NetIQ Identity Manager 4.5 Service Pack 6 Release Notes

July 2017

NetIQ Identity Manager 4.5 Service Pack 6 improves usability and resolves several previous issues.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Manager Community Forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.

The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Identity Manager Documentation Web site page.

1.0 What’s New?

Identity Manager 4.5.6 provides the following enhancements and fixes in this release:

1.1 New Platforms

In addition to the existing platforms, this service pack extends support for the following platforms:

  • SUSE Linux Enterprise Server (SLES) 12 SP2

  • Red Hat Enterprise Linux (RHEL) 7.3

1.2 Component Updates

This service pack provides updates for the following components in Identity Manager:

  • Identity Manager engine

  • Identity applications

  • NetIQ One SSO Provider

IMPORTANT:This service pack does not include updates to Designer.

1.3 Support for Java 1.8 Update 131

This service pack updates the following components to support Java Development Kit 8 Update 131 (jdk8u131) or Java Runtime Environment 1.8 Update 131 (jre8u131).

  • Identity Manager engine

  • Identity applications, running on Apache Tomcat

  • Identity Reporting, running on Apache Tomcat

This service pack updates the Java version for the Identity Manager engine.

NOTE:You can download Java 1.8 Update 131 directly from the Oracle Site.

You need to manually update your current Java version for the identity applications, Identity Reporting, and Analyzer. For more information, see Section 3.7, Installing Java 1.8 Update 131.

NOTE:If you use JBoss Enterprise Application Platform (EAP) or WebSphere, do not upgrade to Java 1.8. For more information, see JBoss has Errors Running the Identity Applications with Java Development Kit 8 in the NetIQ Identity Manager 4.5 Service Pack 3 Release Notes.

1.4 Support for Tomcat 7.0.78 or Later

This service pack requires Tomcat 7.0.78. Install this package on the Identity Applications server and perform the steps listed in the readme file.

1.5 Support for One SSO Provider 6.1.3 or Later

This service pack requires NetIQ One SSO Provider 6.1.3 at a minimum. The OSP files are packaged in the IDM45-Apps-SP-6 file. To upgrade to OSP 6.1.3, perform the steps listed in the readme file.

1.6 Software Fixes

Identity Manager Engine and Driver Plug-ins

NetIQ Identity Manager includes software fixes that resolve several previous issues in the Identity Manager engine and plug-ins.

Identity Manager Engine Patch Installer No Longer Needs PERL Software to Update the Installed RPMs

The NetIQ Identity Manager Patch Installer program for the Identity Manager engine and Remote Loader successfully updates the installed RPMs without the need for having the PERL software installed on your server. (Bug 1029331)

Ability to Bring Up Overview Page for a Driver Associated with a Remote CA Server in iManager Plug-In

In a multi-server environment, although a server hosting Certificate Authority (CA) is not available, iManager successfully brings up the driver overview page for that server. (Bug 1028417)

Crontab String in Job Scheduler Page Correctly Displays Time

The iManager plug-in correctly displays time for a scheduled job in the crontab string. (Bug 1035844)

Allows Special Characters in the Connection URL for JDBC Fan-Out Driver Instance in iManager Plug-In

The plug-in has been enhanced to accept special characters in the JDBC Fan-Out driver instance connection URL. (Bug 1035842)

Identity Applications

NetIQ Identity Manager includes software fixes that resolve several previous issues in the identity applications.

DateTimePicker Control Correctly Updates the eDirectory Attribute Values

This service pack resolves an issue where the DateTimePicker control does not correctly populate the eDirectory attributes. (Bug 993479)

Resolves an Issue with User Login Taking Longer Than Expected Time

The identity applications search the Identity Vault for all users before allowing a user to log in to the applications. This process prolongs the log in time when there are a large number of users in the Identity Vault. (Bug 1023238)

This issue has been resolved with this release.

Workflow Request Form Print Preview Pop-Up Window Displays Empty Fields

While printing a request form, all the fields are correctly populated and properly displayed in the Form Print Pop-up window on the following web browsers: Google Chrome, Mozilla Firefox and Microsoft Internet Explorer 11. (Bug 992087)

Workflow Forms Correctly Display Scroll Bar for the DNLookup Control After Upgrading to Latest Browsers and Identity Applications

If you use the DNLookUp field to search users, the scroll bar and all user details are correctly displayed.(Bug 1041741)

DNLookUp Control Correctly Display Values in the Form Print Pop-Up Window

The pre-activity flowdata.get for the DNLookUp data item now correctly resolves the attributes specified in the Display Expression field in the Approval Print Pop-up window.(Bug 1033975)

Resolves an Issue with User Application Driver Connection When Subject Alternate Names are Used

The HTTP clients that User Application and the User Application driver use honor Subject Alternate Names in a certificate that enable the User Application driver to verify the User Application's X.509 certificate. (Bug 998840)

2.0 System Requirements

This service pack requires the following product versions:

Product Version

Description

NetIQ Identity Manager 4.5 or later

This includes Identity Manager engine, Identity Applications, Identity Reporting, Designer 4.6.1 at a minimum

NetIQ eDirectory 8.8.8 Patch 8, eDirectory 8.8.8 Patch 9, or eDirectory 8.8.8 Patch 10, or eDirectory 8.8.8 Patch 10 Hot Fix (HF) 1

You can only upgrade Identity Manager 4.5.6 with eDirectory 8.8.8 Patch 8 or later to eDirectory 9.0.1 or later.

NetIQ eDirectory 9.0.1, eDirectory 9.0.2, eDirectory 9.0.3, or eDirectory 9.0.3 HF1

Support for eDirectory 9.0.1 was introduced in Identity Manager 4.5 Service Pack 4 release. eDirectory 9.0 is not supported with Identity Manager.

NetIQ iManager 2.7.7 Patch 10 or later

You must install iManager 2.7.7 Patch 10 or later to support eDirectory 8.8.8 SP8 or later. Ensure that you update your existing plug-ins to the latest versions for the iManager version you are using.

IMPORTANT:Do not install iManager 3.x on a server running eDirectory 8.8.8.x. Similarly, do not install iManager 2.7.7.x on a server running eDirectory 9.0.1. If you are planning to upgrade eDirectory 8.8.x to 9.0.1 on a server running iManager 2.7.7.x, ensure that iManager is upgraded to 3.x. iManager 3.x is compatible with eDirectory 9.0.1.

NetIQ recommends you to clear the browser cache soon after upgrading the Identity Manager plug-ins.

NetIQ iManager 3.0.3 or later

You must install iManager 3.x to support eDirectory 9.0.1 or later. Ensure that you update your existing plug-ins to the latest versions for the iManager version you are using.

NetIQ Self Service Password Reset 3.3.1.2, at a minimum

NetIQ One SSO Provider 6.1.3, at a minimum

 

For more information about the software requirements, see “Selecting an Operating System Platform for Identity Manager” in the NetIQ Identity Manager Setup Guide.

3.0 Upgrading to this Service Pack

Review the supported upgrade paths and the order in which the components must be upgraded before starting to upgrade your current version.

3.1 Supported Upgraded Paths

Use the following information to upgrade to Identity Manager 4.5.6.

Base Version

Upgraded Version

Identity Manager engine, eDirectory, and Identity Applications

 

Identity Manager 4.5.5 with eDirectory 9.0.1

Identity Manager 4.5.6 with eDirectory 9.0.3 (apply HF1)

Identity Manager 4.5.5 with eDirectory 9.0.1

Identity Manager 4.5.6 with eDirectory 9.0.3 (apply HF1)

Identity Manager 4.5.5 with eDirectory 8.8.8 SP9

Identity Manager 4.5.6 with eDirectory 8.8.8 SP10 (apply HF1)

Identity Manager 4.5.5 with eDirectory 8.8.8 SP8

Identity Manager 4.5.6 with eDirectory 8.8.8 SP9

Identity Manager 4.5.4 or later with eDirectory 9.0.1

Identity Manager 4.5.6 with eDirectory 9.0.3 (apply HF1)

Identity Manager 4.5.4 with eDirectory 9.0.2

Identity Manager 4.5.6 with eDirectory 9.0.3 (apply HF1)

Remote Loader

 

Identity Manager 4.5.5 with Remote Loader 4.5.5

Identity Manager 4.5.6 with Remote Loader 4.5.6

Before starting the upgrade, NetIQ recommends that you review the information from the release notes for your current version:

3.2 Upgrade Order

You must upgrade the components in the following order, depending on your current version:

  1. Identity Manager Engine

  2. Remote Loader

  3. Configuration Update Utility 4.5.0.3

  4. Java 1.8.0_131

  5. Apache Tomcat 7.0.78

  6. PostgreSQL 9.3.17

  7. Identity Applications (for Advanced Edition)

  8. Roles and Resource Service Driver 4.5.0.2 or later

  9. User Application Driver 4.5.0.2 or later

  10. Identity Reporting

  11. One SSO Provider 6.1.3 or later

  12. Self Service Password Reset

Before beginning the installation, review the following considerations to help you plan the installation:

  • This release updates the Java version to 1.8.0_131 for the Identity Manager engine. You need to manually update your current Java version for the Identity Applications, Identity Reporting, Designer, and Analyzer. For more information, see Installing Java 1.8 Update 131 on the Identity Manager Servers.

  • For Identity Manager Advanced Edition, update Java 1.8 Update 131 before installing the Identity Applications.

  • For Identity Manager Standard Edition, update Java 1.8 Update 131 before installing Identity Reporting.

3.3 Updating the Identity Manager Engine

This service pack includes a IDM_engine_rl_IDM4.5.6.zip for updating the Identity Manager engine. Install this package on the Identity Manager engine server.

The Identity Manager engine 4.5.6 installation files are included in the IDM_engine_rl_IDM4.5.6.zip file. The zipped file contains the following folders:

  • Identity Manager 4.5.6 Engine and Remote Loader (cd-image)

  • Compatibility installer for installing Identity Manager 4.5 on eDirectory 9.0.2 (idm45_eDir90_compat)

  • SAML 1.1.2 (SAML)

To upgrade to Identity Manager 4.5.6 engine, perform the following actions:

  1. Install the Identity Manager 4.5.6 engine service pack on the Identity Manager engine server by performing the steps listed in the readme file from the download page.

  2. Select the type of Remote Loader you want to update, then click OK.

  3. Click OK when the pop-up message appears.

    This message indicates that Identity Manager is not Suite B complaint.

  4. Click Done after the installation is complete.

IMPORTANT:NetIQ allows you to install Identity Manager 4.5.0 with eDirectory 9.0.1 or later using a special compatibility installer. For instructions to upgrade to Identity Manager 4.5.6, see Section 3.5, Installing Identity Manager 4.5.6 on eDirectory 9.0.1 or Later.

For more information, see “Hotfixing the Identity Manager Engine and Remote Loader” in the NetIQ Identity Manager Setup Guide.

3.4 Upgrading to Identity Manager 4.5.6 with eDirectory 8.8.8 Patch 8 or Later

You can upgrade Identity Manager 4.5, 4.5.1, 4.5.2, 4.5.3, 4.5.4, or 4.5.5 to Identity Manager 4.5.6 with a minimum version of eDirectory 8.8.8 Patch 8.

To upgrade to Identity Manager 4.5.6, perform the following actions:

  1. Install the Identity Manager 4.5.6 engine service pack on the Identity Manager engine server by performing the steps listed in the readme file from the download page.

  2. Select the type of Remote Loader you want to update, then click OK.

  3. Click OK when the pop-up message appears.

    This message indicates that Identity Manager is not Suite B complaint.

  4. Click Done after the installation is complete.

IMPORTANT:NetIQ allows you to install Identity Manager 4.5.0 with eDirectory 9.0.1 or later using a special compatibility installer. For instructions to upgrade to Identity Manager 4.5.6, see Section 3.5, Installing Identity Manager 4.5.6 on eDirectory 9.0.1 or Later.

3.5 Installing Identity Manager 4.5.6 on eDirectory 9.0.1 or Later

NetIQ supports installing Identity Manager 4.5 on eDirectory 9.0.1 or later. You perform this installation in two steps. First you install the Identity Manager 4.5 engine on eDirectory 9.0.1 or later by using the compatibility installer located in the idm45_eDir90_compat folder. You must follow this installation by immediately updating the engine with the Identity Manager 4.5.6 Engine Service Pack. This service pack contains the required software to enable the Identity Manager engine to function with eDirectory 9.0.1 or later and it is a mandatory step.

NOTE:Identity Manager 4.5.6 is not completely Suite B compliant. For a list of supported Suite B features, see Section 6.1, Features of eDirectory 9.0.1 or Later That Can be Enabled on the Identity Vault Server.

Installation Procedure

  1. Install Identity Manager 4.5.

    On eDirectory 9.0.1 or later server, perform the following actions:

    1. Download the Identity Manager 4.5 ISO.

    2. Extract the ISO contents to a folder.

    3. From the directory that contains the installation files, complete one of the following actions:

      • Linux: Replace the <ISO Extracted folder>/products/IDM/linux/setup/idm_linux.bin file with idm45_eDir90_compat/release/idm_linux.bin.

      • Windows: Replace the <ISO Extracted folder>\products\IDM\windows\setup\idm_install.exe file with idm45_eDir90_compat\release\idm_install.exe.

    4. Navigate to the extracted folder and complete one of the following actions:

      • Linux: Browse to the <ISO Extract folder>/products/IDM folder and run install.bin file.

      • Windows: Browse to the <ISO Extract folder>\products\IDM\windows\setup folder and run install.exe file.

      NOTE:

      • Identity Manager does not support this installation using the integrated installation program.

      • SAML method 1.1.2 is added by default using the compatibility installer (idm45_eDir90_compat).

  2. Apply the Identity Manager 4.5.6 or later engine service pack from the download page.

    NOTE:

    • This is a mandatory step to perform, as Identity Manager 4.5 versions prior to version 4.5.4 are not compatible with eDirectory 9.0.1 or later.

    • While installing Identity Manager 4.5 engine using compatibility installer, the following message is displayed:

      sh: /var/opt/novell/nici/nicimud: No such file or directory

      It is safe to ignore this message.

  3. (Conditional) Update other Identity Manager components to the latest versions.

    For more information, see NetIQ Identity Manager Setup Guide.

3.6 Updating the Identity Applications

This service pack includes an update to the identity applications that run on a Tomcat, WebSphere, and JBoss application server. Download the IDM45-Apps-SP-6.zip file to the server where you deployed the identity applications and perform the steps listed in the readme files.

Updating PostgreSQL Database

This service pack requires you to update your existing PostgreSQL database to 9.3.17 version. To update the database, perform the steps listed in the readme file from the download page.

Updating the Keystore Path in the Configuration Update Utility

To update the path of the keystore in the Configuration Update utility, perform the steps listed in the readme file from the download page.

Updating SAML 1.1.2

This service pack includes support for SAML 1.1.2. The installation files are included in the IDM_engine_rl_IDM4.5.6.zip file. For information about using SAML 1.1.2 with the identity applications, perform the steps listed in the readme file from the download page.

NOTE:This is an optional step because this service pack includes the same SAML version that was packaged with Identity Manager 4.5.5 and Identity Manager 4.5.4. You do not need to reinstall the product if you already installed it with one of these versions.

3.7 Installing Java 1.8 Update 131

This service pack provides support for Java version 1.8.0_131 for Identity Manager components except Designer.

Installing Java 1.8 Update 131 on the Identity Manager Servers

This service pack certifies Java 1.8.0_131 (JDK 8u131 or JRE 8u131) for use with the Identity Manager engine and Identity Applications. The later versions of Java 1.8 are also supported. To install Java 1.8 Update 131, see the readme files from the following download pages:

  • Identity Manager Engine

  • Identity Applications

Updating Java 1.8 Update 131 for Analyzer

This service pack updates Analyzer to support Java 1.8 (32-bit).

  1. On the server where you installed Analyzer, create a directory for Java 1.8.

    For example, opt/netiq/jdk1.8.0_131.

  2. Download and install the Java 1.8 files in this directory.

  3. Open the Analyzer.ini file located in the Analyzer installation directory.

  4. Update the Java path in the Analyzer.ini file.

  5. Replace the existing (jre) folder with the Java 1.8 folder in the installation directory.

3.8 Updating Self Service Password Reset

This service pack requires NetIQ Self Service Password Reset 3.3.1.2, at a minimum. To install this version, download the package and perform the steps listed in the readme file from the download page.

3.9 Upgrading Identity Vault from eDirectory 8.8.8 to eDirectory 9.0.1 or Later

You can upgrade Identity Vault from eDirectory 8.8.8 to eDirectory 9.0.1 or later only on Identity Manager 4.5.4 with eDirectory 8.8.8 Patch 8. If your current Identity Manager version is 4.0.2, you must first upgrade to Identity Manager 4.5 and then apply the Identity Manager 4.5.6 Service Pack with eDirectory 8.8.8 Patch 8 or later.

Perform the following actions to upgrade Identity Vault from eDirectory 8.8.8 to eDirectory 9.0.1 or later:

  1. Ensure that your current eDirectory version on Identity Manager Server is eDirectory 8.8.8 Patch 8 or later.

  2. Update SAML methods to version 1.1.2. For more information, perform the steps listed in the readme file from the download page and restart eDirectory

    IMPORTANT:iManager NMAS plug-in should not be used to update SAML 1.1.2. For more information, see Section 7.1, eDirectory Crashes after Updating the SAML Method from Earlier Versions to SAML 1.1.2 or Later.

    This is mandatory for Identity Manager Advanced Edition with Role Based Provisioning Module installed and configured with SAML login method.

  3. Upgrade eDirectory 8.8.8 Patch 8 to eDirectory to 9.0.1 or later. For more information, see eDirectory 9.0 Service Pack 1 Release Notes.

  4. Upgrade iManager 2.7.7.x to iManager 3.0.2. For more information, see NetIQ iManager 3.0 Service Pack 1 Release Notes.

  5. Ensure you update the iManager plug-ins to 3.0.2.

4.0 Installing this Service Pack on SLES 12 Service Pack 2 Server

Install the Identity Manager 4.5 components in the given sequence using the individual component installation programs and then apply this service pack on the specified components. For more information, see Section 3.0, Upgrading to this Service Pack.

IMPORTANT:Identity Manager does not support this installation using the integrated installation program.

Order of Installation

Installation Instructions

EAS

Install EAS and Identity Manager engine on separate servers. Install the following dependent libraries before starting the EAS installation:

For more information about installing EAS, see Installing EAS in the Identity Manager Setup Guide.

eDirectory

Install one of the following versions:

  • eDirectory 8.8.8 Patch 8, eDirectory 8.8.8 Patch 9, or eDirectory 8.8.8 Patch 10 or later

  • eDirectory 9.0.1, eDirectory 9.0.2, or eDirectory 9.0.3 or later

NOTE:Identity Manager ships eDirectory 8.8 SP8 Patch 3 as part of Identity Manager 4.5 ISO. To support Identity Manager installation on SLES 12.x, ensure that your eDirectory is running 8.8 SP8 Patch 8 at a minimum.

Download the patch from the NetIQ downloads page. For more information, see the Release Notes accompanying the patch at eDirectory 8.8 SP8 documentation site.

Identity Manager Engine and Remote Loader

Install the Identity Manager engine as instructed “Installing the Identity Manager Engine, Drivers, and Plug-ins” in the Identity Manager Setup Guide. Install the following dependant library before starting the installation:

iManager

Install one of the following versions depending on your eDirectory version:

  • iManager 2.7 SP7 Patch 10 (for eDirectory 8.8.8.x)

  • iManager 3.0.3 or later (for eDirectory 9.0.1.x)

Download the patch from the NetIQ downloads page. For more information, see the Release Notes accompanying the patch at iManager 2.7.7 documentation site.

Ensure that you install the following dependent library before starting the installation:

For detailed installation instructions, see Installing iManager in the Identity Manager Setup Guide.

Designer

  1. Download and extract XULRunner-24 (64-bit) from the Mozilla FTP site.

  2. Open the Designer.ini file from the designer installation directory.

  3. Add the following lines at the end of the Designer.ini file:

    -Dorg.eclipse.swt.browser.XULRunnerPath=<path where XULRunner is extracted>

    -Dorg.eclipse.swt.internal.gtk.disablePrinting

  4. Save the Designer.ini file and restart Designer.

Analyzer

  1. Install the following RPMs from the SLES 12 installation media:

    • gtk2-tools (32-bit)

    • libXtst6 (32-bit)

    • libgthread-2_0-0 (32-bit)

    • libXt6 (32-bit)

  2. Download and extract XULRunner-1.9.2 (32-bit) from the Mozilla FTP site.

  3. Open the Analyzer.ini file from the analyzer installation directory.

  4. Add the following line at the end of the Analyzer.ini file.

    -Dorg.eclipse.swt.browser.XULRunnerPath=<path where XULRunner is extracted>:

  5. Save the Analyzer.ini file and restart Analyzer.

Self Service Password Reset

For more information about installing Self Service Password Reset, see Installing the Single Sign-on and Password Management Components in the Identity Manager Setup Guide.

One SSO Provider

For more information about installing One SSO Provider, see Installing the Single Sign-on and Password Management Components in the Identity Manager Setup Guide.

Identity Applications

For more information about installing Identity Applications, see Installing the Identity Applications in the Identity Manager Setup Guide.

Identity Reporting

For more information about installing Identity Reporting, see Installing the Identity Reporting Components in the Identity Manager Setup Guide.

5.0 Installing this Service Pack on RHEL 7.3 Server

Install the Identity Manager 4.5 components in the given sequence using the individual component installation programs and then apply this service pack on the specified components. For more information, see Section 3.0, Upgrading to this Service Pack.

IMPORTANT:Identity Manager does not support this installation using the integrated installation program.

Installation Order

Description

EAS

Install EAS and Identity Manager engine on separate servers. Install the following dependent libraries before starting the EAS installation:

For more information about installing EAS, see Installing EAS in the Identity Manager Setup Guide.

eDirectory

Install one of the following versions:

  • eDirectory 8.8.8 Patch 8, eDirectory 8.8.8 Patch 9, or eDirectory 8.8.8 Patch 10 or later

  • eDirectory 9.0.1, eDirectory 9.0.2, or eDirectory 9.0.3

NOTE:Identity Manager ships eDirectory 8.8 SP8 Patch 3 as part of Identity Manager 4.5 ISO. To support Identity Manager installation on RHEL 7.3, ensure that your eDirectory is running 8.8 SP8 Patch 8 at a minimum.

Download the patch from the NetIQ downloads page. For more information, see the Release Notes accompanying the patch at eDirectory 8.8 SP8 documentation site.

Identity Manager Engine and Remote Loader

Install the Identity Manager engine as instructed “Installing the Identity Manager Engine, Drivers, and Plug-ins” in the Identity Manager Setup Guide. Install the following dependant library before starting the installation:

iManager

Install one of the following versions depending on your eDirectory version:

  • iManager 2.7 SP7 Patch 10 (for eDirectory 8.8.8.x)

  • iManager 3.0.3 (for eDirectory 9.0.1.x)

Download the patch from the NetIQ downloads page. For more information, see the Release Notes accompanying the patch at iManager 2.7.7 documentation site.

Ensure that you install the following dependent library before starting the installation:

For detailed installation instructions, see Installing iManager in the Identity Manager Setup Guide.

Self Service Password Reset

For more information about installing Self Service Password Reset, see Installing the Single Sign-on and Password Management Components in the Identity Manager Setup Guide.

One SSO Provider

For more information about installing One SSO Provider, see Installing the Single Sign-on and Password Management Components in the Identity Manager Setup Guide.

Identity Applications

For more information about installing Identity Applications, see Installing the Identity Applications in the Identity Manager Setup Guide.

Identity Reporting

For more information about installing Identity Reporting, see Installing the Identity Reporting Components in the Identity Manager Setup Guide.

6.0 Working with eDirectory 9.0.1 or Later

In addition to eDirectory 8.8.8, Identity Manager supports installing eDirectory 9.0.1 or later as an Identity Vault and as a connected system. Before using eDirectory 9.0.1 or later with Identity Manager, NetIQ recommends that you review the following sections:

6.1 Features of eDirectory 9.0.1 or Later That Can be Enabled on the Identity Vault Server

Review the following table to understand which features of eDirectory 9.0.1 or later can be enabled with Identity Manager. None of these restrictions apply when eDirectory 9.0.1 or later is used as a connected system. For more information about the new features of eDirectory 9.0.1, see eDirectory 9.0 Release Notes and eDirectory 9.0.1 Release Notes.

Feature

Can be enabled on eDirectory (Identity Vault)

Description

TLS 1.2

Yes

Can enable all TCP communication using TLS 1.2

Suite B Configuration

  • AES 256-bit SDI Key

  • LDAP and HTTP Services

  • Authentication

  • NPKI (NetIQ Certificate Server)

  • Yes

  • No

  • Yes

  • No

  • No impact on Identity Manager

  • The Identity Manager services continue to use the RSA certificate after upgrading to eDirectory 9.0.1.

  • No impact on Identity Manager

  • If Suite B is enabled on the CA (use of Elliptical Curve certificate), the NPKI service restricts the generation of RSA certificate. The Identity Manager modules that consume RSA certificate will not function as expected.

Container Readiness

Yes

No impact on Identity Manager

Enhanced Nested groups

Yes

Not supported by Identity Manager engine and drivers

Proxied Authorization Control

Yes

No impact on Identity Manager

Monitoring

Yes

No support extended for monitoring Identity Manager components

Enhanced Data Replication

Yes

No impact on Identity Manager

Improved Data Synchronization

Yes

No impact on Identity Manager

Optimized Janitor thread of Inherited ACL Calculation

Yes

No impact on Identity Manager

6.2 Turning Off Suite B Settings on the Identity Vault Server

If NDSPKI or LDAP Services are enabled with Suite B, then Identity Manager 4.5.6 may not work as expected. Refer to the following table to revert these components to a non-Suite B mode.

Module

When Suite B is Enabled

Recovery Option

NPKI (NetIQ Certificate Server)

If Suite B is enabled on the CA, the NPKI server restricts the generation of RSA certificate.The Identity Manager modules that consume RSA certificate will not function as expected.

Disable this mode

For more information, see the NetIQ eDirectory Administration Guide.

LDAP Services

The Identity Manager modules that use LDAP services will not be able to connect to eDirectory.

Disable Suite B or reconfigure these services to a non-Suite B mode.

For more information, see the NetIQ eDirectory Administration Guide.

7.0 Known Issues

NetIQ Corporation strives to ensure that our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

For the list of the known issues in Identity Manager 4.5, Identity Manager Standard Edition 4.5.1, Identity Manager 4.5.2, Identity Manager 4.5.3, Identity Manager 4.5.4, and Identity Manager 4.5.5, see the Release Notes for each version on the Identity Manager 4.5 Documentation page.

7.1 eDirectory Crashes after Updating the SAML Method from Earlier Versions to SAML 1.1.2 or Later

Issue: eDirectory crashes after updating the SAML method from 1.1.1 or earlier to SAML 1.1.2 (or later). This occurs due to the unloading of the older method by the NMAS server to load the new method.

Also, updating to SAML 1.1.2 method by using iManager NMAS plug-in causes eDirectory to crash.(Bug 984380)

Workaround: The new NMAS SAML 1.1.2 only takes effect after restarting the eDirectory server.

7.2 Unable to Uninstall NetIQ iManager Password Management Plug-In from iManager

Issue: If you uninstall the Password Management plug-in from iManager, it displays a message and does not uninstall the plug-in.

Workaround: Upgrade iManager and then uninstall the plug-in. For more information, see the iManager Installation Guide.

9.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.