The NetIQ Identity Manager (4.8.6.0100) resolves some of the previous issues. This document outlines the instructions on how you can apply this patch.
For the list of software fixes and enhancements in the previous release, see NetIQ Identity Manager 4.8 Service Pack 6 Release Notes.
Identity Manager 4.8.6.0100 provides the following enhancements and fixes in this release:
This release adds support for NetIQ Self Service Password Reset (SSPR) 4.6.0.1.
In addition to a few security fixes in Identity Applications Admin APIs, this release provides the following software fixes that resolve previous issues in the Identity Applications component:
The error A JSONObject text must begin with '{' at character 1 is no longer displayed for legacy forms. On requesting a permission that uses legacy forms, the browser loads the form in the first launch. (Bug 584022)
After upgrading to this patch, the issue with the Identity Manager 4.8.6 on Oracle, which resulted in Error: Runtime Exception Initializing... Caused by com.netiq.persist.PersistenceException: ORA-02289: sequence does not exist will no longer be seen. (Bug 588018)
The issue with the landing page, which caused the user to occasionally see a blank page after logging in to the Dashboard, has been resolved. It happened when the application was unable to load the notifications if the logged-in user belonged to multiple groups and had many notifications to display. (Bug 592046)
You must have the following versions at a minimum to apply this patch:
eDirectory 9.2.7
iManager 3.2.6/Identity Console 1.5
Identity Manager 4.8.6
This patch requires you to update the following components based on your requirement:
Stop the Tomcat service:
systemctl stop netiq-tomcat.service
Stop the NGINX service:
systemctl stop netiq-nginx.service
Back up the IDMProv.war, idmdash.war, and workflow.war files from the <Identity Applications Tomcat installed location>/webapps directory.
Delete the following from the <Identity Applications Tomcat installed location>/webapps directory:
IDMProv directory
workflow directory
idmdash directory
Download and extract the Identity_Manager_APPS_4.8.6_P1.zip file.
Navigate to the <extracted location>/Linux directory.
Run the following commands:
rpm -Uvh netiq-userapp-4.8.6-0100-0.noarch.rpm rpm -Uvh netiq-workflow-1.6.0.0100-1.noarch.rpm
(Conditional) If you install the rpm as root, navigate to the /opt/netiq/idm/apps/tomcat/webapps/ directory and run the following commands to add execute permission and user rights for the replaced war files:
chmod +x IDMProv.war idmappsdoc.war idmdash.war workflow.war
chown -R novlua:novlua IDMProv.war idmappsdoc.war idmdash.war workflow.war
chown -R novlua:novlua /opt/netiq/idm/apps/tomcat/conf
chown -R novlua:novlua /opt/netiq/idm/apps/sites
(Conditional) If SSPR and Identity Applications are installed on the same server, perform the following steps to update SSPR:
Back up the sspr.war file from the <Identity ApplicationsTomcat installed location>/webapps directory.
Delete the sspr directory from the <Identity Applications Tomcat installed location>/webapps directory.
Download and extract the Identity_Manager_SSPR_4.8.6_P1.zip file.
Navigate to the <extracted location>/Linux directory.
Run the following command:
rpm -Uvh netiq-sspr-4.6.0.1-0.noarch.rpm
(Conditional) If you install the rpm as root, run the following commands to execute permissions and user rights for the replaced war files:
chmod +x sspr.war
chown -R novlua:novlua sspr.war
Delete all the files and directories from the <Identity Applications Tomcat installed location>/temp and <Identity Applications Tomcat installed location>/work directories.
Start the NGINX service:
systemctl start netiq-nginx.service
(Conditional) If you are using the PostgreSQL database shipped with Identity Manager, run the following command to restart PostgreSQL.
systemctl restart netiq-postgresql.service
Start the Tomcat service:
systemctl start netiq-tomcat.service
NOTE:Use this method if SSPR is:
Installed on a different server than the Identity Applications server.
Installed in a Standard Edition.
Stop the Tomcat service:
systemctl stop netiq-tomcat.service
Download and extract the Identity_Manager_SSPR_4.8.6_P1.zip file.
Navigate to the <extracted location>/Linux directory.
Run the following command:
rpm -Uvh netiq-sspr-4.6.0.1-1.noarch.rpm
(Conditional) If you install the rpm as root, run the following commands to execute permissions and user rights for the replaced war files:
chmod +x sspr.war
chown -R novlua:novlua sspr.war
Start the Tomcat service:
systemctl start netiq-tomcat.service
This patch requires you to update the following components based on your requirement:
On your Identity Applications server, press Windows + R on your keyboard, type services.msc and select OK to open the Windows Services interface. From the Windows services, stop the IDM Apps Tomcat Service and NetIQ Nginx Service.
Back up the IDMProv.war, idmdash.war, and workflow.war files from the <Identity Applications Tomcat installed location>\webapps\ folder.
Delete the following from the <Identity Applications Tomcat installed location>\webapps\ folder:
IDMProv.war
IDMProv folder
idmdash.war
idmdash folder
workflow.war
workflow folder
Download and extract the Identity_Manager_APPS_4.8.6_P1.zip file.
Copy the IDMProv.war, idmdash.war, and workflow.war files from the extracted location to <Identity Applications Tomcat installed location>\webapps\ folder.
If SSPR and Identity Applications are installed on the same server, perform the following steps:
Back up the sspr.war file from the <Identity Applications Tomcat installed location>\webapps\ folder.
Download and extract the Identity_Manager_SSPR_4.8.6_P1.zip file.
Navigate to the <extracted location>/Windows directory.
Copy the sspr.war file from the extracted location to <Identity Applications Tomcat installed location>\webapps\ folder.
Delete all the files and folders from the <Identity Applications Tomcat installed location>\temp and <Identity Applications Tomcat installed location>\work folders.
(Optional) Navigate to the C:\NetIQ\idm\apps\tomcat\conf\ folder and set com.netiq.idm.rbpm.updateConfig-On-StartUp flag to true in the ism-configuration.properties file.
From the Windows services, start the IDM Apps Tomcat Service and NetIQ Nginx Service on your Identity Applications server.
NOTE:Use this method if SSPR is:
Installed on a different server than the Identity Applications server.
Installed in a Standard Edition.
From the Windows services, stop the Tomcat Service running on your SSPR server.
Back up the sspr.war file from the <Identity Applications Tomcat installed location>\webapps\ folder.
Download and extract the Identity_Manager_SSPR_4.8.6_P1.zip file.
Navigate to the <extracted location>/Windows directory.
Copy the sspr.war file from the extracted location to <Identity Applications Tomcat installed location>\webapps\ folder.
Delete all the files and folders from the <Identity Applications Tomcat installed location>\temp and <Identity Applications Tomcat installed location>\work folders.
From the Windows services, start the IDM Apps Tomcat Service on your Identity Applications server.
This section provides information on updating the Identity Applications and SSPR containers of Identity Manager. These steps can be used to update both single and distributed servers.
Stop the existing docker container by using the docker stop command.
For example: docker stop <container_id>
Remove the docker container by using the docker rm command.
For example: docker rm <container_id>
Delete the Identity Applications docker image by using the docker rmi command.
For example, docker rmi <image_id>
Navigate to the location where you have extracted the Identity_Manager_4.8.6_P1_Containers.tar.gz file.
Navigate to the docker-images directory.
Run the following command to load the image:
docker load --input IDM_486_P1_identityapplication.tar.gz
(Conditional) To update the container on distributed servers, use the following command:
docker run -d --ip=192.168.0.7 --network=idmoverlaynetwork --hostname=identityapps.example.com -p 18543:18543 --name=idappscontainer -v /etc/hosts:/etc/hosts -v /data:/config --stop-timeout 100 identityapplication:idm-4.8.6.0100
(Conditional) To update the container on single server, use the following command:
docker run -d --network=host --name=idapps-container -v /data:/config --stop-timeout 100 identityapplication:idm-4.8.6.0100
Stop the existing docker container by using the docker stop command.
For example: docker stop <container_id>
Remove the docker container by using the docker rm command.
For example: docker rm <container_id>
Delete the SSPR docker image by using the docker rmi command.
For example, docker rmi <image_id>
Navigate to the location where you have extracted the Identity_Manager_4.8.6_P1_Containers.tar.gz file.
Navigate to the docker-images directory.
Run the following command to load the image:
docker load --input IDM_486_P1_sspr.tar.gz
(Conditional) To update the containers on distributed servers, use the following command:
docker run -d --ip=192.168.0.11 --network=idmoverlaynetwork --hostname=sspr.example.com --name=sspr-container -v /etc/hosts:/etc/hosts -v /data/sspr:/config -p 8443:8443 --stop-timeout 100 sspr/sspr-webapp:4.6.0.1
(Conditional) To update the containers on single server, use the following command:
docker run -d --network=host --name=sspr-container -v /data/sspr:/config --stop-timeout 100 sspr/sspr-webapp:4.6.0.1
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. There are no new issues other than the issues mentioned in NetIQ Identity Manager 4.8 Service Pack 6 Release Notes. If you need further assistance with any issue, contact Technical Support.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal.
© 2022 NetIQ Corporation. All Rights Reserved.