 | Allow to customize login during authentication against managed system module |
| OE-1694 | Direct reports have multiple issues |
| OE-1689 | Add title to the simulation page |
| OE-1688 | When users login to OpenIAM using federation, we do not update the last login date. |
| OE-1684 | Introduce integration of sync and workflow API |
| OE-1680 | Enable failed test readObjectsFromCSVToEmulateCSVSyncTest |
| OE-1679 | PermittedDN should support several locations |
| OE-1678 | Introduce bulk operations over role and groups |
| OE-1677 | Allow emergency reindex with pagination of Elasticsearch indices |
| OE-1674 | .NET/PS cleanup tasks should be configurable |
| OE-1671 | Multipart responses sender ability for Azure connector |
| OE-1675 | [Bug] Spelling mistake in error message for duplicate email id |
| OE-1633 | Applying simulation requests in sequence |
| OE-1630 | Simulation mode for email notifications. |
| OE-1617 | Unable to Send Attachment with NotificationRequest |
| OE-1616 | Unable to Delete Custom User Attributes |
| OE-1611 | Apply multipart responses sender ability to all .NET/PS connectors |
| OE-1602 | Add haproxy service as load balancer |
| OE-1588 | [Language] Default language selection change not reflecting on the login page |
| OE-1563 | Check on log rotation, new files appear to be 0b always |
| OE-1556 | RPM cluster type of delivery |
| OE-1551 | SPS Improvements: Update stash |
| OE-1549 | SPS Improvements: Investigate Redis OOM |
| OE-1543 | Introduce util for release updates |
| OE-1542 | RPM deployments and related tasks |
| OE-1528 | ADPowerShellValidation.groovy Improvements |
| OE-1525 | ADGroupSyncAttributes.groovy class name update |
| OE-1508 | Allow reports to be sent over email to requester |
| OE-1501 | Set headers as part of default configuration to improve security |
| OE-1490 | Related to the above, that the rules could be sorted by one of the fields. |
| OE-1488 | Business rules improvements |
| OE-1479 | Merge SOAP and REST Workday connectors |
| OE-1458 | Openiam-cli shows incorrect status of services |
| OE-1450 | Workday Connector changes for Company Attribute |
| OE-1445 | Refine Workday Rest Connector |
| OE-1437 | user search doesn't work when search by metadata + user status |
| OE-1435 | When sync has error SYNC_CONFIG_ALREADY_RUNNING there is no details about sync config |
| OE-1429 | UI Improvements |
| OE-1426 | Need a filter query to syncing certain number of records from Workday API Connector instead of all the records |
| OE-1421 | Issue with role search on Role Screen |
| OE-1407 | Improve default HA configuration |
| OE-1401 | Optimize performance and memory when import from target to OpenIAM |
| OE-1400 | Optimize performance and memory for synchronization and provisioning when working with large datasets |
| OE-1394 | Large dataset can't be pulled when using RDBMS sync adapter |
| OE-1388 | Allow to customize email templates in user workflows |
| OE-1366 | Change IPC communication between external runner and connector |
| OE-1350 | Batch task 'activate by start date' works wrong |
| OE-1329 | Report showing reconciliation failures |
| OE-1325 | Create User Template Supervisor search is not accurate |
| OE-1324 | Managed system prop to skip it from password sync is ignored |
| OE-1310 | Initiate manual task for termination user when terminate from 'administrative actions' |
| OE-1167 | Create a report which shows the request which are approved/rejected |
| OE-1156 | Test case #10 A user submitted an access request on behalf of another user. Email was not sent to the user that made the request. |
| OE-1081 | SafeNet Authentication Service (SAS) |
| OE-1071 | Create default configuration for SAP Successfactors connector |
| OE-1051 | Business rules Groovy are not running. |
| OE-1046 | Checking error in user synchronization produces blocked window |
| OE-1008 | Apache webserver vulnerabilities |
| OE-964 | Improve request report to show provision status of after request was approved. |
| OE-891 | API getUserBetweenLastDate ignores actual date range |
| OE-871 | Provision / synchronization user groups for linux not correct for few groups |
| OE-865 | Introduce Apple ID single sign on |
| OE-860 | IPA connector: add support for group provisioning |
| OE-838 | Social Login for Apple |
| OE-793 | Refresh token |
| OE-792 | Get token |
| OE-789 | logout |
| OE-787 | Improve swagger documentation for essential services |
| OE-667 | Misc issues (audit improvements and others) |
| OE-656 | Implementing custom credential provider for Windows using (.Net) |
| OE-105 | [CLR] Target system integration |
| OE-6 | Issue with save multicheckbox required field |