NetIQ Identity Manager Identity Applications 4.8 Service Pack 6 Patch 4 (4.8.6.0400) resolves some of the previous issues. This document outlines how you can apply this patch.
For the list of software fixes and enhancements in the previous release, see NetIQ Identity Manager 4.8 Service Pack 6 Release Notes.
This release provides the following software fixes that resolve previous issues in the Identity Applications component:
This patch resolves an issue in Identity Manager 4.8.6 that caused user attributes to display values instead of their labels on the user profile page. (Bug 634026)
For example, there is a user attribute called Region in Designer that you can configure to display a drop-down list, OrganizationUnits (based on the Global List) containing two labels, Internal and External, with corresponding values as ou=Internal,ou=users,o=data and ou=External,ou=users,o=data, respectively. After upgrading to this patch, when you see a user profile on Dashboard, it displays the label Internal for the Region attribute instead of ou=Internal,ou=users,o=data value. Also, while editing the user profile, the Region attribute will show proper options for you to add and remove.
This patch resolves an issue in Identity Manager 4.8.6 that caused the applications and website links on the Applications page to be occasionally missing under the Home items, Administration, and other user-generated categories. It happened because the REST API request to the access/ulp/landingItems/v2 endpoint returned null instead of the user’s clientID. After upgrading to this patch, the landing items (applications and website links) allowed for the clientID are sorted by categories and successfully listed on the Applications page. (Bug 639001)
When you add a time-based attribute, such as Last Login Time, as a primary or secondary attribute in the Card View or Other Attributes in Dashboard’s Customization Settings, the user profile shows the date and time of user login in a proper readable format. Before this patch, in Identity Manager 4.8.6, the date and time were displayed in UNIX format, which made it difficult to read. (Bug 646061)
This patch resolves an issue in Identity Manager 4.8.6 that caused form-based application such as HelpDesk Ticket to occasionally display a blank page when opened from the Applications page. The REST API calls to the access/rob/ismproperties and access/permissions/item REST endpoints are now synchronous, thus ensuring that the URL for the forms to redirect is returned successfully. (Bug 646111)
The reminder and escalation reminder email templates have been modified to send proper reminder and escalation emails. The application no longer sends content from the notification template to the reminder and escalation emails. (Bug 733003)
Before this release, when the RoleVault.getRolesUserIn function made a REST API call to the /rest/access/assignments/role/list endpoint, it could retrieve only ten role assignment permissions for a given user. After upgrading to this patch, you can now retrieve information about all roles by adding a second attribute called true to the same function.
Syntax: Here is the method signature:
RoleVault.getRolesUserIn('IDM','/rest/access/assignments/role/list',userDN,true)
(Bug 733004)
Before this release, when the RoleVault.getRoleAssignmentCause function made a REST API call to the /rest/access/assignments/list/v2 endpoint, it could retrieve role assignment cause for only ten roles by default. After upgrading to this patch, you can now retrieve assignment cause for all roles by adding a third attribute called true to the same function. (Bug 733005)
Syntax: Here is the method signature:
RoleVault.getRoleAssignmentCause('IDM','/rest/access/assignments/list/v2',identityDn, roleDn, true)
This function returns the assignment cause for the roles and resources of a given user.
You must have the following versions at a minimum to apply this patch:
eDirectory 9.2.7
iManager 3.2.6/Identity Console 1.5
Identity Manager 4.8.6/4.8.6.0100/4.8.6.0200
Identity Manager 4.8.6.0400 supports upgrade from version 4.8.6, 4.8.6.0100, or 4.8.6.0200. Choose the upgrade procedure that corresponds to your current base version:
Depending on your operating system or deployment platform, follow the instructions below to upgrade Identity Manager directly from version 4.8.6 to 4.8.6.0400:
This patch requires you to update the following components based on your requirement:
Stop the Tomcat and NGINX services by executing the following commands:
systemctl stop netiq-tomcat.service
systemctl stop netiq-nginx.service
Navigate to the /etc/init.d directory and stop the Golang service by executing the following command:
./netiq-golang.sh stop
Now navigate to the /opt/netiq/idm/apps/tomcat/webapps directory and take a back up of the IDMProv.war, idmdash.war and workflow.war files in a local directory.
Delete the following files and directories from the /opt/netiq/idm/apps/tomcat/webapps directory:
IDMProv.war
IDMProv directory
idmdash.war
idmdash directory
workflow.war
workflow directory
Navigate to the /opt/netiq/idm/apps/sites/forms directory and take a back up of all the files in a local directory.
Delete all the files in the /forms directory using the following command:
rm - r *
Download the Identity_Manager_APPS_4.8.6_P4.zip from the Software Download and License portal and extract the file to a local directory.
Navigate to the <extracted location>/Linux directory.
Run the following commands:
rpm -Uvh netiq-forms-1.0.5.0200-1.noarch.rpm
rpm -Uvh netiq-userapp-4.8.6.0400-0.noarch.rpm
rpm -Uvh netiq-workflow-1.6.0.0300-1.noarch.rpm
(Conditional) If you install the rpm as root, add execute permission and user rights for the replaced files:
Navigate to the /opt/netiq/idm/apps/tomcat/webapps/ directory and run the following commands:
chmod +x IDMProv.war idmdash.war workflow.war
chown -R novlua:novlua IDMProv.war idmdash.war workflow.war
chown -R novlua:novlua /opt/netiq/idm/apps/tomcat/conf
chown -R novlua:novlua /opt/netiq/idm/apps/sites
Navigate to the /opt/netiq/idm/apps/sites directory and run the following commands:
chmod +x forms/ chown -R novlua:novlua forms/
Navigate to the /opt/netiq/idm/apps/sites directory. Run the following command to extract the IgaFormRendererUI-1.0.5.0200-bundle.tar.gz and copy the files to the /forms directory:
tar -zxvf IgaFormRendererUI-1.0.5.0200-bundle.tar.gz -C /opt/netiq/idm/apps/sites/forms/
(Conditional) If SSPR and Identity Applications are installed on the same server, perform the following steps to update SSPR:
Take a back up of the sspr.war file from the <Identity ApplicationsTomcat installed location>/webapps directory in a local directory.
Delete the sspr directory from the <Identity Applications Tomcat installed location>/webapps directory.
Download and extract the Identity_Manager_SSPR_4.8.6_P1.zip file.
Navigate to the <extracted location>/Linux directory.
Run the following command:
rpm -Uvh netiq-sspr-4.6.0.1-1.noarch.rpm
(Conditional) If you install the rpm as root, run the following commands to execute permissions and user rights for the replaced war files:
chmod +x sspr.war
chown -R novlua:novlua sspr.war
Delete all the files and directories from the /opt/netiq/idm/apps/tomcat/temp and /opt/netiq/idm/apps/tomcat/work/Catalina directories.
Navigate to the /etc/init.d directory and start the Golang service by executing the following command:
./netiq-golang.sh start
Start the NGINX service by executing the following command:
systemctl start netiq-nginx.service
(Conditional) If you are using the PostgreSQL database shipped with Identity Manager, run the following command to restart PostgreSQL:
systemctl restart netiq-postgresql.service
Start the Tomcat service:
systemctl start netiq-tomcat.service
NOTE:Use this method if SSPR is:
Installed on a different server than the Identity Applications server.
Installed in a Standard Edition.
Stop the Tomcat service:
systemctl stop netiq-tomcat.service
Download the Identity_Manager_SSPR_4.8.6_P1.zip from the Software Download and License portal and extract the file.
Navigate to the <extracted location>/Linux directory.
Run the following command:
rpm -Uvh netiq-sspr-4.6.0.1-1.noarch.rpm
(Conditional) If you install the rpm as root, run the following commands to execute permissions and user rights for the replaced war files:
chmod +x sspr.war
chown -R novlua:novlua sspr.war
Start the Tomcat service:
systemctl start netiq-tomcat.service
This patch requires you to update the following components based on your requirement:
From the Windows services, stop the IDM Apps Tomcat Service, NetIQ IGA Form Renderer Service, and NetIQ Nginx Service running on your Identity Applications server.
Navigate to the <Identity Applications Tomcat installed location>\webapps\ folder and take a backup of the IDMProv.war, idmdash.war, and workflow.war files.
Delete the following files and folders from the <Identity Applications Tomcat installed location>\webapps\ folder:
IDMProv.war
IDMProv folder
idmdash.war
idmdash folder
workflow.war
workflow folder
Navigate to the <Identity Applications installed location>\sites\forms folder and take a back up of all the files in a local folder.
Delete all the files in the forms folder.
Download the Identity_Manager_APPS_4.8.6_P4.zip from the Software Download and License portal and extract the file to a local folder.
Navigate to the <extracted location>\Windows and copy the IDMProv.war, idmdash.war, and workflow.war files to the <Identity Applications Tomcat installed location>\webapps\ folder.
Extract the IgaFormRendererUI.zip present in the <extracted location>\Windows folder and copy all the files from the IgaFormRendererUI folder to the <Identity Applications installed location>\sites\forms folder.
Rename the IgaFormRenderer.exe file in the <extracted location>\Windows folder to IGA-form-renderer-server.
Replace the IGA-form-renderer-server in the <Identity Applications installed location>\sites folder with the IGA-form-renderer-server renamed in Step 9.
(Conditional) If SSPR and Identity Applications are installed on the same server, perform the following steps:
Take a back up of the sspr.war file from the <Identity Applications Tomcat installed location>\webapps\ folder in a local folder.
Download and extract the Identity_Manager_SSPR_4.8.6_P1.zip file.
Navigate to the <extracted location>/Windows directory.
Copy the sspr.war file from the extracted location to <Identity Applications Tomcat installed location>\webapps\ folder.
Delete all the files and folders from the <Identity Applications Tomcat installed location>\temp and <Identity Applications Tomcat installed location>\work\Catalina folders.
(Optional) Navigate to the C:\NetIQ\idm\apps\tomcat\conf\ folder and set com.netiq.idm.rbpm.updateConfig-On-StartUp flag to true in the ism-configuration.properties file.
From the Windows services, start the IDM Apps Tomcat Service, NetIQ Nginx Service, and NetIQ IGA Form Renderer Service on your Identity Applications server.
NOTE:Use this method if SSPR is:
Installed on a different server than the Identity Applications server.
Installed in a Standard Edition.
From the Windows services, stop the Tomcat Service running on your SSPR server.
Take a back up of the sspr.war file from the <Identity Applications Tomcat installed location>\webapps\ folder in a local folder.
Download the Identity_Manager_SSPR_4.8.6_P1.zip from the Software Download and License portal and extract the file.
Navigate to the <extracted location>/Windows directory.
Copy the sspr.war file from the extracted location to <Identity Applications Tomcat installed location>\webapps\ folder.
Delete all the files and folders from the <Identity Applications Tomcat installed location>\temp and <Identity Applications Tomcat installed location>\work folders.
From the Windows services, start the IDM Apps Tomcat Service on your Identity Applications server.
This section provides information on updating the Identity Applications, Form Renderer, and SSPR containers of Identity Manager. These steps can be used to update both single and distributed servers.
Stop the existing docker container by using the docker stop command.
For example: docker stop <container_id>
Remove the docker container by using the docker rm command.
For example: docker rm <container_id>
Delete the Identity Applications docker image by using the docker rmi command.
For example, docker rmi <image_id>
Navigate to the location where you have extracted the Identity_Manager_APPS_4.8.6_P4_Containers.tar.gz file.
Navigate to the docker-images directory.
Run the following command to load the image:
docker load --input IDM_486_P4_identityapplication.tar.gz
(Conditional) To update the container on distributed servers, use the following command:
docker run -d --ip=192.168.0.7 --network=idmoverlaynetwork --hostname=identityapps.example.com -p 18543:18543 --name=idappscontainer -v /etc/hosts:/etc/hosts -v /data:/config --stop-timeout 100 identityapplication:idm-4.8.6.0400
(Conditional) To update the container on single server, use the following command:
docker run -d --network=host --name=idapps-container -v /data:/config --stop-timeout 100 identityapplication:idm-4.8.6.0400
Stop the existing docker container by using the docker stop command.
For example: docker stop <container_id>
Remove the docker container by using the docker rm command.
For example: docker rm <container_id>
Delete the form renderer docker image by using the docker rmi command.
For example, docker rmi <image_id>
Navigate to the location where you have extracted the Identity_Manager_APPS_4.8.6_P4_Containers.tar.gz file.
Navigate to the docker-images directory.
Run the following command to load the image:
docker load --input IDM_486_P4_formrenderer.tar.gz
(Conditional) To update the containers on distributed servers, use the following command:
docker run --restart unless-stopped -d --ip=192.168.0.8 -- network=idmoverlaynetwork --hostname=formrenderer.example.com -p 8600:8600 --name=fr-container -v /etc/hosts:/etc/hosts -v /data:/config -e SILENT_INSTALL_FILE=/config/silent.properties --stop-timeout 100 formrenderer:idm-4.8.6.0400
(Conditional) To update the containers on single server, use the following command:
docker run --restart unless-stopped -d --network=host --name=frcontainer -v /data:/config -e SILENT_INSTALL_FILE=/config/ silent.properties --stop-timeout 100 formrenderer:idm-4.8.6.0400
Stop the existing docker container by using the docker stop command.
For example: docker stop <container_id>
Remove the docker container by using the docker rm command.
For example: docker rm <container_id>
Delete the SSPR docker image by using the docker rmi command.
For example, docker rmi <image_id>
Navigate to the location where you have extracted the Identity_Manager_APPS_4.8.6_P4_Containers.tar.gz file.
Navigate to the docker-images directory.
Run the following command to load the image:
docker load --input IDM_486_P1_sspr.tar.gz
(Conditional) To update the containers on distributed servers, use the following command:
docker run -d --ip=192.168.0.11 --network=idmoverlaynetwork --hostname=sspr.example.com --name=sspr-container -v /etc/hosts:/etc/hosts -v /data/sspr:/config -p 8443:8443 --stop-timeout 100 sspr/sspr-webapp:4.6.0.1
(Conditional) To update the containers on single server, use the following command:
docker run -d --network=host --name=sspr-container -v /data/sspr:/config --stop-timeout 100 sspr/sspr-webapp:4.6.0.1
Depending on your operating system, follow the instructions below upgrade Identity Manager from 4.8.6.0100/4.8.6.0100 to 4.8.6.0400:
Stop the Tomcat and NGINX services by executing the following commands:
systemctl stop netiq-tomcat.service
systemctl stop netiq-nginx.service
Navigate to the /etc/init.d directory and stop the Golang service by executing the following command:
./netiq-golang.sh stop
Navigate to the /opt/netiq/idm/apps/tomcat/webapps directory and take a back up of the IDMProv.war, idmdash.war, and workflow.war files in a local directory.
Delete the following files and directories from the /opt/netiq/idm/apps/tomcat/webapps directory:
IDMProv.war
IDMProv directory
idmdash.war
idmdash directory
workflow.war
workflow directory
Navigate to the /opt/netiq/idm/apps/sites/forms directory and take a back up of all the files in a local directory.
Delete all the files in the /forms directory using the following command:
rm - r *
Download the Identity_Manager_APPS_4.8.6_P4.zip from the Software License and Download portal and extract the file to a local directory.
Navigate to the <extracted location>/Linux directory.
Run the following commands:
rpm -Uvh netiq-forms-1.0.5.0200-1.noarch.rpm
rpm -Uvh netiq-userapp-4.8.6.0400-0.noarch.rpm
rpm -Uvh netiq-workflow-1.6.0.0300-1.noarch.rpm
(Conditional) If you install the rpm as root, add execute permission and user rights for the replaced files:
Navigate to the /opt/netiq/idm/apps/tomcat/webapps/ directory and run the following commands:
chmod +x IDMProv.war idmdash.war workflow.war
chown -R novlua:novlua IDMProv.war idmdash.war workflow.war
chown -R novlua:novlua /opt/netiq/idm/apps/tomcat/conf
chown -R novlua:novlua /opt/netiq/idm/apps/sites
Navigate to the /opt/netiq/idm/apps/sites directory and run the following commands:
chmod +x forms/ chown -R novlua:novlua forms/
Navigate to the /opt/netiq/idm/apps/sites directory. Run the following command to extract the IgaFormRendererUI-1.0.5.0200-bundle.tar.gz and copy the files to the /forms directory:
tar -zxvf IgaFormRendererUI-1.0.5.0200-bundle.tar.gz -C /opt/netiq/idm/apps/sites/forms/
Delete all the files and directories from the /opt/netiq/idm/apps/tomcat/temp and /opt/netiq/idm/apps/tomcat/work/Catalina directories.
Navigate to the /etc/init.d directory and start the Golang service by executing the following command:
./netiq-golang.sh start
Start the NGINX service by executing the following command:
systemctl start netiq-nginx.service
(Conditional) If you are using the PostgreSQL database shipped with Identity Manager, run the following command to restart PostgreSQL:
systemctl restart netiq-postgresql.service
Start the Tomcat service:
systemctl start netiq-tomcat.service
From the Windows services, stop the IDM Apps Tomcat Service, NetIQ IGA Form Renderer Service and NetIQ Nginx Service running on your Identity Applications server.
Navigate to the <Identity Applications Tomcat installed location>\webapps\ folder and take a back up of the IDMProv.war, workflow.war, and idmdash.war files in a local folder.
Delete the following files and folders from the <Identity Applications Tomcat installed location>\webapps\ folder.
IDMProv.war
IDMProv folder
idmdash.war
idmdash folder
workflow.war
workflow folder
Navigate to the <Identity Applications installed location>\sites\forms folder and take a back up of all the files in a local folder.
Delete all the files in the forms folder.
Download the Identity_Manager_APPS_4.8.6_P4.zip from the Software Download and License portal and extract the file to a local folder.
Navigate to the <extracted location>\Windows and copy the IDMProv.war, idmdash.war, and workflow.war files to the <Identity Applications Tomcat installed location>\webapps\ folder.
Extract the IgaFormRendererUI.zip present in the <extracted location>\Windows folder and copy all the files from the IgaFormRendererUI folder to the <Identity Applications installed location>\sites\forms folder.
Rename the IgaFormRenderer.exe file in the <extracted location>\Windows folder to IGA-form-renderer-server.
Replace the IGA-form-renderer-server in the <Identity Applications installed location>\sites folder with the IGA-form-renderer-server renamed in Step 9.
Delete all the files and folders from the <Identity Applications Tomcat installed location>\temp and <Identity Applications Tomcat installed location>\work\Catalina\ folders.
(Optional) Navigate to the C:\NetIQ\idm\apps\tomcat\conf\ folder and set com.netiq.idm.rbpm.updateConfig-On-StartUp flag to true in the ism-configuration.properties file.
From the Windows services, start the NetIQ Nginx Service, NetIQ IGA Form Renderer Service, and IDM Apps Tomcat Service on your Identity Applications server.
This section provides information on updating the Identity Applications and form renderer containers of Identity Manager. These steps can be used to update both single and distributed servers.
Stop the existing docker container by using the docker stop command.
For example: docker stop <container_id>
Remove the docker container by using the docker rm command.
For example: docker rm <container_id>
Delete the Identity Applications docker image by using the docker rmi command.
For example, docker rmi <image_id>
Navigate to the location where you have extracted the Identity_Manager_APPS_4.8.6_P4_Containers.tar.gz file.
Navigate to the docker-images directory.
Run the following command to load the image:
docker load --input IDM_486_P4_identityapplication.tar.gz
(Conditional) To update the container on distributed servers, use the following command:
docker run -d --ip=192.168.0.7 --network=idmoverlaynetwork --hostname=identityapps.example.com -p 18543:18543 --name=idappscontainer -v /etc/hosts:/etc/hosts -v /data:/config --stop-timeout 100 identityapplication:idm-4.8.6.0400
(Conditional) To update the container on single server, use the following command:
docker run -d --network=host --name=idapps-container -v /data:/config --stop-timeout 100 identityapplication:idm-4.8.6.0400
Stop the existing docker container by using the docker stop command.
For example: docker stop <container_id>
Remove the docker container by using the docker rm command.
For example: docker rm <container_id>
Delete the form renderer docker image by using the docker rmi command.
For example, docker rmi <image_id>
Navigate to the location where you have extracted the Identity_Manager_APPS_4.8.6_P4_Containers.tar.gz file.
Navigate to the docker-images directory.
Run the following command to load the image:
docker load --input IDM_486_P4_formrenderer.tar.gz
(Conditional) To update the containers on distributed servers, use the following command:
docker run --restart unless-stopped -d --ip=192.168.0.8 -- network=idmoverlaynetwork --hostname=formrenderer.example.com -p 8600:8600 --name=fr-container -v /etc/hosts:/etc/hosts -v /data:/config -e SILENT_INSTALL_FILE=/config/silent.properties --stop-timeout 100 formrenderer:idm-4.8.6.0400
(Conditional) To update the containers on single server, use the following command:
docker run --restart unless-stopped -d --network=host --name=frcontainer -v /data:/config -e SILENT_INSTALL_FILE=/config/ silent.properties --stop-timeout 100 formrenderer:idm-4.8.6.0400
NetIQ strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in the NetIQ Identity Manager 4.8 Service Pack 6 Release Notes. If you need further assistance with any issue, please contact, contact Technical Support.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal.
Copyright © 2023 NetIQ Corporation, a Micro Focus company. All Rights Reserved.