NetIQ Identity Manager 4.8.6 Patch 1 Release Notes

January 2023

The NetIQ Identity Manager (4.8.6.0100) resolves some of the previous issues. This document outlines the instructions on how you can apply this patch.

For the list of software fixes and enhancements in the previous release, see NetIQ Identity Manager 4.8 Service Pack 6 Release Notes.

1.0 What’s New and Changed?

Identity Manager 4.8.6.0100 provides the following enhancements and fixes in this release:

1.1 Components Updates

This release adds support for NetIQ Self Service Password Reset (SSPR) 4.6.0.1.

1.2 Software Fixes

In addition to a few security fixes in Identity Applications Admin APIs, this release provides the following software fixes that resolve previous issues in the Identity Applications component:

Legacy Forms are Rendered Successfully in the Browser With No JSON Error

The error A JSONObject text must begin with '{' at character 1 is no longer displayed for legacy forms. On requesting a permission that uses legacy forms, the browser loads the form in the first launch. (Bug 584022)

The Workflow Engine Starts Up Successfully After the Upgrade

After upgrading to this patch, the issue with the Identity Manager 4.8.6 on Oracle, which resulted in Error: Runtime Exception Initializing... Caused by com.netiq.persist.PersistenceException: ORA-02289: sequence does not exist will no longer be seen. (Bug 588018)

The Landing Page on the Identity Manager Dashboard is Loading Properly

The issue with the landing page, which caused the user to occasionally see a blank page after logging in to the Dashboard, has been resolved. It happened when the application was unable to load the notifications if the logged-in user belonged to multiple groups and had many notifications to display. (Bug 592046)

2.0 System Requirements

You must have the following versions at a minimum to apply this patch:

  • eDirectory 9.2.7

  • iManager 3.2.6/Identity Console 1.5

  • Identity Manager 4.8.6

3.0 Updating This Patch on Linux

This patch requires you to update the following components based on your requirement:

3.1 Updating the Identity Applications

  1. Stop the Tomcat service:

    systemctl stop netiq-tomcat.service

  2. Stop the NGINX service:

    systemctl stop netiq-nginx.service

  3. Back up the IDMProv.war, idmdash.war, and workflow.war files from the <Identity Applications Tomcat installed location>/webapps directory.

  4. Delete the following from the <Identity Applications Tomcat installed location>/webapps directory:

    • IDMProv directory

    • workflow directory

    • idmdash directory

  5. Download and extract the Identity_Manager_APPS_4.8.6_P1.zip file.

  6. Navigate to the <extracted location>/Linux directory.

  7. Run the following commands:

    rpm -Uvh netiq-userapp-4.8.6-0100-0.noarch.rpm
rpm -Uvh netiq-workflow-1.6.0.0100-1.noarch.rpm

  8. (Conditional) If you install the rpm as root, navigate to the /opt/netiq/idm/apps/tomcat/webapps/ directory and run the following commands to add execute permission and user rights for the replaced war files:

    chmod +x IDMProv.war idmappsdoc.war idmdash.war workflow.war
    chown -R novlua:novlua IDMProv.war idmappsdoc.war idmdash.war workflow.war
    chown -R novlua:novlua /opt/netiq/idm/apps/tomcat/conf
    chown -R novlua:novlua /opt/netiq/idm/apps/sites

  9. (Conditional) If SSPR and Identity Applications are installed on the same server, perform the following steps to update SSPR:

    1. Back up the sspr.war file from the <Identity ApplicationsTomcat installed location>/webapps directory.

    2. Delete the sspr directory from the <Identity Applications Tomcat installed location>/webapps directory.

    3. Download and extract the Identity_Manager_SSPR_4.8.6_P1.zip file.

    4. Navigate to the <extracted location>/Linux directory.

    5. Run the following command:

      rpm -Uvh netiq-sspr-4.6.0.1-0.noarch.rpm

    6. (Conditional) If you install the rpm as root, run the following commands to execute permissions and user rights for the replaced war files:

      chmod +x sspr.war
      chown -R novlua:novlua sspr.war

  10. Delete all the files and directories from the <Identity Applications Tomcat installed location>/temp and <Identity Applications Tomcat installed location>/work directories.

  11. Start the NGINX service:

    systemctl start netiq-nginx.service

  12. (Conditional) If you are using the PostgreSQL database shipped with Identity Manager, run the following command to restart PostgreSQL.

    systemctl restart netiq-postgresql.service

  13. Start the Tomcat service:

    systemctl start netiq-tomcat.service

3.2 Updating the SSPR

NOTE:Use this method if SSPR is:

  • Installed on a different server than the Identity Applications server.

  • Installed in a Standard Edition.

  1. Stop the Tomcat service:

    systemctl stop netiq-tomcat.service

  2. Download and extract the Identity_Manager_SSPR_4.8.6_P1.zip file.

  3. Navigate to the <extracted location>/Linux directory.

  4. Run the following command:

    rpm -Uvh netiq-sspr-4.6.0.1-1.noarch.rpm

  5. (Conditional) If you install the rpm as root, run the following commands to execute permissions and user rights for the replaced war files:

    chmod +x sspr.war
    chown -R novlua:novlua sspr.war

  6. Start the Tomcat service:

    systemctl start netiq-tomcat.service

4.0 Updating This Patch on Windows

This patch requires you to update the following components based on your requirement:

4.1 Updating the Identity Applications

  1. On your Identity Applications server, press Windows + R on your keyboard, type services.msc and select OK to open the Windows Services interface. From the Windows services, stop the IDM Apps Tomcat Service and NetIQ Nginx Service.

  2. Back up the IDMProv.war, idmdash.war, and workflow.war files from the <Identity Applications Tomcat installed location>\webapps\ folder.

  3. Delete the following from the <Identity Applications Tomcat installed location>\webapps\ folder:

    • IDMProv.war

    • IDMProv folder

    • idmdash.war

    • idmdash folder

    • workflow.war

    • workflow folder

  4. Download and extract the Identity_Manager_APPS_4.8.6_P1.zip file.

  5. Copy the IDMProv.war, idmdash.war, and workflow.war files from the extracted location to <Identity Applications Tomcat installed location>\webapps\ folder.

  6. If SSPR and Identity Applications are installed on the same server, perform the following steps:

    1. Back up the sspr.war file from the <Identity Applications Tomcat installed location>\webapps\ folder.

    2. Download and extract the Identity_Manager_SSPR_4.8.6_P1.zip file.

    3. Navigate to the <extracted location>/Windows directory.

    4. Copy the sspr.war file from the extracted location to <Identity Applications Tomcat installed location>\webapps\ folder.

  7. Delete all the files and folders from the <Identity Applications Tomcat installed location>\temp and <Identity Applications Tomcat installed location>\work folders.

  8. (Optional) Navigate to the C:\NetIQ\idm\apps\tomcat\conf\ folder and set com.netiq.idm.rbpm.updateConfig-On-StartUp flag to true in the ism-configuration.properties file.

  9. From the Windows services, start the IDM Apps Tomcat Service and NetIQ Nginx Service on your Identity Applications server.

4.2 Updating the SSPR

NOTE:Use this method if SSPR is:

  • Installed on a different server than the Identity Applications server.

  • Installed in a Standard Edition.

  1. From the Windows services, stop the Tomcat Service running on your SSPR server.

  2. Back up the sspr.war file from the <Identity Applications Tomcat installed location>\webapps\ folder.

  3. Download and extract the Identity_Manager_SSPR_4.8.6_P1.zip file.

  4. Navigate to the <extracted location>/Windows directory.

  5. Copy the sspr.war file from the extracted location to <Identity Applications Tomcat installed location>\webapps\ folder.

  6. Delete all the files and folders from the <Identity Applications Tomcat installed location>\temp and <Identity Applications Tomcat installed location>\work folders.

  7. From the Windows services, start the IDM Apps Tomcat Service on your Identity Applications server.

5.0 Updating Identity Manager Containers

This section provides information on updating the Identity Applications and SSPR containers of Identity Manager. These steps can be used to update both single and distributed servers.

5.1 Updating Identity Applications Container

  1. Stop the existing docker container by using the docker stop command.

    For example: docker stop <container_id>

  2. Remove the docker container by using the docker rm command.

    For example: docker rm <container_id>

  3. Delete the Identity Applications docker image by using the docker rmi command.

    For example, docker rmi <image_id>

  4. Navigate to the location where you have extracted the Identity_Manager_4.8.6_P1_Containers.tar.gz file.

  5. Navigate to the docker-images directory.

  6. Run the following command to load the image:

    docker load --input IDM_486_P1_identityapplication.tar.gz

  7. (Conditional) To update the container on distributed servers, use the following command:

    docker run -d --ip=192.168.0.7 --network=idmoverlaynetwork --hostname=identityapps.example.com -p 18543:18543 --name=idappscontainer -v /etc/hosts:/etc/hosts -v /data:/config --stop-timeout 100 identityapplication:idm-4.8.6.0100

  8. (Conditional) To update the container on single server, use the following command:

    docker run -d --network=host --name=idapps-container -v /data:/config --stop-timeout 100 identityapplication:idm-4.8.6.0100

5.2 Updating SSPR Container

  1. Stop the existing docker container by using the docker stop command.

    For example: docker stop <container_id>

  2. Remove the docker container by using the docker rm command.

    For example: docker rm <container_id>

  3. Delete the SSPR docker image by using the docker rmi command.

    For example, docker rmi <image_id>

  4. Navigate to the location where you have extracted the Identity_Manager_4.8.6_P1_Containers.tar.gz file.

  5. Navigate to the docker-images directory.

  6. Run the following command to load the image:

    docker load --input IDM_486_P1_sspr.tar.gz

  7. (Conditional) To update the containers on distributed servers, use the following command:

    docker run -d --ip=192.168.0.11 --network=idmoverlaynetwork --hostname=sspr.example.com --name=sspr-container -v /etc/hosts:/etc/hosts -v /data/sspr:/config -p 8443:8443 --stop-timeout 100 sspr/sspr-webapp:4.6.0.1

  8. (Conditional) To update the containers on single server, use the following command:

    docker run -d --network=host --name=sspr-container -v /data/sspr:/config --stop-timeout 100 sspr/sspr-webapp:4.6.0.1

6.0 Known Issues

NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in NetIQ Identity Manager 4.8 Service Pack 6 Release Notes. If you need further assistance with any issue, contact Technical Support.

7.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.