NetIQ Identity Manager 4.6 Service Pack 4 Release Notes

February 2019

NetIQ Identity Manager 4.6 Service Pack 4 improves usability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Manager Community Forums on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.

The documentation for this product and the latest release notes are available on the NetIQ Web site on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the Identity Manager Documentation Web site.

1.0 What’s New?

Identity Manager 4.6.4 provides the following support, updates, and fixes in this release:

1.1 New Features

This release provides the following key functions:

Platform Support

In addition to the existing operating systems, this service pack supports Remote Loader on Windows Server 2019 (64-bit) platform.

Database Support

In addition to the existing databases, this service pack supports Identity Applications and Identity Reporting on Oracle 12.2 database.

Support for Open Source JDK

This release supports Azul Zulu OpenJDK 1.8.0_192. Azul Zulu OpenJDK replaces Oracle JRE.

1.2 Component Updates

This release adds support for the following Identity Manager components and dependent components:

Identity Manager Component Versions

This release adds support for the following components in Identity Manager:

  • Identity Manager Engine 4.6.4

  • Identity Manager Remote Loader 4.6.4

  • Identity Manager Designer 4.7.2

    NOTE:You can download this version from the Designer download page.

  • Identity Applications 4.6.4

  • Identity Reporting 5.5.3

NOTE:NetIQ One SSO Provider (OSP) and NetIQ Self Service Password Reset (SSPR) required by this service pack are available at the following download pages:

Updates for Dependent Components

This release adds support for the following dependent components:

  • NetIQ eDirectory 9.1.2

  • NetIQ iManager 3.1.2

  • SSPR 4.3.0.4

  • OSP 6.2.1

  • Sentinel Log Management for Identity Governance and Administration (IGA) 8.2.1

Third-Party Component Versions

  • Apache Tomcat 8.5.32

  • PostgreSQL 9.6.12

  • Azul Zulu 1.80_192

    NOTE:Oracle Java Development Kit (JDK) or Java Runtime Environment (JRE) is discontinued from this release. Azul Zulu 1.80_192 OpenJDK is installed with this service pack to fulfill the Java requirements for Identity Manager.

1.3 Software Fixes

This release includes the following software fixes that resolve several previous issues in the Identity Manager:

Identity Manager Engine and Driver Plug-ins

NetIQ Identity Manager includes the following software fix in Identity Manager engine and plug-ins:

Identity Vault Crashes When XDAS Auditing is Enabled in Identity Vault

In an Identity Manager environment, Identity Vault version 9.1.2 is enhanced to prevent any crashes when XDAS auditing is enabled. (Bug 1124512)

Identity Applications

NetIQ Identity Manager includes software fixes that resolve several previous issues in the identity applications.

Ability to Redirect a User to the SSPR Page When the Hostname Contains the SSPR String

Identity Applications successfully redirects users to the SSPR page when the hostname contains the SSPR string. (Bug 1114679)

Handling the Login Functionality When Identity Vault Password Has Expired

If you are an Active Directory user and your Active Directory password is active, but your Identity Vault password has expired, you can log in to the Identity Manager Dashboard. Identity Manager introduces com.netiq.rbpm.pwd-expiry.sspr.redirect.enable property in the ism-configuration.properties file. Ensure that the value of the property is set to False for logging in to the dashboard. (Bug 1117851)

No Delay Caused When a PRD Containing Multiple Conditions Is Repeatedly Called

Identity Applications have been enhanced to prevent processing delays when PRDs containing multiple conditions are called multiple times in a workflow. To further enhance the performance of Identity Applications, set the value for the maxTotal property for your database in the server.xml file located at /opt/netiq/idm/apps/tomcat/conf or C:\NetIQ\idm\apps\tomcat\conf to 200. (Bug 1122593)

For example,

<Resource auth="Container" driverClassName="org.postgresql.Driver" factory="com.netiq.tomcat.jdbc.pool.CustomBasicDataSourceFactory" initialSize="10" maxTotal="200"  maxIdle="10" minIdle="10" name="shared/IDMUADataSource" password="<passsword>" testOnBorrow="true" type="javax.sql.DataSource" url="jdbc:postgresql://<ip-address>:port/idmuserappdb" username="idmadmin" validationInterval="120000" validationQuery="SELECT 1"/>

2.0 System Requirements

The system requirements for this release are located at the Identity Manager 4.6 System Requirements page.

3.0 Installing or Updating to This Service Pack

Log in to the NetIQ Downloads page and follow the link that allows you to download the software.

The following files are available:

Filename

Description

IDM_engine_rl_IDM4.6.4.zip

Contains files for Identity Manager Server (Identity Manager Engine and Remote Loader)

IDM46-Apps-SP-4.zip

Contains files for Identity Applications

For more information about the order of upgrading the components, see Section 3.2, Update Order.

3.1 Supported Upgraded Paths

You need to be on Identity Manager 4.6, 4.6.1, 4.6.2 or 4.6.3 to upgrade to Identity Manager 4.6.4. If you are currently on Identity Manager 4.5.6 or a prior version, you must first upgrade to 4.6 and then upgrade to 4.6.4 version.

The upgrade process requires you to upgrade the Identity Manager components in a specific order. NetIQ recommends that you review this information from the release notes for your current version.

Base Version

Upgraded Version

Identity Manager engine, eDirectory, and identity applications

 

Identity Manager 4.6, 4.6.1, 4.6.2, or 4.6.3 with eDirectory 9.0.2 HF2 or later

Identity Manager 4.6.4 with eDirectory 9.1.2 or later

Identity Manager 4.6.4 with eDirectory 9.0.4 or later

Identity Manager 4.6, 4.6.1, 4.6.2, or 4.6.3 with eDirectory 8.8.8 SP9 HF2 or later

Identity Manager 4.6.4 with eDirectory 9.1.2 or later

Identity Manager 4.6.4 with eDirectory 9.0.4 or later

Identity Manager 4.6.3 with eDirectory 8.8.8 Patch 11 or later

Remote Loader

 

Identity Manager 4.6, 4.6.1, 4.6.2, or 4.6.3, with Remote Loader 4.6

Identity Manager 4.6.4 with Remote Loader 4.6.4

Identity Manager Designer

 

Designer 4.6, 4.6.1, or 4.6.2

Designer 4.7.2

NOTE:Upgrade Designer to 4.7 before upgrading it to 4.7.2. Designer 4.7 includes an LDAP protocol to perform live operations with the Identity Vault. You must convert your workspace to work with this version of Designer. For more information about other considerations, see NetIQ Identity Manager Designer 4.6 Release Notes. For information about Designer 4.7, see Designer 4.7 Release Notes.

Designer (LDAP) 4.6, 4.6.1, 4.6.1.1, or 4.6.2

Designer 4.7.2

NOTE:Upgrade Designer to 4.7 before upgrading it to 4.7.2.

Identity Applications 4.6, 4.6.1, 4.6.1.1, 4.6.2 or 4.6.3

Identity Applications 4.6.4

Identity Reporting 5.5.0, 5.5.1, or 5.5.2

Identity Reporting 5.5.3

3.2 Update Order

You must update the components in the following order:

  1. Identity Vault (Optional)

  2. Identity Manager Engine

  3. Remote Loader

  4. Designer

  5. Identity Applications (for Advanced Edition)

    NOTE:After updating Identity Applications, you must update OSP before restarting the Tomcat application server.

  6. OSP

  7. Sentinel Log Management for IGA

  8. Identity Reporting

  9. SSPR

3.3 Updating the Identity Manager Engine

This service pack includes IDM_engine_rl_IDM4.6.4.zip for updating the Identity Manager engine. For update instructions, see the steps listed in the download page.

3.4 Updating the Identity Applications

This service pack includes an update to Identity Applications and the supporting software. After the update, you must verify that the components are updated to the following versions:

  • Identity Applications 4.6.4

  • Apache Tomcat 8.5.32

  • Azul Zulu 1.80_192

    NOTE:Oracle Java Development Kit (JDK) or Java Runtime Environment (JRE) is discontinued from this release. Azul Zulu 1.80_192 OpenJDK is installed with this service pack to fulfill the Java requirements for Identity Manager.

You can install the service pack by using the Identity Applications update utility or manually update the components. All the updates are available in the IDM46-Apps-SP-4.zip file. Download the file to the server where you deployed the identity applications and perform the steps listed in the download page.

Updating PostgreSQL Database

This service pack requires you to update your existing PostgreSQL database version. For example, if you are running the PostgreSQL database on a SLES 11 SP4 server, upgrade the database to 9.4.21 version. For other supported platforms, upgrade the PostgreSQL database to 9.6.12 version. To update the database, perform the steps listed in the readme file from the download page.

Updating Self Service Password Reset

This service pack provides support for NetIQ Self Service Password Reset 4.3.0.4. You can update to this version by downloading it from the download page.

Updating One SSO Provider

This service pack provides support for NetIQ One SSO Provider 6.2.1. You can update to this version by downloading it from the download page.

3.5 Updating Azul Zulu OpenJDK 1.8.0_192 for Identity Reporting

NOTE:This section applies only if Identity Reporting is installed:

  • separately on a different server than the server hosting Identity Applications.

  • in a Standard edition.

Perform the following actions to update Azul Zulu OpenJDK 1.8.0_192 for Identity Reporting:

  1. Stop the Tomcat service and all Java processes.

  2. Back up all the files from the location where Reporting is installed:

    • Linux: /opt/netiq/idm/apps/IDMReporting/jre

    • Windows: C:\NetIQ\idm\apps\IDMReporting\jre

  3. Download and extract the IDM46-Apps-SP-4.zip file from the download site.

  4. Depending on your platform, navigate to the following directory:

    • Linux: \cd-image\Patch\java\Linux\jre

    • Windows: \cd-image\Patch\java\Windows\jre

  5. Copy all the files to the install directory mentioned in step 2.

  6. Restart the Tomcat service.

4.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

5.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.

Copyright © 2019 NetIQ Corporation, a Micro Focus company. All Rights Reserved.