NetIQ Identity Manager Identity Applications 4.8 Service Pack 7 Patch 1 (4.8.7.0100) resolves some of the previous issues. This document outlines how you can apply this patch.
For the list of software fixes and enhancements in the previous release, see NetIQ Identity Manager 4.8 Service Pack 7 Release Notes.
This release provides the following software fixes that resolve previous issues in the Identity Applications component:
Before this release, when the RoleVault.getRoleAssignmentCause function made a REST API call to the /rest/access/assignments/list/v2 endpoint, it could retrieve role assignment cause for only ten roles by default. After upgrading to this patch, you can now retrieve assignment cause for all roles by adding a third attribute called true to the same function. (Bug 733006)
Syntax: Here is the method signature
RoleVault.getRoleAssignmentCause('IDM','/rest/access/assignments/list/v2',identityDn, roleDn, true)
This function returns the assignment cause for the roles and resources of a given user.
This patch resolves an issue in a previous release that caused user attributes to display values instead of their labels on the user profile page. (Bug 739001)
For example, there is a user attribute called Region in Designer that you can configure to display a drop-down list, OrganizationUnits (based on the Global List) containing two labels, Internal and External, with corresponding values as ou=Internal,ou=users,o=data and ou=External,ou=users,o=data, respectively. After upgrading to this patch, when you see a user profile on Dashboard, it displays the label Internal for the Region attribute instead of ou=Internal,ou=users,o=data value. Also, while editing the user profile, the Region attribute will show proper options for you to add and remove.
This patch resolves an issue in a previous release that caused form-based application such as HelpDesk Ticket to occasionally display a blank page when opened from the Applications page. The REST API calls to the access/rob/ismproperties and access/permissions/item REST endpoints are now synchronous, thus ensuring that the URL for the forms to redirect is returned successfully. (Bug 739002)
Before this release, when the RoleVault.getRolesUserIn function made a REST API call to the /rest/access/assignments/role/list endpoint, it could retrieve only ten role assignment permissions for a given user. After upgrading to this patch, you can now retrieve information about all roles by adding a second attribute called true to the same function (Bug 739003)
This patch resolves an issue in a previous release that caused the applications and website links on the Applications page to be occasionally missing under the Home items, Administration, and other user-generated categories. It happened because the REST API request to the access/ulp/landingItems/v2 endpoint returned null instead of the user’s clientID. After upgrading to this patch, the landing items (applications and website links) allowed for the clientID are sorted by categories and successfully listed on the Applications page. (Bug 739004)
When you add a time-based attribute, such as Last Login Time, as a primary or secondary attribute in the Card View or Other Attributes in Dashboard’s Customization Settings, the user profile shows the date and time of user login in a proper readable format. Before this patch, the date and time were displayed in UNIX format, which made it difficult to read. (Bug 739005)
You must have the following versions at a minimum to apply this patch:
eDirectory 9.2.8
Identity Console 1.7
Identity Manager 4.8.7
You must be on Identity Manager 4.8.7 at a minimum to apply this patch.
Depending on your operating system or deployment platform, follow the instructions below to upgrade Identity Applications to 4.8.7.0100 version:
Stop the Tomcat service by executing the following command:
systemctl stop netiq-tomcat.service
Navigate to the /etc/init.d directory and stop the Golang service by executing the following command:
./netiq-golang.sh stop
Now navigate to the /opt/netiq/idm/apps/tomcat/webapps directory and take a back up of the idmdash.war file in a local directory.
Delete the following files and directories from the /opt/netiq/idm/apps/tomcat/webapps directory:
idmdash.war
idmdash directory
Navigate to the /opt/netiq/idm/apps/sites/forms directory and take a back up of all the files in a local directory.
Delete all the files in the /forms directory using the following command:
rm - r *
Download the Identity_Manager_APPS_4.8.7_P1.zip from the Software Download and License portal and extract the file to a local directory.
Navigate to the <extracted location>/Linux directory.
Run the following commands:
rpm -Uvh netiq-forms-1.0.5.0200-1.noarch.rpm
rpm -Uvh netiq-userapp-4.8.7.0100-0.noarch.rpm
(Conditional) If you install the rpm as root, add execute permission and user rights for the replaced files:
Navigate to the /opt/netiq/idm/apps/tomcat/webapps/ directory and run the following commands:
chmod +x idmdash.war
chown -R novlua:novlua idmdash.war
chown -R novlua:novlua /opt/netiq/idm/apps/tomcat/conf
chown -R novlua:novlua /opt/netiq/idm/apps/sites
Navigate to the /opt/netiq/idm/apps/sites directory and run the following commands:
chmod +x forms/ chown -R novlua:novlua forms/
Navigate to the /opt/netiq/idm/apps/sites directory. Run the following command to extract the IgaFormRendererUI-1.0.5.0200-bundle.tar.gz and copy the files to the /forms directory:
tar -zxvf IgaFormRendererUI-1.0.5.0200-bundle.tar.gz -C /opt/netiq/idm/apps/sites/forms/
Delete all the files and directories from the /opt/netiq/idm/apps/tomcat/temp and /opt/netiq/idm/apps/tomcat/work/Catalina directories.
Navigate to the /etc/init.d directory and start the Golang service by executing the following command:
./netiq-golang.sh start
(Conditional) If you are using the PostgreSQL database shipped with Identity Manager, run the following command to restart PostgreSQL:
systemctl restart netiq-postgresql.service
Start the Tomcat service:
systemctl start netiq-tomcat.service
From the Windows services, stop the IDM Apps Tomcat Service and NetIQ IGA Form Renderer Service running on your Identity Applications server.
Navigate to the <Identity Applications Tomcat installed location>\webapps\ folder and take a backup of the idmdash.war file in a local folder.
Delete the idmdash.war file and idmdash folder from the <Identity Applications Tomcat installed location>\webapps\ folder:
Navigate to the <Identity Applications installed location>\sites\forms folder and take a back up of all the files in a local directory.
Delete all the files in the forms folder.
Download the Identity_Manager_APPS_4.8.7_P1.zip from the Software Download and License portal and extract the file to a local folder.
Navigate to the <extracted location>\Windows and copy the idmdash.war file to the <Identity Applications Tomcat installed location>\webapps\ folder.
Extract the IgaFormRendererUI.zip present in the <extracted location>\Windows folder and copy all the files from the IgaFormRendererUI folder to the <Identity Applications installed location>\sites\forms folder.
Rename the IgaFormRenderer.exe file in the <extracted location>\Windows folder to IGA-form-renderer-server.exe.
Replace the IGA-form-renderer-server.exe in the <Identity Applications installed location>\sites folder with the IGA-form-renderer-server.exe renamed in Step 9.
Delete all the files and folders from the <Identity Applications Tomcat installed location>\temp and <Identity Applications Tomcat installed location>\work\Catalina folders.
(Optional) Navigate to the C:\NetIQ\idm\apps\tomcat\conf\ folder and set com.netiq.idm.rbpm.updateConfig-On-StartUp flag to true in the ism-configuration.properties file.
From the Windows services, start the IDM Apps Tomcat Service and NetIQ IGA Form Renderer Service on your Identity Applications server.
This section provides information on updating the Identity Applications and Form Renderer containers of Identity Manager. These steps can be used to update both single and distributed servers.
Stop the existing docker container by using the docker stop command.
For example: docker stop <container_id>
Remove the docker container by using the docker rm command.
For example: docker rm <container_id>
Delete the Identity Applications docker image by using the docker rmi command.
For example, docker rmi <image_id>
Navigate to the location where you have extracted the Identity_Manager_APPS_4.8.7_P1_Containers.tar.gz file.
Navigate to the docker-images directory.
Run the following command to load the image:
docker load --input IDM_487_P1_identityapplication.tar.gz
(Conditional) To update the container on distributed servers, use the following command:
docker run --restart unless-stopped -d --ip=192.168.0.7 --network=idmoverlaynetwork --hostname=identityapps.example.com -p 18543:18543 --name=idapps-container -v /etc/hosts:/etc/hosts -v /data:/config --stop-timeout 100 identityapplication:idm-4.8.7.0100
(Conditional) To update the container on single server, use the following command:
docker run --restart unless-stopped -d --network=host --name=idapps-container -v /data:/config --stop-timeout 100 identityapplication:idm-4.8.7.0100
Stop the existing docker container by using the docker stop command.
For example: docker stop <container_id>
Remove the docker container by using the docker rm command.
For example: docker rm <container_id>
Delete the Identity Applications docker image by using the docker rmi command.
For example, docker rmi <image_id>
Navigate to the location where you have extracted the Identity_Manager_APPS_4.8.7_P1_Containers.tar.gz file.
Navigate to the docker-images directory.
Run the following command to load the image:
docker load --input IDM_487_P1_formrenderer.tar.gz
(Conditional) To update the container on distributed servers, use the following command:
docker run --restart unless-stopped -d --ip=192.168.0.8 --network=idmoverlaynetwork --hostname=formrenderer.example.com -p 8600:8600 --name=fr-container -v /etc/hosts:/etc/hosts --stop-timeout 100 formrenderer:idm-4.8.7.0100
(Conditional) To update the container on single server, use the following command:
docker run --restart unless-stopped -d --network=host --name=fr-container -v /data:/config --stop-timeout 100 formrenderer:idm-4.8.7.0100
NetIQ strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in the NetIQ Identity Manager 4.8 Service Pack 6 Release Notes. If you need further assistance with any issue, please contact, contact Technical Support.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal.
Copyright © 2023 NetIQ Corporation, a Micro Focus company. All Rights Reserved.