NetIQ Identity Manager 4.5 Service Pack 6 improves usability and resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Manager Community Forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.
The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Identity Manager Documentation Web site page.
Identity Manager 4.5.6 provides the following enhancements and fixes in this release:
In addition to the existing platforms, this service pack extends support for the following platforms:
SUSE Linux Enterprise Server (SLES) 12 SP2
Red Hat Enterprise Linux (RHEL) 7.3
This service pack provides updates for the following components in Identity Manager:
Identity Manager engine
Identity applications
NetIQ One SSO Provider
IMPORTANT:This service pack does not include updates to Designer.
This service pack updates the following components to support Java Development Kit 8 Update 131 (jdk8u131) or Java Runtime Environment 1.8 Update 131 (jre8u131).
Identity Manager engine
Identity applications, running on Apache Tomcat
Identity Reporting, running on Apache Tomcat
This service pack updates the Java version for the Identity Manager engine.
NOTE:You can download Java 1.8 Update 131 directly from the Oracle Site.
You need to manually update your current Java version for the identity applications, Identity Reporting, and Analyzer. For more information, see Section 3.7, Installing Java 1.8 Update 131.
NOTE:If you use JBoss Enterprise Application Platform (EAP) or WebSphere, do not upgrade to Java 1.8. For more information, see JBoss has Errors Running the Identity Applications with Java Development Kit 8 in the NetIQ Identity Manager 4.5 Service Pack 3 Release Notes.
This service pack requires Tomcat 7.0.78. Install this package on the Identity Applications server and perform the steps listed in the readme file.
This service pack requires NetIQ One SSO Provider 6.1.3 at a minimum. The OSP files are packaged in the IDM45-Apps-SP-6 file. To upgrade to OSP 6.1.3, perform the steps listed in the readme file.
NetIQ Identity Manager includes software fixes that resolve several previous issues in the Identity Manager engine and plug-ins.
The NetIQ Identity Manager Patch Installer program for the Identity Manager engine and Remote Loader successfully updates the installed RPMs without the need for having the PERL software installed on your server. (Bug 1029331)
In a multi-server environment, although a server hosting Certificate Authority (CA) is not available, iManager successfully brings up the driver overview page for that server. (Bug 1028417)
The iManager plug-in correctly displays time for a scheduled job in the crontab string. (Bug 1035844)
The plug-in has been enhanced to accept special characters in the JDBC Fan-Out driver instance connection URL. (Bug 1035842)
NetIQ Identity Manager includes software fixes that resolve several previous issues in the identity applications.
This service pack resolves an issue where the DateTimePicker control does not correctly populate the eDirectory attributes. (Bug 993479)
The identity applications search the Identity Vault for all users before allowing a user to log in to the applications. This process prolongs the log in time when there are a large number of users in the Identity Vault. (Bug 1023238)
This issue has been resolved with this release.
While printing a request form, all the fields are correctly populated and properly displayed in the Form Print Pop-up window on the following web browsers: Google Chrome, Mozilla Firefox and Microsoft Internet Explorer 11. (Bug 992087)
If you use the DNLookUp field to search users, the scroll bar and all user details are correctly displayed.(Bug 1041741)
The pre-activity flowdata.get for the DNLookUp data item now correctly resolves the attributes specified in the Display Expression field in the Approval Print Pop-up window.(Bug 1033975)
The HTTP clients that User Application and the User Application driver use honor Subject Alternate Names in a certificate that enable the User Application driver to verify the User Application's X.509 certificate. (Bug 998840)
This service pack requires the following product versions:
Product Version |
Description |
---|---|
NetIQ Identity Manager 4.5 or later |
This includes Identity Manager engine, Identity Applications, Identity Reporting, Designer 4.6.1 at a minimum |
NetIQ eDirectory 8.8.8 Patch 8, eDirectory 8.8.8 Patch 9, or eDirectory 8.8.8 Patch 10, or eDirectory 8.8.8 Patch 10 Hot Fix (HF) 1 |
You can only upgrade Identity Manager 4.5.6 with eDirectory 8.8.8 Patch 8 or later to eDirectory 9.0.1 or later. |
NetIQ eDirectory 9.0.1, eDirectory 9.0.2, eDirectory 9.0.3, or eDirectory 9.0.3 HF1 |
Support for eDirectory 9.0.1 was introduced in Identity Manager 4.5 Service Pack 4 release. eDirectory 9.0 is not supported with Identity Manager. |
NetIQ iManager 2.7.7 Patch 10 or later |
You must install iManager 2.7.7 Patch 10 or later to support eDirectory 8.8.8 SP8 or later. Ensure that you update your existing plug-ins to the latest versions for the iManager version you are using. IMPORTANT:Do not install iManager 3.x on a server running eDirectory 8.8.8.x. Similarly, do not install iManager 2.7.7.x on a server running eDirectory 9.0.1. If you are planning to upgrade eDirectory 8.8.x to 9.0.1 on a server running iManager 2.7.7.x, ensure that iManager is upgraded to 3.x. iManager 3.x is compatible with eDirectory 9.0.1. NetIQ recommends you to clear the browser cache soon after upgrading the Identity Manager plug-ins. |
NetIQ iManager 3.0.3 or later |
You must install iManager 3.x to support eDirectory 9.0.1 or later. Ensure that you update your existing plug-ins to the latest versions for the iManager version you are using. |
NetIQ Self Service Password Reset 3.3.1.2, at a minimum |
|
NetIQ One SSO Provider 6.1.3, at a minimum |
|
For more information about the software requirements, see “Selecting an Operating System Platform for Identity Manager” in the NetIQ Identity Manager Setup Guide.
Review the supported upgrade paths and the order in which the components must be upgraded before starting to upgrade your current version.
If you are running eDirectory 9.0.1 or later and you want to install Identity Manager 4.5.6 on this eDirectory version, run the compatibility installer and apply Identity Manager 4.5.6 service pack on the installed package. For more information, see Section 3.5, Installing Identity Manager 4.5.6 on eDirectory 9.0.1 or Later.
If you are running eDirectory 9.0.1 or later with Identity Manager 4.5.4 or later, you can directly apply 4.5.6 Service Pack on the installed package. For more information, see Section 3.3, Updating the Identity Manager Engine.
If you are running eDirectory 8.8.8 Patch 8 or later and you want to upgrade to Identity Manager 4.5.6, see Section 3.4, Upgrading to Identity Manager 4.5.6 with eDirectory 8.8.8 Patch 8 or Later.
Use the following information to upgrade to Identity Manager 4.5.6.
Base Version |
Upgraded Version |
---|---|
Identity Manager engine, eDirectory, and Identity Applications |
|
Identity Manager 4.5.5 with eDirectory 9.0.1 |
Identity Manager 4.5.6 with eDirectory 9.0.3 (apply HF1) |
Identity Manager 4.5.5 with eDirectory 9.0.1 |
Identity Manager 4.5.6 with eDirectory 9.0.3 (apply HF1) |
Identity Manager 4.5.5 with eDirectory 8.8.8 SP9 |
Identity Manager 4.5.6 with eDirectory 8.8.8 SP10 (apply HF1) |
Identity Manager 4.5.5 with eDirectory 8.8.8 SP8 |
Identity Manager 4.5.6 with eDirectory 8.8.8 SP9 |
Identity Manager 4.5.4 or later with eDirectory 9.0.1 |
Identity Manager 4.5.6 with eDirectory 9.0.3 (apply HF1) |
Identity Manager 4.5.4 with eDirectory 9.0.2 |
Identity Manager 4.5.6 with eDirectory 9.0.3 (apply HF1) |
Remote Loader |
|
Identity Manager 4.5.5 with Remote Loader 4.5.5 |
Identity Manager 4.5.6 with Remote Loader 4.5.6 |
Before starting the upgrade, NetIQ recommends that you review the information from the release notes for your current version:
You must upgrade the components in the following order, depending on your current version:
Identity Manager Engine
Remote Loader
Configuration Update Utility 4.5.0.3
Java 1.8.0_131
Apache Tomcat 7.0.78
PostgreSQL 9.3.17
Identity Applications (for Advanced Edition)
Roles and Resource Service Driver 4.5.0.2 or later
User Application Driver 4.5.0.2 or later
Identity Reporting
One SSO Provider 6.1.3 or later
Self Service Password Reset
Before beginning the installation, review the following considerations to help you plan the installation:
This release updates the Java version to 1.8.0_131 for the Identity Manager engine. You need to manually update your current Java version for the Identity Applications, Identity Reporting, Designer, and Analyzer. For more information, see Installing Java 1.8 Update 131 on the Identity Manager Servers.
For Identity Manager Advanced Edition, update Java 1.8 Update 131 before installing the Identity Applications.
For Identity Manager Standard Edition, update Java 1.8 Update 131 before installing Identity Reporting.
This service pack includes a IDM_engine_rl_IDM4.5.6.zip for updating the Identity Manager engine. Install this package on the Identity Manager engine server.
The Identity Manager engine 4.5.6 installation files are included in the IDM_engine_rl_IDM4.5.6.zip file. The zipped file contains the following folders:
Identity Manager 4.5.6 Engine and Remote Loader (cd-image)
Compatibility installer for installing Identity Manager 4.5 on eDirectory 9.0.2 (idm45_eDir90_compat)
SAML 1.1.2 (SAML)
To upgrade to Identity Manager 4.5.6 engine, perform the following actions:
Install the Identity Manager 4.5.6 engine service pack on the Identity Manager engine server by performing the steps listed in the readme file from the download page.
Select the type of Remote Loader you want to update, then click OK.
Click OK when the pop-up message appears.
This message indicates that Identity Manager is not Suite B complaint.
Click Done after the installation is complete.
IMPORTANT:NetIQ allows you to install Identity Manager 4.5.0 with eDirectory 9.0.1 or later using a special compatibility installer. For instructions to upgrade to Identity Manager 4.5.6, see Section 3.5, Installing Identity Manager 4.5.6 on eDirectory 9.0.1 or Later.
For more information, see “Hotfixing the Identity Manager Engine and Remote Loader” in the NetIQ Identity Manager Setup Guide.
You can upgrade Identity Manager 4.5, 4.5.1, 4.5.2, 4.5.3, 4.5.4, or 4.5.5 to Identity Manager 4.5.6 with a minimum version of eDirectory 8.8.8 Patch 8.
To upgrade to Identity Manager 4.5.6, perform the following actions:
Install the Identity Manager 4.5.6 engine service pack on the Identity Manager engine server by performing the steps listed in the readme file from the download page.
Select the type of Remote Loader you want to update, then click OK.
Click OK when the pop-up message appears.
This message indicates that Identity Manager is not Suite B complaint.
Click Done after the installation is complete.
IMPORTANT:NetIQ allows you to install Identity Manager 4.5.0 with eDirectory 9.0.1 or later using a special compatibility installer. For instructions to upgrade to Identity Manager 4.5.6, see Section 3.5, Installing Identity Manager 4.5.6 on eDirectory 9.0.1 or Later.
NetIQ supports installing Identity Manager 4.5 on eDirectory 9.0.1 or later. You perform this installation in two steps. First you install the Identity Manager 4.5 engine on eDirectory 9.0.1 or later by using the compatibility installer located in the idm45_eDir90_compat folder. You must follow this installation by immediately updating the engine with the Identity Manager 4.5.6 Engine Service Pack. This service pack contains the required software to enable the Identity Manager engine to function with eDirectory 9.0.1 or later and it is a mandatory step.
NOTE:Identity Manager 4.5.6 is not completely Suite B compliant. For a list of supported Suite B features, see Section 6.1, Features of eDirectory 9.0.1 or Later That Can be Enabled on the Identity Vault Server.
Install Identity Manager 4.5.
On eDirectory 9.0.1 or later server, perform the following actions:
Download the Identity Manager 4.5 ISO.
Extract the ISO contents to a folder.
From the directory that contains the installation files, complete one of the following actions:
Linux: Replace the <ISO Extracted folder>/products/IDM/linux/setup/idm_linux.bin file with idm45_eDir90_compat/release/idm_linux.bin.
Windows: Replace the <ISO Extracted folder>\products\IDM\windows\setup\idm_install.exe file with idm45_eDir90_compat\release\idm_install.exe.
Navigate to the extracted folder and complete one of the following actions:
Linux: Browse to the <ISO Extract folder>/products/IDM folder and run install.bin file.
Windows: Browse to the <ISO Extract folder>\products\IDM\windows\setup folder and run install.exe file.
NOTE:
Identity Manager does not support this installation using the integrated installation program.
SAML method 1.1.2 is added by default using the compatibility installer (idm45_eDir90_compat).
Apply the Identity Manager 4.5.6 or later engine service pack from the download page.
NOTE:
This is a mandatory step to perform, as Identity Manager 4.5 versions prior to version 4.5.4 are not compatible with eDirectory 9.0.1 or later.
While installing Identity Manager 4.5 engine using compatibility installer, the following message is displayed:
sh: /var/opt/novell/nici/nicimud: No such file or directory
It is safe to ignore this message.
(Conditional) Update other Identity Manager components to the latest versions.
For more information, see NetIQ Identity Manager Setup Guide.
This service pack includes an update to the identity applications that run on a Tomcat, WebSphere, and JBoss application server. Download the IDM45-Apps-SP-6.zip file to the server where you deployed the identity applications and perform the steps listed in the readme files.
This service pack requires you to update your existing PostgreSQL database to 9.3.17 version. To update the database, perform the steps listed in the readme file from the download page.
To update the path of the keystore in the Configuration Update utility, perform the steps listed in the readme file from the download page.
This service pack includes support for SAML 1.1.2. The installation files are included in the IDM_engine_rl_IDM4.5.6.zip file. For information about using SAML 1.1.2 with the identity applications, perform the steps listed in the readme file from the download page.
NOTE:This is an optional step because this service pack includes the same SAML version that was packaged with Identity Manager 4.5.5 and Identity Manager 4.5.4. You do not need to reinstall the product if you already installed it with one of these versions.
This service pack provides support for Java version 1.8.0_131 for Identity Manager components except Designer.
This service pack certifies Java 1.8.0_131 (JDK 8u131 or JRE 8u131) for use with the Identity Manager engine and Identity Applications. The later versions of Java 1.8 are also supported. To install Java 1.8 Update 131, see the readme files from the following download pages:
Identity Manager Engine
Identity Applications
This service pack updates Analyzer to support Java 1.8 (32-bit).
On the server where you installed Analyzer, create a directory for Java 1.8.
For example, opt/netiq/jdk1.8.0_131.
Download and install the Java 1.8 files in this directory.
Open the Analyzer.ini file located in the Analyzer installation directory.
Update the Java path in the Analyzer.ini file.
Replace the existing (jre) folder with the Java 1.8 folder in the installation directory.
This service pack requires NetIQ Self Service Password Reset 3.3.1.2, at a minimum. To install this version, download the package and perform the steps listed in the readme file from the download page.
You can upgrade Identity Vault from eDirectory 8.8.8 to eDirectory 9.0.1 or later only on Identity Manager 4.5.4 with eDirectory 8.8.8 Patch 8. If your current Identity Manager version is 4.0.2, you must first upgrade to Identity Manager 4.5 and then apply the Identity Manager 4.5.6 Service Pack with eDirectory 8.8.8 Patch 8 or later.
Perform the following actions to upgrade Identity Vault from eDirectory 8.8.8 to eDirectory 9.0.1 or later:
Ensure that your current eDirectory version on Identity Manager Server is eDirectory 8.8.8 Patch 8 or later.
Update SAML methods to version 1.1.2. For more information, perform the steps listed in the readme file from the download page and restart eDirectory
IMPORTANT:iManager NMAS plug-in should not be used to update SAML 1.1.2. For more information, see Section 7.1, eDirectory Crashes after Updating the SAML Method from Earlier Versions to SAML 1.1.2 or Later.
This is mandatory for Identity Manager Advanced Edition with Role Based Provisioning Module installed and configured with SAML login method.
Upgrade eDirectory 8.8.8 Patch 8 to eDirectory to 9.0.1 or later. For more information, see eDirectory 9.0 Service Pack 1 Release Notes.
Upgrade iManager 2.7.7.x to iManager 3.0.2. For more information, see NetIQ iManager 3.0 Service Pack 1 Release Notes.
Ensure you update the iManager plug-ins to 3.0.2.
Install the Identity Manager 4.5 components in the given sequence using the individual component installation programs and then apply this service pack on the specified components. For more information, see Section 3.0, Upgrading to this Service Pack.
IMPORTANT:Identity Manager does not support this installation using the integrated installation program.
Order of Installation |
Installation Instructions |
---|---|
EAS |
Install EAS and Identity Manager engine on separate servers. Install the following dependent libraries before starting the EAS installation:
For more information about installing EAS, see Installing EAS in the Identity Manager Setup Guide. |
eDirectory |
Install one of the following versions:
NOTE:Identity Manager ships eDirectory 8.8 SP8 Patch 3 as part of Identity Manager 4.5 ISO. To support Identity Manager installation on SLES 12.x, ensure that your eDirectory is running 8.8 SP8 Patch 8 at a minimum. Download the patch from the NetIQ downloads page. For more information, see the Release Notes accompanying the patch at eDirectory 8.8 SP8 documentation site. |
Identity Manager Engine and Remote Loader |
Install the Identity Manager engine as instructed “Installing the Identity Manager Engine, Drivers, and Plug-ins” in the Identity Manager Setup Guide. Install the following dependant library before starting the installation:
|
iManager |
Install one of the following versions depending on your eDirectory version:
Download the patch from the NetIQ downloads page. For more information, see the Release Notes accompanying the patch at iManager 2.7.7 documentation site. Ensure that you install the following dependent library before starting the installation:
For detailed installation instructions, see Installing iManager in the Identity Manager Setup Guide. |
Designer |
|
Analyzer |
|
Self Service Password Reset |
For more information about installing Self Service Password Reset, see Installing the Single Sign-on and Password Management Components in the Identity Manager Setup Guide. |
One SSO Provider |
For more information about installing One SSO Provider, see Installing the Single Sign-on and Password Management Components in the Identity Manager Setup Guide. |
Identity Applications |
For more information about installing Identity Applications, see Installing the Identity Applications in the Identity Manager Setup Guide. |
Identity Reporting |
For more information about installing Identity Reporting, see Installing the Identity Reporting Components in the Identity Manager Setup Guide. |
Install the Identity Manager 4.5 components in the given sequence using the individual component installation programs and then apply this service pack on the specified components. For more information, see Section 3.0, Upgrading to this Service Pack.
IMPORTANT:Identity Manager does not support this installation using the integrated installation program.
Installation Order |
Description |
---|---|
EAS |
Install EAS and Identity Manager engine on separate servers. Install the following dependent libraries before starting the EAS installation:
For more information about installing EAS, see Installing EAS in the Identity Manager Setup Guide. |
eDirectory |
Install one of the following versions:
NOTE:Identity Manager ships eDirectory 8.8 SP8 Patch 3 as part of Identity Manager 4.5 ISO. To support Identity Manager installation on RHEL 7.3, ensure that your eDirectory is running 8.8 SP8 Patch 8 at a minimum. Download the patch from the NetIQ downloads page. For more information, see the Release Notes accompanying the patch at eDirectory 8.8 SP8 documentation site. |
Identity Manager Engine and Remote Loader |
Install the Identity Manager engine as instructed “Installing the Identity Manager Engine, Drivers, and Plug-ins” in the Identity Manager Setup Guide. Install the following dependant library before starting the installation:
|
iManager |
Install one of the following versions depending on your eDirectory version:
Download the patch from the NetIQ downloads page. For more information, see the Release Notes accompanying the patch at iManager 2.7.7 documentation site. Ensure that you install the following dependent library before starting the installation:
For detailed installation instructions, see Installing iManager in the Identity Manager Setup Guide. |
Self Service Password Reset |
For more information about installing Self Service Password Reset, see Installing the Single Sign-on and Password Management Components in the Identity Manager Setup Guide. |
One SSO Provider |
For more information about installing One SSO Provider, see Installing the Single Sign-on and Password Management Components in the Identity Manager Setup Guide. |
Identity Applications |
For more information about installing Identity Applications, see Installing the Identity Applications in the Identity Manager Setup Guide. |
Identity Reporting |
For more information about installing Identity Reporting, see Installing the Identity Reporting Components in the Identity Manager Setup Guide. |
In addition to eDirectory 8.8.8, Identity Manager supports installing eDirectory 9.0.1 or later as an Identity Vault and as a connected system. Before using eDirectory 9.0.1 or later with Identity Manager, NetIQ recommends that you review the following sections:
Review the following table to understand which features of eDirectory 9.0.1 or later can be enabled with Identity Manager. None of these restrictions apply when eDirectory 9.0.1 or later is used as a connected system. For more information about the new features of eDirectory 9.0.1, see eDirectory 9.0 Release Notes and eDirectory 9.0.1 Release Notes.
Feature |
Can be enabled on eDirectory (Identity Vault) |
Description |
---|---|---|
TLS 1.2 |
Yes |
Can enable all TCP communication using TLS 1.2 |
Suite B Configuration |
||
|
|
|
Container Readiness |
Yes |
No impact on Identity Manager |
Enhanced Nested groups |
Yes |
Not supported by Identity Manager engine and drivers |
Proxied Authorization Control |
Yes |
No impact on Identity Manager |
Monitoring |
Yes |
No support extended for monitoring Identity Manager components |
Enhanced Data Replication |
Yes |
No impact on Identity Manager |
Improved Data Synchronization |
Yes |
No impact on Identity Manager |
Optimized Janitor thread of Inherited ACL Calculation |
Yes |
No impact on Identity Manager |
If NDSPKI or LDAP Services are enabled with Suite B, then Identity Manager 4.5.6 may not work as expected. Refer to the following table to revert these components to a non-Suite B mode.
Module |
When Suite B is Enabled |
Recovery Option |
---|---|---|
NPKI (NetIQ Certificate Server) |
If Suite B is enabled on the CA, the NPKI server restricts the generation of RSA certificate.The Identity Manager modules that consume RSA certificate will not function as expected. |
Disable this mode For more information, see the NetIQ eDirectory Administration Guide. |
LDAP Services |
The Identity Manager modules that use LDAP services will not be able to connect to eDirectory. |
Disable Suite B or reconfigure these services to a non-Suite B mode. For more information, see the NetIQ eDirectory Administration Guide. |
NetIQ Corporation strives to ensure that our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
For the list of the known issues in Identity Manager 4.5, Identity Manager Standard Edition 4.5.1, Identity Manager 4.5.2, Identity Manager 4.5.3, Identity Manager 4.5.4, and Identity Manager 4.5.5, see the Release Notes for each version on the Identity Manager 4.5 Documentation page.
Issue: eDirectory crashes after updating the SAML method from 1.1.1 or earlier to SAML 1.1.2 (or later). This occurs due to the unloading of the older method by the NMAS server to load the new method.
Also, updating to SAML 1.1.2 method by using iManager NMAS plug-in causes eDirectory to crash.(Bug 984380)
Workaround: The new NMAS SAML 1.1.2 only takes effect after restarting the eDirectory server.
Issue: If you uninstall the Password Management plug-in from iManager, it displays a message and does not uninstall the plug-in.
Workaround: Upgrade iManager and then uninstall the plug-in. For more information, see the iManager Installation Guide.
Issue: If you resynchronize a user in the Role and Resource Service driver, the driver checks the user attributes in the filter and synchronizes them, but it does not recalculate the roles and resources assigned to the user. (Bug 1093450)
Workaround: There is no workaround at this time.
Issue: If you installed Identity Applications on Windows, the catalina.out log file does not rotate the log.(Bug 979722)
Workaround: There is no workaround at this time.
This service pack includes enhancements and software fixes provided in the previous releases:
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
© 2017 NetIQ Corporation. All Rights Reserved.