NetIQ Identity Manager 4.5 Service Pack 3 includes new features, improves usability, and resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Manager Community Forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.
The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Identity Manager Documentation Web site page. To download this service pack, see the NetIQ Identity Manager Product Upgrade website.
The following sections outline the key features and software issues reported by customers that are resolved in this release.
This service pack includes the software fixes and enhancements in the Identity Manager 4.5 Service Pack 2 release. For more information, see the NetIQ Identity Manager 4.5 Service Pack 2 Release Notes.
NOTE:JBoss Enterprise Application Platform (EAP) support is depreciated with Identity Manager 4.5 Service Pack 3. JBoss EAP will be removed as a supported application server with the next major release of Identity Manager. However, it will continue to be a supported application server for Identity Manager 4.5.x.
This release introduces the following new features:
Identity Manager extends the capability of Provisioning Dashboard for placing requests for permissions with this service pack. In addition to requesting permissions for yourself, you can now request permissions for other users in your organization. Identity Manager allows the following roles to request permissions for other users:
Security Administrator
Domain Administrator
Team Requestor
The Provisioning Dashboard interface allows you to select objects such as users, groups, and teams for making requests. For more information, see Making and Managing Requests in the NetIQ Identity Manager Home and Provisioning Dashboard User Guide.
Identity Manager provides a new Team Configuration page that allows you to create teams, manage teams, and define permissions for the team. When a team is created, you can request permissions for the team using the Provisioning Dashboard. For more information about accessing the new Team Configuration page from Identity Manager Home, see Adding the Manage Teams Link to the Identity Manager Home Page. For more information about configuring teams, see Managing Teams in the NetIQ Identity Manager Catalog Administrator User Guide.
For information about installing this feature, see Section 3.3, Updating the Identity Applications.
With this service pack, Identity Manager introduces the Association Statistics feature that allows an administrator to find association details of the identities managed by Identity Manager. The association count for the drivers is evaluated per Identity Manager server. Using this feature, administrators can review the current state of their Identity Manager deployment. For more information see, Association Statistics in the NetIQ Identity Manager Driver Administration Guide.
This service pack provides updates for the following components in Identity Manager.
Identity Manager engine
One SSO Provider (OSP)
Identity applications
Identity Reporting
Designer for Identity Manager (Designer)
This service pack updates the following components to support Java Development Kit 8 Update 66 (jdk8u66) or Java Runtime Environment 1.8 Update 66 (jre8u66).
Identity Manager engine
Identity applications, running on Apache Tomcat
Identity Reporting, running on Apache Tomcat
Designer
Analyzer (32-bit Java only)
When you upgrade from Identity Manager 4.5, 4.5.1 or 4.5.2 to 4.5.3, ensure that your current Java version is upgraded to JRE 1.8 Update 66 on these components.
The Identity Manager 4.5 Engine Service Pack 3 updates the Java version for the Identity Manager engine. You need to manually update your current Java version for the identity applications, Identity Reporting, Designer, and Analyzer. For more information, see Section 3.7, Installing Java 1.8 Update 66 on the Identity Manager Servers.
NOTE:If you use JBoss Enterprise Application Platform (EAP), do not upgrade to Java 1.8. For more information, see Section 4.8, JBoss has Errors Running the Identity Applications with Java Development Kit 8.
This service pack adds support for OSP 6.0.0.2. For more information about updating to OSP 6.0.0.2, see Section 3.11, Updating One SSO Provider.
This service pack addresses the following Common Vulnerabilities and Exposures (CVEs) for Identity Manager:
CVE-2015-0787
CVE-2016-1592
CVE-2015-3195
This service pack provides the following improvements for Identity Manager Designer:
Designer 4.5.3 supports the creation and configuration of the following drivers:
NOTE:Designer 4.5.2.1 and Designer 4.5.2.2 includes the support for creating ServiceNow and JDBC Fan-Out drivers respectively. Designer 4.5.3 includes enhancements and software fixes added in Designer 4.5.2.2.
The NetIQ Identity Manager driver for ServiceNow can seamlessly provision and de-provision users to the ServiceNow cloud application. ServiceNow provides cloud based services that allow users to manage the software through a web service.
For more information about creating and configuring this driver, see the NetIQ ServiceNow Driver Implementation Guide.
The Identity Manager Java DataBase Connectivity (JDBC) Fan-Out driver supports the fan-out capability at the driver level. The Fan-Out driver provisions users and password to multiple databases with minimal effort. This eliminates the need for the Identity Manager administrator to configure multiple JDBC drivers using the same policies to provision multiple databases of the same type. You can centrally manage user accounts and have them automatically created, configured, maintained, and removed when appropriate. This saves cost and time associated with managing the Identity Manager environment. In this configuration, the synchronization is unidirectional, from the Identity Vault to the connected database.
For more information about creating and configuring this driver, see the NetIQ Identity Manager for JDBC Fan-Out Implementation Guide.
NetIQ Identity Manager includes software fixes that resolve several previous issues in the Identity applications.
Ability to Update the Code Map Label When the Label Changes On the Entitlement
Allows you to Print a Form From Internet Explorer 10.x and 11.x
Exception From getRoleAssignmentRequestStatusByIdentityType() SOAP Call on Deleting a Role
User Application Workflow Cannot Revoke an Entitlement That Contains a # Character
Home Provisioning Dashboard Does Not Display Featured Items for Users
SAML Method Fails to Authenticate When User DN Exceeds 128 Characters
Resolves an Issue When Browser Displays an Error When a Colon Is Used in An SSO Secret
Issue: The User Application updates Code Map labels only when the Code Map table is created for the first time for an entitlement and not during the Code Map Refresh cycles. (Bug 953261)
Fix: The User Application now updates the Code Map labels during the code map refresh cycles when there is a change in the Code Map label on an entitlement.
This service pack resolves an issue where the Printform.js library invoked from a form did not work with Internet Explorer 10.x and 11.x browsers. (Bug 944006)
This service pack resolves an issue where incorrect date was displayed on selecting Swedish language. (Bug 960007)
This service pack resolves the issue where the SOAP getRoleAssignmentRequestStatusByIdentityType() call sent an exception when a role was deleted. (Bug 935453)
This service pack resolves an issue where the Identity Manager Home page displayed incomplete request form in French locale. (Bug 952582)
This service pack resolves an issue where the User Application discarded the entitlement parameters containing a # character while revoking the entitlement. (Bug 958843)
This service pack resolves an issue where the featured items were not displayed even if one of them was a PRD and inactive. (Bug 956361)
SAML 1.1.1 resolves an issue where eDirectory crashed while invoking the SAML library. (Bugs 849846, 871203)
SAML 1.1.1 resolves an issue where the SAML method failed to authenticate the DNs of users that contained 128 characters or more. (Bug 935130)
This service pack uses OSP 6.0.0.2 that resolves this issue.
NetIQ Identity Manager includes software fixes that resolve several previous issues in the Configuration Utility.
This service pack resolves an issue where the ConfigUdpate utility did not allow you to change the LDAP Time-out parameter from the default value of 600000. (Bug 954437)
NetIQ Identity Manager includes software fixes that resolve several previous issues in the Identity Reporting.
Issue: Four new reports were introduced in 4.5.0. These were utilized in 4.5.0, 4.5.1 and 4.5.2. While importing these new reports that utilizes the JSON parsing, the import failed. (Bug 949019)
Fix: This service pack resolves this issue. You can now import the reports successfully.
This service pack resolves an issue where incorrect date was displayed on selecting Swedish language. (Bug 960105)
NetIQ Identity Manager includes software fixes that resolve several previous issues in the Identity Manager engine and plug-ins.
Identity Manager Engine Filters the Search from query-ex During Object Migration
Identity Manager Patch Installation Fails if the Installation Path Contains a Space
Issue with Importing the Global Configuration Values of a Driver Set
Remote Loader Installation Fails to Install Java if Identity Manager Engine Runs on the Same Server
Driver does not Stop When a Fatal Error is Prompted by the Startup Policy
Changes to the Connection Passwords Are Not Reflected in the Named Passwords list
This service pack resolves an issue where the DirXML-Associations attribute was not removed for the revoked instances. (Bug 958882)
This service pack resolves an issue where the Identity Manager engine filtered the search from query-ex while migrating objects into Identity Vault. (Bug 948757)
This service pack resolves an issue where the Identity Manager patch installation failed if there was a space in the installation path. (Bug 943052)
This service pack resolves an issue where the import configuration failed to import the Global Configuration Values for a driver set. (Bug 943788)
This service pack resolves an issue where the Remote Loader installation failed to install Java if Identity Manager engine was running on the same server. (Bug 948699)
This service pack resolves an issue of startup policy stopping the driver. (Bug 939548)
This service pack resolves an issue of migrating objects from the connected systems (for example, Multi Domain Active Directory) to the Identity Vault by using the current plug-ins. (Bug 943839)
Issue: The changes made to connection passwords are not reflected in the named password list. (Bug 942226)
Fix: On deselecting the Remove Existing Password option in iManager, the changes made to connection passwords in Multi Domain ACtive Directory are reflected in the named passwords list.
This service pack resolves an issue where Token-map failed to evaluate tokens resulting in broken Token-map functionality. (Bug 956062)
NetIQ Identity Manager includes software fixes that resolve several previous issues in Designer.
Issue: Designer reports errors when you perform the following operations in the package management area of Designer: (Bug 941930)
Create a new version of an existing package.
Link a new item to a new version of a package.
Fix: This service pack resolves these issues. Designer no longer reports errors while performing these operations.
This service pack resolves an issue where the argument builder was not able to access the arg-association node for modifying it. (Bug 946169)
This service pack resolves an issue where Designer removes the reference to a policy when the library containing that policy is imported. (Bug 943088)
This service pack resolves an issue where Designer did not save changes made to the ECMA scripts. (Bug 934399)
This service pack resolves an issue where the driver displayed an error message while performing a do-add role action in the policy builder.
Issue: When you add, remove, or reorder the Startup or Shutdown policies in a driver, Designer does not display the correct status of the policies in the Compare and Deploy views. In addition, Designer does not display the policy linkages to the driver in the pseudo attributes of the driver. (Bug 939553)
Fix: This service pack resolves this issue. Designer now correctly displays the policy changes in the DirXML-Startup and DirXML-Shutdown attributes of the driver.
This service pack enhances the policy builder to support the do-generate-xdas-event action. This action was added in Identity Manager 4.5. (Bug 948845)
This service pack requires the following product versions:
NetIQ Identity Manager 4.5 or later
NOTE:
NetIQ Identity Manager 4.5 or later includes Identity Applications, Identity Reporting, and Identity Manager Engine.
Ensure that Designer is upgraded to 4.5.2.
NetIQ eDirectory 8.8.SP8 Patch 7
IMPORTANT:This release does not support installing eDirectory 9.0 as an Identity Vault. However, you can install eDirectory 9.0 as a connected system for the Bidirectional eDirectory 4.0.2 driver. For more information see NetIQ Driver for Bidirectional eDirectory Implementation Guide.
NetIQ iManager 2.7.7 Patch 6
IMPORTANT:iManager 3.0 is not yet certified with this release. It will be supported in future.
Identity Manager Plug-ins 4.5.3.0
NetIQ Self Service Password Reset 3.2.0.3 or 3.3.0.2
NetIQ One SSO Provider 4.5.0.3, at a minimum
NetIQ recommends that you install the following products to work with this service pack:
NetIQ One SSO Provider 6.0.0.2
Latest patches for the Identity Manager drivers
Designer 4.5.3
For more information about the software requirements, see “Selecting an Operating System Platform for Identity Manager” in the NetIQ Identity Manager Setup Guide.
NOTE:The minimum memory requirement for Identity Vault is 2 GB.
You can upgrade to this service pack from Identity Manager 4.5, 4.5.1, or 4.5.2. Install the components in the following order, depending on your current version:
Upgrading from Identity Manager 4.5 |
Upgrading from Identity Manager 4.5.1 |
Upgrading from Identity Manager 4.5.2 |
---|---|---|
|
|
|
IMPORTANT:To upgrade Designer 4.5 to Designer 4.5.3, first upgrade to Designer 4.5.2 and then upgrade Designer 4.5.2 to Designer 4.5.3. It is also possible to directly update to Designer 4.5.3 from Designer 4.5.2.1 and 4.5.2.2.
Be informed that Designer 4.5.2 is a complete software build while Designer 4.5.3 features are available at the Designer Auto-Update Site. For more information about updating to Designer 4.5.2, see NetIQ Identity Manager 4.5 Service Pack 2 Release Notes. For more information about updating to Designer 4.5.3, see Section 3.6, Updating Designer.
NOTE:
For Identity Manager Advanced Edition, install Java 1.8 Update 66 before installing the Identity Applications.
For Identity Manager Standard Edition, install Java 1.8 Update 66 before installing the Identity Reporting.
You can install Identity Manager 4.5.3 on a server running Red Hat Enterprise Linux 7.1 at a minimum. The following table guides you through the installation process. First you install the Identity Manager 4.5 components in the given sequence using the individual component installation programs and then apply Identity Manager 4.5 Service Pack 3 as appropriate. For more information, see Section 3.0, Installing This Service Pack.
Before starting the installation, NetIQ recommends that you go through Issues with Installing Identity Manager on RHEL 7.1 and SLES 12 Platforms in the NetIQ Identity Manager 4.5 Service Pack 2 Release Notes to help you plan the installation process for Identity Manager. For example, you should not install Identity Vault and EAS on the same server.
IMPORTANT:Identity Manager does not support this installation using the integrated installation program.
Installation Order |
Description |
---|---|
EAS |
Install EAS and Identity Manager engine on separate servers. Install the following dependent libraries before starting the EAS installation:
For more information about installing EAS, see Installing EAS in the Identity Manager Setup Guide. |
eDirectory |
Install eDirectory 8.8 SP8 Patch 7, at a minimum NOTE:Identity Manager ships eDirectory 8.8 SP8 Patch 2 as part of Identity Manager 4.5 ISO. To support Identity Manager installation on RHEL 7.1, ensure that your eDirectory is running 8.8 SP8 Patch 7 at a minimum. Download the patch from the NetIQ downloads page. For more information, see the Release Notes accompanying the patch at eDirectory 8.8 SP8 documentation site. |
Identity Manager Engine |
Install the Identity Manager engine as instructed “Installing the Identity Manager Engine, Drivers, and Plug-ins” in the Identity Manager Setup Guide. Install the following dependant library before starting the installation:
|
iManager |
Install iManager 2.7 SP7 Patch 6, at a minimum NOTE:Identity Manager ships iManager 2.7.7 Patch 2 as part of Identity Manager 4.5 ISO. To support Identity Manager installation on RHEL 7.1, ensure that your iManager is running SP7 Patch 6 at a minimum.
For detailed installation instructions, see Installing iManager in the Identity Manager Setup Guide. |
Self Service Password Reset |
For more information about installing Self Service Password Reset, see Installing the Single Sign-on and Password Management Components in the Identity Manager Setup Guide. |
One SSO Provider |
For more information about installing One SSO Provider, see Installing the Single Sign-on and Password Management Components in the Identity Manager Setup Guide. |
Identity Applications |
For more information about installing Identity Applications, see Installing the Identity Applications in the Identity Manager Setup Guide. |
Identity Reporting |
For more information about installing Identity Reporting, see Installing the Identity Reporting Components in the Identity Manager Setup Guide. |
You can install Identity Manager 4.5.3 on a server running SUSE Linux Enterprise Server 12 at a minimum. The following table guides you through the installation process. First you install the Identity Manager 4.5 components in the given sequence using the individual component installation programs and then apply Identity Manager 4.5 Service Pack 3 as appropriate. For more information, see Section 3.0, Installing This Service Pack.
Before starting the installation, NetIQ recommends that you go through Installing Identity Manager on RHEL 7.1 and SLES 12 Platforms in the NetIQ Identity Manager 4.5 Service Pack 2 Release Notes to help you plan the installation process for Identity Manager. For example, you should not install Identity Vault and EAS on the same server.
IMPORTANT:Identity Manager does not support this installation using the integrated installation program.
Order of Installation |
Installation Instructions |
---|---|
EAS |
Install EAS and Identity Manager engine on separate servers. Install the following dependent libraries before starting the EAS installation:
For more information about installing EAS, see Installing EAS in the Identity Manager Setup Guide. |
eDirectory |
Install eDirectory 8.8 SP8 Patch 7, at a minimum NOTE:Identity Manager ships eDirectory 8.8 SP8 Patch 2 as part of Identity Manager 4.5 ISO. To support Identity Manager installation on SLES 12, ensure that your eDirectory is running 8.8 SP8 Patch 7 at a minimum. Download the patch from the NetIQ downloads page. For more information, see the Release Notes accompanying the patch at eDirectory 8.8 SP8 documentation site. |
Identity Manager Engine |
Install the Identity Manager engine as instructed “Installing the Identity Manager Engine, Drivers, and Plug-ins” in the Identity Manager Setup Guide. Install the following dependant library before starting the installation:
|
iManager |
Install iManager 2.7 SP7 Patch 6, at a minimum
For detailed installation instructions, see Installing iManager in the Identity Manager Setup Guide. |
Designer |
|
Analyzer |
|
Self Service Password Reset |
For more information about installing Self Service Password Reset, see Installing the Single Sign-on and Password Management Components in the Identity Manager Setup Guide. |
One SSO Provider |
For more information about installing One SSO Provider, see Installing the Single Sign-on and Password Management Components in the Identity Manager Setup Guide. |
Identity Applications |
For more information about installing Identity Applications, see Installing the Identity Applications in the Identity Manager Setup Guide. |
Identity Reporting |
For more information about installing Identity Reporting, see Section 3.4, Updating Identity Reporting. |
This service pack includes an update to the identity applications that run on a JBoss, Tomcat, and WebSphere application server. Download the IDM45-Apps-SP-3.zip file to the server where you deployed the identity applications and perform the steps listed in the readme files.
This zip file also includes the files for installing and configuring the Request on Behalf feature. After updating the identity applications, configure Identity Manager Home to include the link for configuring the teams. You need to do this to access the Team Configuration page where you can create and manage teams.
To include the Manage Teams link in the Identity Manager Home page, perform the steps listed in the readme file from the download page.
Alternatively, you can launch the Team Configuration page from a Web browser on your workstation. For more information, see Managing Teams in the NetIQ Identity Manager Catalog Administrator User Guide.
To update the path of the keystore in the Configuration Update utility, perform the steps listed in the readme file from the download page.
This service pack includes support for SAML 1.1.1. For more information about using SAML 1.1.1 with the identity applications, perform the steps listed in the readme file from the download page.
This service pack includes an update to Identity Reporting. When installing or upgrading Identity Reporting without the Event Auditing Service (EAS), perform the workaround for the following issue:
Section 4.16, Cannot Connect to Remote Database When Installing Identity Reporting
For more information about installing or upgrading, see “Installing the Identity Reporting Components” in the Identity Manager Setup Guide.
This service pack includes a IDM_engine_rl_IDM4.5SP3.zip for updating the Identity Manager engine. Install this package on the Identity Manager engine server. For more information, see “Hotfixing the Identity Manager Engine and Remote Loader” in the NetIQ Identity Manager Setup Guide.
This service pack provides an update to Designer. Download the Designer 4.5.3 updates from the Designer Download Site.
NOTE:To upgrade Designer 4.5 to Designer 4.5.3, first upgrade to Designer 4.5.2 and then upgrade Designer 4.5.2 to Designer 4.5.3.
Designer provides an in-built auto-update feature that notifies you of new features available at the Designer Download Site. This feature allows you to download Designer package and patch updates when the computer that has Designer installed and is connected to the Internet.
You also can perform an offline update of Designer when the computer that has Designer installed and is not connected to the Internet. To perform an offline update, first download the required contents from the Designer and Package Update Web sites on a local or remote computer and then point Designer to the directory containing the downloaded files.
To do this, create an offline copy of the Designer update files and then configure Designer to read the patch updates from the files copied to the local computer.
To create an offline copy of the Designer update files on Linux:
Log in to the computer that has Designer installed and create a local directory.
Download the latest patch zip file for Designer version from the specified location and unzip the files into the local directory.
To configure Designer to read the patch updates from the files copied to the local computer
Launch Designer.
From Designer’s main menu, click Window > Preferences.
Click NetIQ > Identity Manager and select Updates.
Select Do not check for updates and deselect all the other check boxes.
For URL, specify file:///path_to_files/updatesite1_0_0/.
For a Linux mounted ISO, use the following URL format: file:///media/designer450offline/updatesite1_0_0.
For Windows, use the following URL format: file:///c:\designer450offline\updatesite1_0_0\.
Click Apply, then click OK.
From Designer’s main menu, click Help > Check for Designer Updates.
Select the required updates and click Yes to accept and update the Designer patch updates.
You need to launch Designer again for the changes to take effect.
To do this, create an offline copy of the package update files and then configure Designer to read the package updates from the files copied to the local computer.
To create an offline copy of the package update files on Linux:
Log in to the computer that has Designer installed and create a local directory.
In a shell, change to this directory and run the following commands to copy the Designer package update files:
wget -e robots=off -r -nH -np http://nu.novell.com/designer/packages/idm/updatesite1_0_0/
wget -e robots=off -r -nH -np http://nu.novell.com/designer/packages/idm/updatesite2_0_0/
To configure Designer to read the package updates from the files copied to the local computer:
Launch Designer.
From Designer’s main menu, click Window > Preferences.
Click NetIQ > Package Manager > Online Updates.
To add a new URL, click the plus icon.
Provide information for the following fields:
Vendor: Specifies the vendor name for package update.
URL: Specifies the URL as file:///path_to_files/packages/idm/updatesite1_0_0.
For Linux mounted ISO, use the following URL format:
file:///media/designer450offline/packages/idm/updatesite1_0_0
file:///media/designer450offline/packages/idm/updatesite2_0_0
NOTE:If you have multiple package sites, repeat Step 5 and add multiple sites and URLs.
Click OK.
In the Preferences window, select the required check boxes for the sites.
NOTE:The new sites are selected by default.
Click Apply, then click OK.
From Designer’s main menu, click Help > Check for Package Updates.
Select the required updates and click Yes to accept and update the Designer package updates.
You need to launch Designer again for the changes to take effect.
This service pack certifies Java 1.8.0_66 (JDK 8u66 or JRE 8u66) for use with Identity Applications on Apache Tomcat although later versions of Java 1.8 are also supported.
To install Java 1.8 Update 66 on the identity applications and Identity Reporting, perform the steps listed in the readme files from one of the following download pages:
NOTE:You can download Java 1.8 Update 66 directly from the Oracle Site.
This service pack updates Designer to support Java 1.8 Update 66.
On the server where you installed Designer, download and install the Java 8 Update 66 files in a local directory.
Open the Designer.ini file located in the Designer installation directory.
Update the Java path in the Designer.ini file.
This service pack updates Analyzer to support Java 1.8 (32-bit).
On the server where you installed Analyzer, create a directory for Java 1.8.
For example, opt/netiq/jdk1.8.0_66.
Download and install the Java 1.8 files in this directory.
Open the Analyzer.ini file located in the Analyzer installation directory.
Update the Java path in the Analyzer.ini file.
Replace the existing (jre) folder with the Java 1.8 folder in the installation directory.
This service pack requires NetIQ Self Service Password Reset 3.2.0.3 or 3.3.1.1. To install these updates, download the following packages and perform the steps listed in the readme files:
NetIQ recommends that you install the latest version of NetIQ One SSO Provider (OSP) to work with this service pack. To upgrade to OSP 6, perform the steps listed in the readme file from the download page.
NetIQ Corporation strives to ensure that our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
For the list of the known issues in Identity Manager 4.5, Identity Manager Standard Edition 4.5.1, and Identity Manager 4.5.2, see the Release Notes for each version on the Identity Manager 4.5 Documentation page.
Section 4.1, Images Not Attaching With the Send Email Template
Section 4.2, Issue with Resource Creation In Absence of CSV Files for Entitlements
Section 4.4, Cannot Upgrade RHEL 6.x With GUI Mode to RHEL 7.1
Section 4.8, JBoss has Errors Running the Identity Applications with Java Development Kit 8
Section 4.9, Engine Upgrade Fails if the Downloaded Folder Contains Special Characters
Section 4.13, eDirectory to eDirectory Certificate in Designer Fails with an Error
Section 4.16, Cannot Connect to Remote Database When Installing Identity Reporting
Section 4.18, Catalina.out File Does Not RollOver on Windows
Issue: If you are attaching an image with an e-mail, the image is not included in the e-mail.(Bug 947162)
Workaround: Copy the image file to the DIB directory, restart eDirectory and then attach the image with the e-mail.
Issue: Identity Manager cannot create resources if a CSV file is missing in the mapping table for any one of the entitlements. (Bug 945038)
Workaround: There is no workaround at this time.
Issue: You cannot select the onload items from the picklist in the User Application in Internet Explorer 11. This issue does not occur with other browsers. (Bug 954608)
Fix: To populate the picklist, use pre-activity instead of the onLoad event.
Issue: If you try to upgrade your GUI-enabled RHEL 6.x to RHEL 7.1, the upgrade fails due to Red Hat limitations. The following links provide more information about this limitation: (Bug 951964)
https://access.redhat.com/solutions/799813
https://access.redhat.com/solutions/637583
Workaround: For a successful upgrade, perform the following actions:
Uninstall the GUI from RHEL 6.x server.
Upgrade the server.
Create an env_idm file in the /etc/opt/novell/eDirectory/conf directory and add the following content to the file:
LD_LIBRARY_PATH=/opt/novell/lib64:/opt/novell/eDirectory/lib64:/opt/novell/eDirectory/lib64/nds-modules:/opt/novell/eDirectory/lib64/nds-modules/jre/lib/amd64://opt/novell/eDirectory/lib64/nds-modules/jre/lib/amd64/server://opt/novell/eDirectory/lib64/nds-modules/jre/lib/amd64/native_threads::$LD_LIBRARY_PATH
(Optional) To install the GUI on the upgraded server, follow the instructions provided in the RHEL documentation.
Issue: When a driver migrates or resynchronizes the users with the Identity Vault, the Identity Manager engine ignores the exclusion list of the driver and synchronizes the users whose association state is disabled. (Bug 1006011)
Workaround: There is no workaround at this time.
Issue: The drivers do not start on these platforms if you used KMO in the driver configuration. (Bug 951958)
Workaround: Manually enter the library path /opt/novell/lib64 to the following existing path:
LD_LIBRARY_PATH=/opt/novell/lib64:/opt/novell/eDirectory/lib64:/opt/novell/eDirectory/lib64/nds-modules:/opt/novell/eDirectory/lib64/nds-modules/jre/lib/amd64://opt/novell/eDirectory/lib64/nds-modules/jre/lib/amd64/server://opt/novell/eDirectory/lib64/nds-modules/jre/lib/amd64/native_threads::$LD_LIBRARY_PATH
Issue: If you have a custom idm4 type of an entitlement and the ID field is not populated in the entitlement values (ID is mandatory for idm4 type entitlements), the User Application might not correctly assign a resource mapped to this entitlement for the second time. The Roles and Resource driver fails to correctly assign these resources to the same user for the second time. Identity Manager does not report any error in the log file.
Workaround: There is no workaround at this time.
Issue: Java Development Kit 8 introduces new default methods to some interfaces. If the source level for your project is lower than jdk1.8.0_51, the Java compiler does not let you use default methods in the interface. This behavior can interfere with the configuration of the identity applications and Identity Reporting running on a JBoss application server. (Bug 941913)
For example, the application might fail to display the tab that allows you to approve a task or user request. Instead, you might receive the following message:
An Error has occurred while processing your request. Please contact the administrator or click the back button and try again.
Workaround: When running the identity applications and Identity Reporting on a JBoss application server, use jdk1.7.0_65 or later from Sun (Oracle).
Issue: The Engine upgrade fails due to special characters present in the download folder. (Bug 958474)
Workaround: There is no workaround at this time.
Issue: The ConfigUpdate utility displays parameters for the Advanced Edition components, such as RBPM, Catalog Administrator, and Home and Provisioning Dashboard. This does not allow you to submit the changes made in the configuration tool. (Bug 917589)
Workaround: To display the correct information in the configuration tool, perform the following actions. This workaround uses the default installation paths created by the Identity Manager component installers on Linux.
In the configupdate.sh.properties file located in the /opt/netiq/idm/apps/osp_sspr/bin/ directory, set is_prov to false.
Launch the ConfigUpdate utility.
Issue: Adding a permission to a team in the User Application reflects in the Catalog Administrator and the newly added Team Configuration page. However, the new permission is not included in the Make a Request page of Home Provisioning Dashboard.
Workaround: To display the newly added permission in the Make a Request page, flush the cache in the User Application.
Issue: If you have multiple teams in your environment, Catalog Administrator displays the teams in multiple pages. When you update a team that is not listed in the first page, Catalog Administrator loads the first page instead of the page that contains the team that was updated.(Bug 961480)
Workaround: There is no workaround at this time.
Issue: In Designer, the certificate creation fails for eDirectory to eDirectory driver certificates. The certificate can be created only a day after CA is created. (Bug 962929)
Workaround: Run the utility only after the CA is created.
Issue: The Team Management and Request on Behalf features are not supported for a delegated administrator role.(Bug 962710)
Workaround: There is no workaround at this time.
Issue: If you run the ConfigUpdate utility from the OSP Self Service Password Reset (SSPR) installation directory, the utility displays different options on Windows and Linux platforms. For example, the utility displays Reporting, Authentication, and SSO Clients tabs on Windows platforms and Identity Vault, Authentication, and SSO Clients tabs on Linux platforms. (Bug 916812)
Workaround: To display the correct tabs on Windows, perform the following actions:
Open the configupdate.bat.properties in a text editor. For example, C:\netiq\idm\apps\osp_sspr\bin\lib\configupdate.bat
Change the following entries in the file:
Change force_no_userapp=true to force-no-userapp=true
Change force_no_reporting=true to force-no-reporting=true
Save and close the file.
The ConfigUpdate utility displays the correct tabs for only OSP installation.
Issue: You can install Identity Reporting on a separate server from the database that Identity Reporting uses. During the installation or upgrade process for Identity Reporting, you can test the connection to the remote database server. However, the connection attempt fails when you install or upgrade Identity Reporting without also specifying a server for NetIQ Event Auditing Service (EAS). (Bug 964099)
Workaround: Complete the following steps:
During the installation or upgrade process for Identity Reporting, select Use EAS (even though you do not intend to use EAS).
For EAS server host name, specify the DNS name or IP address for the database server that Identity Reporting will use.
Continue specifying the database settings as requested by the installation wizard. Then select Test database connection.
If the test connection passes, return to the Event Auditing Service window and deselect Use EAS. Then proceed with the installation or upgrade for Identity Reporting.
If the test connection fails, ensure that you have entered the correct values for the database server. Then perform Step 4.
NOTE:Running Identity Reporting without EAS is also referred to as “standalone Reporting.”
Issue: Identity Manager cannot import portal data when you have the following settings in User Application > Administration > Application Configuration > Portal Data Import:
Import security settings? = Yes
View Import Archive > Access level for imported objects = Administrator Only
(Bug 928378)
Workaround: To import portal data, you must change the settings to the following values:
Import security settings? = No
Access level for imported objects = All Users
After completing the import, you can reestablish your preferred security settings. For more information, see “Importing Portal Data” in the NetIQ Identity Manager User Application: Administration Guide.
Issue: If you installed Identity Applications on Windows, the catalina.out log file does not rotate the log.(Bug 979722)
Workaround: There is no workaround at this time.
The following topics describe additions and modifications to the Identity Manager documentation.
The server.xml and context.xml files for the Tomcat application server contain a data source entry that points to the database for the identity applications, Identity Reporting, or when they are deployed together. Identity Manager 4.5.1 changed the method for updating the password for a database user in the server.xml file when you deploy the identity applications, Identity Reporting, or both on a Tomcat application server.
Stop Tomcat.
Update the user's password in the database server.
In a terminal, navigate to the tomcat/lib directory and enter the following command with Java in your path:
java -jar iac-datasource-factory.jar %newpassword%
Copy the encrypted output of the password and update the entry for that user in the server.xml file, located by default in the tomcat/conf directory.
Start Tomcat.
You can customize the themes and images that the identity applications and Identity Reporting display in your users’ Web browsers. To replace the NetIQ logo with a custom log in the header, the logo must be in a .GIF or .JPG format. Otherwise, Microsoft Internet Explorer 11 does not display the logo. (Bug 938050)
Identity Manager allows you to customize the strings in OSP to suit the needs of your enterprise. The strings are based on the user’s current locale. The osp-custom-resources.jar file contains all of the string property files.(Bug 942083)
To customize OSP strings, perform the steps listed in the readme file from the download page.
You can install the Identity Manager engine in an environment where you have configured multiple instances of Identity Vault. Identity Manager supports this installation as a root user and in a silent mode. For more information, see Installing on a Server with Multiple Instances of Identity Vault section in the NetIQ Identity Manager Setup Guide. (Bug 938158)
This service pack includes enhancements and software fixes provided in previous releases:
Identity Manager 4.5 Service Pack 2 Hotfix 1
Identity Manager 4.5 Service Pack 2
Identity Manager 4.5 Service Pack 1
For more information, see NetIQ Identity Manager 4.5 Service Pack 2 Release Notes and NetIQ Identity Manager 4.5 Service Pack 1 Release Notes.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
© 2016 NetIQ Corporation. All Rights Reserved.