NetIQ Identity Manager Identity Applications 4.7 Service Pack 1 Hotfix 1 resolves specific previous issues. This document outlines why you should install this hotfix.
For the list of software fixes and enhancements in the previous release, see NetIQ Identity Manager 4.7 Service Pack 1 Release Notes.
To download this product, see the Identity Manager Product Web site.
This component of Identity Manager 4.7 Service Pack 1 Hotfix 1 provides support for the following component versions:
JRE 1.8.181
Tomcat 8.5.32
PostgreSQL 9.6.10
For the list of software fixes and enhancements in Identity Manager 4.7 and 4.7.1, see the appropriate Release Notes on the Identity Manager Documentation page.
You must be on Identity Manager 4.7.1 at a minimum.
Bug 1100743 - Improved search ability on dynamically populated requests in idmdash Task section.
Bug 1104526 - The ‘My Profile’ page displays all options and icons properly.
Bug 1100562 - High CPU utilization for nrfrequests objects with approval configured and nrfstatus=0.
Bug 1101127 - The wwsdk.jar file is updated to support mutual authentication from Identity Applications workflows.
Bug 1107933 - The cursor behaves properly and consistently throughout the user interface.
Bug 1094296 - The Access Request screen displays the language translation correctly.
Bug 1107260 - The ‘Home Item permission’ tile is visible only to users with appropriate rights to the PRD.
(Optional) Back up all the files from the /opt/netiq/common/jre location.
Download and extract the IDM47-APPS-SP1_HF1.zip file from the download site.
Navigate to the Jre > linux > 64bit directory in the extracted file and update jre to the latest version.
Example: rpm -Uvh netiq-jrex-1.8.0-181.x86_64.rpm
Stop the Tomcat service.
(Optional) Back up all the files from the /opt/netiq/idm/apps/tomcat location.
Download and extract the IDM47-APPS-SP1_HF1.zip file from the download site.
Navigate to the Tomcat > linux directory in the extracted file and update the rpm.
Example: rpm -Uvh netiq-idmtomcat-8.5.32-0.noarch.rpm
Start the Tomcat service.
Download and extract the IDM47-APPS-SP1_HF1.zip file from the download site.
Navigate to the Postgres > linux directory in the extracted file and run the pg-upgrade.sh script.
The upgrade script performs the following actions:
Takes a backup of the existing postgres to a different folder. For example, from /opt/netiq/idm/postgres to /opt/netiq/idm/postgres-201810221903-backup.
Updates the existing Postgres directory. For example, /opt/netiq/idm/postgres.
Specify the following details to complete the installation:
Existing Postgres install location: Specify the location where PostgreSQL is installed. For example, /opt/netiq/idm/postgres.
Existing Postgres Data Directory: Specify the location of the existing PostgreSQL data directory. For example, /opt/netiq/idm/postgres/data.
Existing Postgres Database Password: Specify the PostgreSQL password.
Stop the Tomcat service.
Back up all the directories and files from the /opt/netiq/idm/apps/tomcat/webapps location.
Delete the following directories in /opt/netiq/idm/apps/tomcat/webapps:
IDMProv
idmadmin
idmdash
Download and extract the IDM47-APPS-SP1_HF1.zip file from the download site.
Navigate to the packages directory in the extracted file and copy the following files to <Tomcat-installed-location>/webapps:
IDMProv.war
idmadmin.war
idmdash.war
Run the following command to execute permissions and user rights for the replaced war files respectively:
chmod +x IDMProv.war idmdash.war idmadmin.war
chown –R novlua:novlua IDMProv.war idmdash.war idmadmin.war
Delete all the directories and files under <Tomcat-installed-location>/temp and <Tomcat-installed-location>/work.
Start the Tomcat service.
Stop the Tomcat service and all java processes.
Back up all the files from <userapps-installed-location>\jre.
Download and extract the IDM47-APPS-SP1_HF1.zip file from the download site.
Navigate to the Jre > windows > 64bit folder in the extracted file and select the 64-bit jre version. Copy all the files and replace it in <userapps-installed-location>\jre.
NOTE:You must import the certificates from the existing Java cacerts to the new cacerts file.
Start the Tomcat service.
Stop the Tomcat service.
Back up all the folders and files from <userapps-installed-location>\tomcat.
Download and extract the IDM47-APPS-SP1_HF1.zip file from the download site.
Navigate to the Tomcat > windows folder in the extracted file. Copy all the files and folders except conf and webapps folder and replace it in the respective folders in <userapps-installed-location>\tomcat.
NOTE:Do not delete the existing files or folders.
Navigate to the conf folder in the extracted file and copy the catalina.policy to <userapps-installed-location>\tomcat\conf.
(Optional) Cleanup the catalina logs.
Start the Tomcat service.
(Conditional) If you are using PostgreSQL as your database, this service pack requires you to update your existing PostgreSQL database version to 9.6.10.
Stop and disable the PostgreSQL service.
Rename the existing postgres folder in the installed location.
For example, rename postgres to postgres9.6.9.
Delete the old PostgreSQL service by running the following command:
sc delete "postgres_service_name"
For example, sc delete "postgresql-x64-9.6"
Download and extract the IDM47-APPS-SP1_HF1.zip file from the download site.
Navigate to the <extractlocation>\IDM47-APPS-SP1_HF1\Postgres\windows folder and run the NetIQ_PostgreSQL.exe file.
NOTE:
You must choose a location other than the current installation location of PostgreSQL.
Do not provide any database details in the PostgreSQL page.
You must deselect the Create database login account and Create empty database options.
Stop the newly installed PostgreSQL service. Go to Services, search for PostgreSQL version service, and stop the service.
NOTE:Appropriate users can perform stop operations after providing valid authentication.
Change the permissions for the newly installed PostgreSQL directory by performing the following actions:
Create a postgres user:
Go to Control Panel > User Accounts > User Accounts > Manage Accounts.
Click Add a user account.
In the Add a User page, specify postgres as the user name and provide a password for the user.
Provide permissions to postgres user to the existing and newly installed PostgreSQL folders:
Right click the PostgreSQL folder and go to Properties > Security > Edit.
Select Full Control for the user to provide complete permissions.
Click Apply.
Access the PostgreSQL folder as postgres user.
Login to the server as postgres user.
Before logging in, make sure that postgres can connect to the Windows server by verifying if a remote connection is allowed for this user.
Delete the data folder from the new postgres install location.
For example, C:\NetIQ\idm\apps\postgres\data.
Open a command prompt and set PGPASSWORD by using the following command:
set PGPASSWORD=your pg password
Change to the newly installed PostgreSQL folder.
For example, C:\NetIQ\idm\apps\postgres\bin.
Execute initdb as postgres database user from the new PostgreSQL bin directory.
initdb.exe -D <new_data_directory> -E <Encoding> UTF8 -U postgres
For example, initdb.exe -D C:\NetIQ\idm\apps\postgres\data -E UTF8 -U postgres
Upgrade PostgreSQL from new PostgreSQL bin directory. Run the following command and click Enter:
pg_upgrade.exe --old-datadir "C:\NetIQ\idm\apps\postgres9.6.9\data" --new-datadir
"C:\NetIQ\idm\apps\postgres\data" --old-bindir
"C:\NetIQ\idm\apps\postgres9.6.9\bin" --new-bindir
"C:\NetIQ\idm\apps\postgres\bin"
After successful upgrade, replace the pg_hba.conf and postgresql.conf files located in the new postgres data directory (C:\NetIQ\idm\apps\postgres\data) with the files from old postgres directory (C:\NetIQ\idm\apps\postgres9.6.9\data).
Start the upgraded PostgreSQL database service.
Go to Services, search for the upgraded PostgreSQL service, and start the service.
NOTE:Appropriate users can perform start operations after providing valid authentication.
(Optional) Delete the old data files from the bin directory of the newly installed PostgreSQL service.
Log in as postgres user.
Navigate to the bin directory and run analyze_new_cluster.bat and delete_old_cluster.bat files.
For example, C:\NetIQ\idm\apps\postgresql969\bin
NOTE:Run this file only if you want to delete the old data files.
Stop the Tomcat service.
Back up all the files from the <Tomcat-installed-location>\webapps folder.
Delete the following folders in <Tomcat-installed-location>\webapps\ location:
IDMProv
idmadmin
idmdash
Download and extract the IDM47-APPS-SP1_HF1.zip file from the download site.
Navigate to the packages folder in the extracted file and replace the following files to the <Tomcat-installed-location>\webapps\ location:
IDMProv.war
idmadmin.war
idmdash.war
Delete all the files and folders under <Tomcat-installed-location>\temp and <Tomcat-installed-location>\work.
Start the Tomcat service.
Issue: Identity Manager 4.7.1.1 upgrades Java to 1.8.0_181. Java has enabled endpoint identification on LDAPS connections from this JRE version. This update mandates that the server name passed while connecting to the Identity Manager server and the server name returned in the certificate is same; otherwise, the connection fails.
Workaround: Change the name of the server in the configuration to the name of the server available in the certificate.
Open the ConfigUpdate utility (configupdate.sh or configupdate.bat)
Navigate to the User Application tab, click Identity Vault server, and change the name of the server to what is provided with LDAP server certificate subject.
This action will update the DirectoryService/realms/jndi/params/AUTHORITY property in the ism-configuration.properties file.
Alternatively, disable this feature in the JRE by setting -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true to tomcat/bin.setenv.sh. However, this is not a recommended method.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
© 2018 NetIQ Corporation. All Rights Reserved.