NetIQ Identity Manager Identity Applications 4.7 Service Pack 4 HotFix 4 Release Notes

December 2020

NetIQ Identity Manager Identity Applications 4.7 Service Pack 4 Hotfix 4 (4.7.4.4) resolves specific previous issues. This document outlines why you should install this hotfix.

1.0 Software Fixes

This release includes the following software fixes:

  • OCTCR28Q295045: Performance issues observed after upgrading Identity Applications from 4.5.x to 4.7.x version.

  • OCTCR28Q292004: idmdash makes unwanted REST call to permission search API while accessing the Application page.

  • OCTCR28Q283147: Accessing the task list from the Identity Manager Dashboard does not work as expected. The time duration taken for loading the tasks list is high.

  • OCTCR28Q300276: idmdash makes multiple REST calls to /IDMProv/rest/access/tasks/badge?limit=200 rather than one to load the tasks on Applications > My Approvals page in the Dashboard.

  • OCTCR28Q301277: idmdash makes unwanted REST calls to /rest/access/rob when logging in to the dashboard.

  • OCTCR28Q291149: The persona check for Helpdesk queries for unnecessary attributes.

2.0 Upgrading to Identity Applications 4.7.4 Hotfix 4

You must be on Identity Manager 4.7.4 at a minimum to apply this hotfix.

IMPORTANT:In a cluster setup, ensure that you install the hotfix on each node of the Identity Applications cluster.

2.1 Upgrading to Identity Applications 4.7.4 Hotfix 4 on Linux

  1. Stop Tomcat by executing the following command:

    systemctl stop netiq-tomcat.service

  2. Back up the IDMProv.war and idmdash.war files from the /opt/netiq/idm/apps/tomcat/webapps location.

  3. Delete the following from the /opt/netiq/idm/apps/tomcat/webapps directory:

    • IDMProv.war

    • IDMProv directory

    • idmdash.war

    • idmdash directory

  4. Download and extract the IDM47-APPS-SP4_HF4.zip file from the NetIQ downloads website.

  5. Navigate to the location where you extracted the IDM47-APPS-SP4_HF4.zip file.

  6. Locate the IDMProv.war and idmdash-4.7.4.4.war files.

  7. Rename idmdash-4.7.4.4.war to idmdash.war.

  8. Copy the IDMProv.war mentioned in Step 6 and the renamed idmdash.war mentioned in Step 7 to /opt/netiq/idm/apps/tomcat/webapps directory.

  9. Run the following commands to execute permissions and user rights for the replaced war files:

    • chmod +x IDMProv.war

    • chown -R novlua:novlua IDMProv.war

    • chmod +x idmdash.war

    • chown -R novlua:novlua idmdash.war

  10. Delete all the directories and files from the /opt/netiq/idm/apps/tomcat/temp and /opt/netiq/idm/apps/tomcat/work directories.

  11. Start Tomcat by executing the following command:

    systemctl start netiq-tomcat.service

2.2 Upgrading to Identity Applications 4.7.4 Hotfix 4 on Windows

  1. From the Windows services, stop the IDM Apps Tomcat Service running on your Identity Applications server.

  2. Back up the IDMProv.war and idmdash.war files from the <Tomcat-installed-location>\webapps\ folder.

  3. Delete the following from the <Tomcat-installed-location>\webapps\ folder.

    • IDMProv.war

    • IDMProv directory

    • idmdash.war

    • idmdash directory

  4. Download and extract the IDM47-APPS-SP4_HF4.zip file from the NetIQ downloads website.

  5. Navigate to the location where you extracted the IDM47-APPS-SP4_HF4.zip file.

  6. Locate the IDMProv.war and idmdash-4.7.4.4.war files.

  7. Rename idmdash-4.7.4.4.war to idmdash.war.

  8. Copy the IDMProv.war mentioned in Step 6 and the renamed idmdash.war mentioned in Step 7 to /opt/netiq/idm/apps/tomcat/webapps directory.

  9. Delete all the folders and files from <Tomcat-installed-location>\temp and <Tomcat-installed-location>\work folders.

  10. From the Windows services, start the IDM Apps Tomcat Service on your Identity Applications server.

3.0 Known Issues

NetIQ strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

3.1 Clients are Unable to Access Identity Applications After the Domain Controller is Restored to Service

Issue: If Identity Applications is configured to use Kerberos authentication and the Domain Controller is unavailable for some reason, login to the Identity Applications will fail. This issue happens only when a client attempting to access Identity Applications requests a ticket from the Kerberos Key Distribution Center (KDC) while the Domain Controller is still unreachable. However, if the Domain Controller is restored to service before a client makes a request to the KDC, the issue is not seen. (Bug 492123)

Workaround: After the Domain Controller is restored, restart Tomcat on the Identity Applications server to allow clients to access Identity Applications. Execute the following command in the command prompt to restart Tomcat:

systemctl restart netiq-tomcat.service

4.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

5.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.

© 2020 NetIQ Corporation. All Rights Reserved.