Deprecated operations

  • UserDataWebServiceImpl.getUserBetweenLastDate(Date fromDate, Date toDate) has been deprecated and will be removed from v4.2.2. Migrate to the findBeans operation shown in the example below:
import org.openiam.esb.core.batch.tasks.implementation.AbstractLeaverProcess
import org.openiam.idm.searchbeans.UserSearchBean
import org.openiam.idm.srvc.user.dto.User
import org.openiam.provision.dto.user.request.DisableUserProvisioningRequest
import org.openiam.srvc.idm.DefaultProvisioningService
import org.openiam.srvc.user.UserDataWebService
import java.lang.reflect.Array
* Groovy implementation of ILeaverProcess interface
public class LeaverProcessTask extends AbstractLeaverProcess {
UserDataWebService userWebService
DefaultProvisioningService provisionService
public List<User> getUsers(int daysBeforeLeaver) {
Calendar from = Calendar.getInstance()
from.add(Calendar.DAY_OF_MONTH, -daysBeforeLeaver)
from.set(Calendar.HOUR_OF_DAY, 0)
from.set(Calendar.MINUTE, 0)
from.set(Calendar.SECOND, 0)
Calendar to = Calendar.getInstance()
to.add(Calendar.DAY_OF_MONTH, 0)
to.set(Calendar.HOUR_OF_DAY, 0)
to.set(Calendar.MINUTE, 0)
to.set(Calendar.SECOND, 0)
println "Search users with Last Date from:" + from.getTime() + " to: " + to.getTime()
UserSearchBean usb = new UserSearchBean()
usb.setLastDateToken(new DateSearchParam(from.getTime(), to.getTime(), MatchType.BETWEEN))
return userWebService.findBeans(usb,null,0,Integer.MAX_VALUE)?.getList()
public void perform(User user) {
println(String.format("Disable User %s with Id %s", user.getDisplayName(), user.getId()))
DisableUserProvisioningRequest disableUserProvisioningRequest = new DisableUserProvisioningRequest()

Changes in v4.2.1.5

Issue keySummary
OE-2167Enable Contractor Ops, Initiate Bulk Req buttons should be Access Driven
OE-2150Implement connector response custom groovy handler
OE-2149Synchronize Group and User Relationships between OpenIAM and Active Directory (AD) and AD Group synchronization for nested groups for AD Group Sync.
OE-2140AWS: TF Module with Postgres and Redis (PaaS)
OE-2139AWS: TF module with MariaDB and Redis (PaaS)
OE-2138AWS: Helm deployment
OE-2135Azure: Helm deployment
OE-2134Azure: Azure TF module with Postgres and Redis (PaaS)
OE-2133Azure: Azure TF module with MariaDB and Redis (PaaS)
OE-2130Inconsistency in Data (selfservice)
OE-2129Add return code for Skip record but with success
OE-2125Managed systems dashboard shows 'no active connector found' for Rexx and Salesforce MS
OE-2122Auto Generate Password throwing error -> Only 4 repetitive characters allowed
OE-2121do not generate provision request if no changes has been done to user
OE-2118Logo on logout page is always default OpenIAM logo
OE-2117Bug on filter AUDIT_ACTION for export auditlogs to syslogs.
OE-2116Clone managed system - do not clone policy map correctly
OE-2115fix changePassword vulnerabilities
OE-2114Display name of objects in audit instead of IDs
OE-2113Managed system clone is broken - OU mappings are not cloned.
OE-2112Email notifications are being sent to cc and bcc participants of mail even though Mailbox configuration is in Simulation Mode.(When email is sent through post processor)
OE-2110Terminating error code improvements
OE-2033Hide terminated users in self service
OE-2032Introduce auto approval for access revocation request
OE-2031Self Service-During user creation if custom attribute is left empty later if user tries to modify custom attribute then it is not changed in user profile
OE-2030Value for custom attribute is not getting updated when end user is modifying through self service
OE-2029Add filtering options for direct reports in self-service
OE-2028Business Rule Screen remains editable for user which has read only role
OE-2026When custom Attribute value is changed for a user from SelfService form; assigned roles are getting removed from the user
OE-2025UI becomes unresponsive when changing the User Status using Administrative Actions
OE-2024add audit log into sendEmail method
OE-2023When user tries to validate a custom attribute using custom validator script, it throws internal error on UI on selfservice but it doesn't display which attribute is it related to.
OE-2016Self-service forgot password - should always show the MFA options
OE-2011Revoke access workflow does not remove entitlements in the target system
OE-2010Create user from orphan doesn't set metadata type even if one was selected
OE-2009Performed actions are not stored in audit for add/modify user
OE-2008Stop logging in audit of provisioning_modify/provisioning_add Business rules that were not applied
OE-2007Attributes need to be supported for Email Template
OE-2004Enable/disable contractor operations button is absent from the direct reports page
OE-2003Introduce column Lock manager into popup for manage identities of direct reports
OE-2002The user table cannot be populated if there are direct reports without an email address.
OE-2001Policy map - custom user attribute limit
OE-2000Revoke access request - revoke all user's access
OE-1999Troubleshooting utilities for all .NET/PS connectors
OE-1998Users are not able to checkout from the cart
OE-1997Self registration fails due to wrong code, even if no code has been asked
OE-1989Can't open history of my submitted requests
OE-1988Deep link to create requests doesn't always lead to tab #3
OE-1985Failure reporting for provisioning / de-provisioning operations by managed systems
OE-1983Webconsole - Approver association screen is cut off on lower resolutions.
OE-1982Webconsole - User admin is missing menu options when logging into /webconsole
OE-1981Direct reports - Identity operations - should pull the identity status information from the managed system
OE-1980Direct reports - Operations (Create request, Review access, disable, reset password, identity operations) should be enabled based on role.
OE-1978If Manager not having Super Security Role, he gets forbidden page on clicking reset password for his reporter's
OE-1977Catalog search is broken when searching using top search bar
OE-1976Direct Reports - User should not be able to perform Disable User, Restpassword ,and Manage identities for their own account.
OE-1975Provide otp validation on reset password through direct report
OE-1974Add description column into access cart table
OE-1972Password generated by policy map is not saved into openiam DB for non-default managed systems
OE-1970Orphan Management report is not generated
OE-1959AD path validation for user operations
OE-1957When adding group as a child/parent to another group then group attributes/admin/owner got erased
OE-1952[Entitlement Bulk Operations] "Participate in Access Certification" common field is missing
OE-1951[Entitlement Bulk Operations] Entitlement Objects pagination is not working as expected
OE-1950[Entitlement Bulk Operations] Internal Error when clicked Next button without selecting common fields
OE-1949Direct reports should allow enable, disable, unlock, password reset for a selected application
OE-1948Change password - extended should not require that the user knows their current password
OE-1947Allow AD Connector to add user with empty/null 'Manager' attribute
OE-1945Role and Group with false "is Visible" flag is visible on Webconsole and Selfservice portal
OE-1941[Entitlements Bulk Operations] Difficult to perform type and search user as Admin and Owner for edit common fields of entitlement
OE-1940[Entitlements Bulk Operations] "Select All" should consider the filtered entitlements and not all displayed on the page
OE-1939[Entitlements Bulk Operations] Sort Role name in ascending and descending order is not working
OE-1938[Entitlements Bulk Operations] Entitlement Type select drop-down content disappears on clicking down arrow
OE-1931Support update rpm when remote Oracle DB is used
OE-1926fix error which reflect on export user page on payload
OE-1925child event's timestamp in the audit log table is not adjusted to brower's time zone
OE-1923Java doc must be part of each release
OE-1922some java connectors are login password into log file. it must be masked
OE-1920Update Exchange connector libraries dependencies
OE-1919Test Exchange connector against latest version
OE-1918Improve handling password sync in AD connector
OE-1916menu 'About' is missing in Db MS SQL
OE-1898Enable operation can't be simulated
OE-1895Audit for editing system configuration is poor
OE-1894Multipart responses sender ability for MSSQL connector
OE-1893Multipart responses sender ability for Generic connector
OE-1892Work with Kate to document Entitlement Bulk Operation features.
OE-1887API Usage - Entitlements
OE-1884Branding customizations for the Self-service portal
OE-1883Branding and UI Customization - Login/logout/Change password screens
OE-1873Password policy priority is ignored
OE-1869Add/Delete Attributes for Roles/Groups on Entitlement Bulk Operation Screen
OE-1856Simulation mode improvements
OE-1850Logging of simulation requests is weak
OE-1849Bug in access right when linked managed system is deleted
OE-1848Internal error on save content provider with empty authentication rule
OE-1847Cassandra does not get started during openiam-cli init
OE-1845provide httpd_update "without internet" install scenario
OE-1844Directory Lookup - View User Info - High response times
OE-1843Add ability to hide items on login page
OE-1842"404 Page not found" on clicking URI pattern of a page template
OE-1831Selecting Unselecting Menu not reflecting on User Login
OE-1830Scheduled batch tasks wrong order
OE-1827Set up notification when connectors are down on PROD and DEV.
OE-1819Loaded pair or private and public keys is treated as invalid
OE-1818Add new action in target of business rules
OE-1816Complete Swagger (missing some APIs)
OE-1807IS_NEW_xxxxx adaptive risks - incorrect behavior
OE-1806Policy map bugs/questions
OE-1804populate object data for dynamic custom field script
OE-1803recon refactoring
OE-1799Access Certification request not going to group members
OE-1798Users getting duplicated on Access Certification dashboard for Oracle
OE-1794non sense in logs after performing action 'deActivate' user from webconsole
OE-1791Access Certification Campaign issues on oracle
OE-1787Allow users to request access that is going to be expired soon when using catalog
OE-1786Logo changed but on refresh OpenIAM logo appears for fraction of second
OE-1781Selfservice: Access Certification is not shown when using OracleDB
OE-1777Bulk user export
OE-1775The Orphan accounts on every run adds new record
OE-1773Synch audit logs do not show the user name for new users during a failure
OE-1772Synchronization audit logs show an incorrect value
OE-1771Customer reported issues
OE-1770Non-admin user should be blocked from performing 'Initiate Transfer' operation.
OE-1769Remove RES_ATTRIBUTE_VALUES it is causing foreign key constraint fails
OE-1768Sync running in circle and never ends
OE-1766add option to request access from the 'not authorized' page
OE-1765Introduce custom links on 'not authorized page'
OE-1762Max file upload limit for csv sync needs to be increased from 47 MB
OE-1760Stack Trace in reports should be removed
OE-1757Move code for sending out email to new user from idm to esb
OE-1753[1199 Funds] Performance Issue on clicking User Access Review from Self Service
OE-1750Provision service stops working when alias has more than one index associated with it
OE-1749MSSQL replace IFNULL with COLAESCE in
OE-1746Log file after rotation remains 0kb
OE-1744Add Test case in react for Initiate transfer component
OE-1742how to setup saml auth using user's email and not principal
OE-1735Use the access control model to limit what users can to their organization
OE-1732introduce upgrade util for openiam-cli
OE-1714Create new user via REST API - wrong requestor is set
OE-1710When selecting time on UI when to disable user it may not happen when manager wanted
OE-1702Task progress tracker - take business rules into account
OE-1701Bussines rules - add new target action 'Create access workflow'
OE-1695Allow to customize login during authentication against managed system module
OE-1694Direct reports have multiple issues
OE-1689Add title to the simulation page
OE-1688When users login to OpenIAM using federation, we do not update the last login date.
OE-1684Introduce integration of sync and workflow API
OE-1680Enable failed test readObjectsFromCSVToEmulateCSVSyncTest
OE-1679PermittedDN should support several locations
OE-1678Introduce bulk operations over role and groups
OE-1677Allow emergency reindex with pagination of Elasticsearch indices
OE-1674.NET/PS cleanup tasks should be configurable
OE-1671Multipart responses sender ability for Azure connector
OE-1675[Bug] Spelling mistake in error message for duplicate email id
OE-1633Applying simulation requests in sequence
OE-1630Simulation mode for email notifications.
OE-1617Unable to Send Attachment with NotificationRequest
OE-1616Unable to Delete Custom User Attributes
OE-1611Apply multipart responses sender ability to all .NET/PS connectors
OE-1602Add haproxy service as load balancer
OE-1588[Language] Default language selection change not reflecting on the login page
OE-1563Check on log rotation, new files appear to be 0b always
OE-1556RPM cluster type of delivery
OE-1551SPS Improvements: Update stash
OE-1549SPS Improvements: Investigate Redis OOM
OE-1543Introduce util for release updates
OE-1542RPM deployments and related tasks
OE-1528ADPowerShellValidation.groovy Improvements
OE-1525ADGroupSyncAttributes.groovy class name update
OE-1508Allow reports to be sent over email to requester
OE-1501Set headers as part of default configuration to improve security
OE-1490Related to the above, that the rules could be sorted by one of the fields.
OE-1488Business rules improvements
OE-1479Merge SOAP and REST Workday connectors
OE-1458Openiam-cli shows incorrect status of services
OE-1450Workday Connector changes for Company Attribute
OE-1445Refine Workday Rest Connector
OE-1437user search doesn't work when search by metadata + user status
OE-1435When sync has error SYNC_CONFIG_ALREADY_RUNNING there is no details about sync config
OE-1429UI Improvements
OE-1426Need a filter query to syncing certain number of records from Workday API Connector instead of all the records
OE-1421Issue with role search on Role Screen
OE-1407Improve default HA configuration
OE-1401Optimize performance and memory when import from target to OpenIAM
OE-1400Optimize performance and memory for synchronization and provisioning when working with large datasets
OE-1394Large dataset can't be pulled when using RDBMS sync adapter
OE-1388Allow to customize email templates in user workflows
OE-1366Change IPC communication between external runner and connector
OE-1350Batch task 'activate by start date' works wrong
OE-1329Report showing reconciliation failures
OE-1325Create User Template Supervisor search is not accurate
OE-1324Managed system prop to skip it from password sync is ignored
OE-1310Initiate manual task for termination user when terminate from 'administrative actions'
OE-1167Create a report which shows the request which are approved/rejected
OE-1156Test case #10 A user submitted an access request on behalf of another user. Email was not sent to the user that made the request.
OE-1081SafeNet Authentication Service (SAS)
OE-1071Create default configuration for SAP Successfactors connector
OE-1051Business rules Groovy are not running.
OE-1046Checking error in user synchronization produces blocked window
OE-1008Apache webserver vulnerabilities
OE-964Improve request report to show provision status of after request was approved.
OE-891API getUserBetweenLastDate ignores actual date range
OE-871Provision / synchronization user groups for linux not correct for few groups
OE-865Introduce Apple ID single sign on
OE-860IPA connector: add support for group provisioning
OE-838Social Login for Apple
OE-793Refresh token
OE-792Get token
OE-787Improve swagger documentation for essential services
OE-667Misc issues (audit improvements and others)
OE-656Implementing custom credential provider for Windows using (.Net)
OE-105[CLR] Target system integration
OE-6Issue with save multicheckbox required field