NetIQ Identity Manager Designer 4.6 includes new features, improves usability, and resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Identity Manager Community Forums, our community Web site that also includes product notifications, blogs, and product user groups.
For information about what’s new in previous releases, see the “Previous Releases” section in the Identity Manager Documentation Web site.
For more information about this release and for the latest release notes, see the Identity Manager Documentation page. To download this product, see the Identity Manager Product Web site.
The following sections outline the key features and functions provided by this version, as well as features that have been removed from the product, and issues resolved in this release:
This release includes support for building role and resource creation actions in Policy Builder. These actions are available only with Identity Manager server version 4.6.For more information, see Create Resource
and Create Role
sections in the NetIQ Identity Manager - Using Designer to Create Policies Guide.
Designer includes additional options for key sizes and hash algorithms for supporting communication between Suite B-enabled eDirectory servers. When you choose to communicate in Suite B mode and specify a key size, Designer sets up an appropriate secure hash algorithm for use with the selected key size. The certificate creation wizard also continues to support the method for creating communication in non-Suite B mode. For more information, see eDir-to-eDir SSL/TLS
in the NetIQ Designer for Identity Manager Administration Guide.
Designer includes a new user interface to help you configure structured Global Configuration Values (GCV). This is typically helpful in cases where you have a large number of structured GCV instances, such a configuring secondary systems in the SAP User Management Fan-Out driver.
Designer provides the new interface as the default method for configuring the structured GCVs. However, you can continue to use the old method by changing the Show structured GCVs in legacy layout setting in Designer Preferences.
Designer 4.6 supports the following enhancements included in the Identity Manager 4.6 engine.
Subscriber Service Channel: Identity Manager introduces Subscriber Service Channel that enables you to separately process the out-of-band queries without interrupting the normal flow of cached events. For example, the Subscriber service channel can separately process code map refresh, data collection, and queries triggered from dxcmd. This helps to improves the performance of the driver. This functionality can be controlled by an new Engine Control Value, Enable Subscriber Service Channel. This feature is currently available for use with the JDBC Fan-Out driver only.
NashornScript Engine: This release includes support for Nashorn ECMAScript engine. To use Nashorn, change the default setting by using the Use Rhino ECMAScript engine control value.
For more information about the ECVs supported by Designer, see Engine Control Values
in the NetIQ Designer for Identity Manager Administration Guide.
Designer has been updated to Java 8 Update 112.
Designer installation program has been updated to support installation on Windows Server 2012 platform.
This release includes the following software fixes:
If the driver is configured to connect with a large number of secondary systems, Designer shows the previous systems as you continue to configure the new systems by using the new user interface for configuring the structured GCVs. For more information, see New User Interface for Configuring Structured Global Configuration Values. (Bug 973553)
If you have a customized workflow and the User Application driver packages are upgraded, Designer retains the changes made to the workflows. (Bug 1000141)
Designer correctly displays a package containing the special character “&” in the Vendor name field in the list of packages available for upgrade. (Bug 865150)
In the Policy Builder, when you create a new rule and use a Query token in an action within the rule, Designer now persists the values of the previously added attributes while adding multiple Read attributes to the query. (Bug 956992)
You can also delete the attributes while adding multiple read attributes.
When you select a policy set object, you can see the policies in that set when you open the policy in the policy editor. (Bug 924668)
While designing a workflow, if you provide a value for the Reminder Start or Escalation Reminder Start parameters and do not specify a value for the Reminder Interval or Escalation Reminder Interval parameters, the User Application sends repeated e-mail notifications to the user configured to receive reminders or escalations. Designer now validates the reminder and escalation settings and displays validation errors when the specified settings are not correct. (Bug 655116)
If you upgrade multiple packages that include a package without a prompt in a single operation or upgrade a single package without a prompt by using the package upgrade utility, the utility now shows prompts for any of the upgraded packages. (Bug 1015123)
When you build actions for moving a source or a destination object in Policy Builder, Designer now displays an error message if the mandatory fields are not specified. (Bug 500572)
In Policy Builder, when you create a new rule and use a Query token in an action within the rule, you can only use the Argument Builder to specify a single attribute for the query to read. If you add more than one attribute, Designer no longer overwrites the existing attributes with the new attributes. (Bug 676701)
While testing a policy in Simulator, Simulator no longer removes ref elements or both ref and child elements from the policy document. (Bug 918430)
When a customized ECV is reconciled with the live Identity Vault, the operation no longer deletes the ECV from Designer and the live Identity Vault. (Bug 1011538)
Designer no longer repeatedly displays the same message while importing or reconciling drivers. (Bug 1015260)
While setting the job parameters, if you leave the Poll Interval field empty, Designer either updates the value of the field to the minimum value defined in the driver package or sets it to the default value of 0.
If you initially set up Designer using a proxy server and later reset the proxy settings, Designer correctly handles the proxy setting changes without affecting the performance of Designer operations. (Bug 815566)
The following list provides an overview of the features or functions that have been deprecated in this release or will soon be deprecated.
Designer 4.6 works natively on 64-bit systems. Designer installation is no longer supported on 32-bit platforms.
For information about prerequisites, computer requirements, installation, upgrade or migration, see Considerations and Prerequisites for Installation
in the NetIQ Identity Manager Setup Guide.
After you purchased Identity Manager 4.6, log in to the Identity Manager Product Web site and follow the link that allows you to download the software. The following files are available:
Table 1 Identity Manager ISO Images
|
ISO |
Platform |
Description |
|---|---|---|
|
Identity_Manager_4.6_Linux.iso |
Linux |
Contains Identity Manager Server (Engine, Remote Loader, Fan-Out Agent, drivers, and plug-ins), Designer, iManager, Analyzer, OSP, SSPR, Identity Applications, Identity Reporting, and Sentinel Log Management for Identity Governance and Administration (IGA) |
|
Identity_Manager_4.6_Windows.iso |
Windows |
Contains Identity Manager Server (Engine, Remote Loader, Fan-Out Agent, drivers, and plug-ins), Designer, iManager, Analyzer, OSP, SSPR, Identity Applications, and Identity Reporting NOTE:Sentinel Log Management for IGA is not supported on Windows. |
You can install Designer using the product installer or through integrated installation program that bundles the latest versions of all necessary components for Identity Manager. For more information about prerequisites, computer requirements, installation, or upgrade, see Installing Designer for Identity Manager
in the NetIQ Identity Manager Setup Guide.
To download the installation kits, see the NetIQ Downloads Web Site.
You can upgrade to Designer 4.6 from Designer 4.5 using the Designer installation program. For the supported upgrade paths for 4.6, see Preparing to Upgrade Identity Manager
in the NetIQ Identity Manager Setup Guide.
You cannot use the integrated installation process to upgrade an existing installation of Designer. For more information, see Upgrading Identity Manager
in the NetIQ Identity Manager Setup Guide.
To update Designer packages in offline mode, make the package update files available in a local directory on your computer and then configure Designer to read the files from this directory.
To create an offline copy of the package update files:
Log in to the computer that has Designer installed and create a local directory.
Copy the package update files to the directory created in Step1:
Linux: In a shell, change to the directory and run the following commands:
wget -e robots=off -r -nH -np https://nu.novell.com/designer/packages/idm/updatesite1_0_0/
wget -e robots=off -r -nH -np https://nu.novell.com/designer/packages/idm/updatesite2_0_0/
Windows:
Launch the package update site by using one of the following URLs:
https://nu.novell.com/designer/packages/idm/updatesite1_0_0/
https://nu.novell.com/designer/packages/idm/updatesite2_0_0/
Select and download the required files.
To configure Designer to read the files from the local directory:
Launch Designer.
From Designer’s main menu, click Windows > Preferences.
Click NetIQ > Package Manager > Online Updates.
Click the plus icon to add a new URL.
Provide information for the following fields:
Vendor: Specify the vendor name for package update.
URL: Specify the URL as file:///<path_to_files>/packages/idm/updatesite1_0_0/.
For Linux mounted ISO, use the following URL format:
file:////media/designer460offline/packages/idm/updatesite1_0_0/
file:////media/designer460offline/packages/idm/updatesite2_0_0/
NOTE:To add multiple package sites, repeat this step for including the specified URLs.
Click OK.
Select the required check boxes for the sites in the Preferences window.
NOTE:The new sites are selected by default.
Click Apply, then click OK.
From Designer’s main menu, click Help > Check for Package Updates.
Select the required updates and click Yes to accept and update the Designer package updates.
You need to launch Designer again for the changes to take effect.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
You might encounter the following issues while installing Designer:
Installing on English Windows with the East Asian Language Pack and with a Double-Byte Install Path
Establishing Communication with eDirectory Within Designer 4.5 Causes an Error on Windows 7
Installer Does Not Create a Designer Desktop Shortcut on Non-English openSUSE Servers
The User Interface is Not Readable When Active Directory Base is Installed in Non-English Locales
When you are installing on a path where there are double-byte characters and if your operating system is running the English version of Windows with the East Asian Language Packs installed, the install package throws an error, saying that it cannot extract the compressed file. There are known issues with using double-byte character sets (DBCS) in Windows file paths that come from the operating system (OS) vendor or the install framework vendor. Alternatively, you can install to DBCS paths, when you are installing to a localized version of the operating system.
The following warning messages appear on the SUSE Linux Enterprise Desktop ( SLED 11) platform:
Gtk-Message: Failed to load module "gnomebreakpad": libgnomebreakpad.so: cannot open shared object file: No such file or directory
Gtk-Message: Failed to load module "canberra-gtk-module": libcanberra-gtk-module.so: cannot open shared object file: No such file or directory
It is safe to ignore these messages. (Bug 492755, Bug 494258)
Issue: This issue occurs because a previous version of NICI might not have uninstalled properly and might have some residual files left on the file system. (Bug 542862)
Workaround: To work around the issue, remove all the NICI files from the system and reinstall Designer.
If you install Designer 4.5 on an openSUSE server in a non-English environment, the installer does not create a Designer shortcut icon on the desktop. (Bug 751561)
When Active Directory Base is installed, some of the User Interface items are displayed incorrectly in the Remote Loader page in the Driver Configuration wizard.
There is no fix for this issue.
You might encounter the following issues while working with Designer:
The Project Converter Does Not Support a Remotely Mounted Workspace
The Internal Web Browser Does Not Work on Linux Platforms in Designer
Setting the LDAP Ports Correctly After Importing a Project into Designer
Designer Does Not Support Using dn-ref Job Parameters as Package Prompts
Designer May Not Properly Display User Application Driver Packages After Upgrading
Designer Cannot Merge Different Global Configuration Value Versions During Driver Import
Designer Does Not Re-import Roles or Resources Previously Exported to XML
Designer Overwrites Modified Package Linkage Order on Update
Importing an Object Into an Existing Project from Identity Vault Takes Longer Than Expected
A Failure Message is Displayed When a Deleted Role Container or Subcontainer Is Deployed
Error Message is Displayed When Notification Templates Are Edited in the E-Mail Template Editor
Performing an Update on a Provisioning Folder With an Existing Name Throws a Version Control Error
Error Displayed when Importing Package Containing the ]]> String in an ECMA Resource Object
Policy with the Same Name in Different Projects is Treated as the Same Policy
Designer Does Not Render Import or Deploy Driver Windows Properly
Designer Displays An Error Message While Importing Identity Vault
Issue: If you convert Designer 3.5 project to Designer 4.6 after mounting the Designer 3.5 workspace in the local computer where Designer 4.6 is installed, the Project Converter does not convert the Designer 3.5 project. (Bug 658159)
Workaround: Copy the Designer 3.5 workspace to the local computer where Designer 4.6 is installed, and then run the Project Converter.
Issue: The internal Web browser does not work as expected because of XULRunner issues. (Bug 612438)
Workaround: Navigate to the external browser from Designer > Windows > Preferences > General > Web Browser > Use External Web Browser. This brings up the iManager URL through the system default Web browser, such as Mozilla Firefox or Microsoft Internet Explorer.
Issue: When you create a project after importing it from a live system in Designer, Designer does not set the ports correctly in the Identity Vault Properties view. (Bug 680745)
Workaround: Change the LDAP ports in the Identity Vault Properties view before deploying the imported project.
Designer does not support using job parameters of the dn-ref type as package prompts. If you are required to add a dn-ref job parameter as a package prompt, use a dn job parameter as a package prompt instead. (Bug 806651, Bug 777509)
Issue: If you create a non-base package for a User Application driver in Designer and then upgrade to Designer version 4.6, Designer does not display the package in the Available Packages list when you install the User Application driver. (Bug 827294, Bug 789499)
Workaround: To install the package, clear Show only applicable package versions, select the appropriate package, and then click Next.
If you install a driver in Designer that includes at least one global configuration value (GCV) and then try to import a second version of the driver that has a modified version of the existing GCV, Designer displays a message saying the global variables could not be merged.
Designer does not currently support merging existing GCVs during the driver import process, irrespective of whether the conflicting GCVs are located on the driver, in the driver set, or in any GCV resource objects. (Bug 838471, Bug 841105)
Issue: If you create a role or resource subcontainer in the Provisioning view Role Catalog, add a role or resource to that subcontainer, export the Role Catalog to an XML file, then delete the subcontainer and role or resource and attempt to recover the role or resource by importing from the XML file, the import does not recreate the role or resource. (Bug 846134, Bug 846604)
Workaround: To import Role Catalog subcontainers and objects from an XML file, you must create a new User Application driver and import the XML file into that driver’s Role Catalog.
If you modify the order of linkages within a package, Designer does not recognize the package as being customized. Subsequently, if you update the package, Designer overwrites the modified linkage order with the linkage order specified in the updated package. (Bug 845207)
Issue: This issue may occur when a project has many unused packages in the Package Catalog. (Bug 1034562)
Workaround: Perform the following actions:
Remove the unused packages from the Package Catalog.
Right-click Package Catalog and select Remove Unused Packages.
Import Identity Manager objects into Designer.
Issue: If you delete a container or subcontainer that contains roles and then attempt to deploy it, the deployment fails. This is because, by design, a container or subconatainer that contains roles cannot be deleted. (Bug 846814, Bug 846359)
Workaround:
Delete the roles contained in the container or subcontainer.
Deploy the container or subcontainer and wait for the Roles driver to delete the roles.
After the roles are deleted, delete the container or subcontainer.
Deploy the container containing the subcontainer that you deleted.
When you edit a notification template in the E-Mail Template Editor, an error message is displayed in the Error tab. For example, if you open an HTML e-mail template, such as the Forgot Hint link and enter some text in the body tag, an error notification is displayed in the Error tab. (Bug 879626)
Issue: When you import provisioning objects (from XML files) from Resources in the Provisioning view, the containers and the objects inside them are neither imported successfully nor displayed in the Provisioning view, as expected. Instead, the containers are missing and only the resources are displayed. (Bug 847299)
Workaround: Import the provisioning objects (XML files) by right-clicking Role Catalog and not Resource. This ensures that the resource and resource containers are imported and displayed in the Provisioning view.
When you create two User Application drivers with the same name and perform an Update operation, a version control error is thrown. This is because of a conflict that occurs when one user commits the changes made to the project and at the same time, another user updates the same project.
For more information about managing packages in version control, see Managing Packages Best Practices
in the NetIQ Designer for Identity Manager Administration Guide. (Bug 881818)
To work around this issue, follow the instructions mentioned in this Web site: . (Bug 889167)
When you compare a newly created empty roles or resource sub-container (by clicking Live-Compare in Provisioning View), the Designer/eDir Object Compare window does not show the compare status as unequal. Instead, it shows equal. (Bug 890543)
The default port for deployment is port 389. You can deploy the entitlement policy using other ports, such as port 636.
To change the port, launch Modeler, go to the Properties view and select Identity Vault. Change useLDAPSecureChannel setting to True.
Issue: Cannot import packages containing the string ]]> in an ECMA resource. The following error message is displayed: (Bug 1004484)
The bundle file does not contain a valid XML document: ": (47): character not allowed.
Workaround: You can use any of the following workarounds:
Use the following function:
function test()
{
return "]"+"]"+">"
}
OR
Use the following function:
function test()
{
return "]]\>"
return "]]>"
}Issue: While creating certificates for driver configurations with long names, Designer sometimes tries to create KMOs with names longer than 64 characters. As a result, the certificate creation fails.
Certificate creation also fails if the CA expiration date is before the KMO expiry date. (Bug 1000125)
Workaround: Perform the following actions:
When a driver configuration has a long name, no workaround is available.
When CA expiration date is earlier than the KMO expiration date, verify that the certificate's NotAfter attribute value is not set to a value greater than the CA's corresponding attribute value.
Issue: If you open a policy in a project and then create a copy of the project and open the already open policy from the copied project, Designer redirects you to the editor containing the policy from the original project. (Bug 1016705)
Workaround: Close the policy editor opened from the original project and open it from the copied project.
Issue: Designer can add new GCVs but does not support merging existing GCVs with the GCVs that are modified in an imported driver configuration. In such cases, Designer reports conflicting GCVs that it finds on the driver, driver set, or any GCV resource objects. (Bug 1000122)
Workaround: There is no workaround at this time.
Issue: While importing or deploying a driver to the Identity Vault, Designer does not render the Import or Deploy windows properly.
Workaround: Perform any of the following actions:
Press Windows + D to change to desktop view, and then return to Designer application. This will render the Import or Deploy window properly.
Switch to any other desktop applications, and then return to the Designer application.
Issue: While importing Identity Vault into the Designer, you will see an error message saying Default notification collection object is missing.
Workaround: Perform the following actions:
Click OK on the error message.
Proceed with importing the Identity Vault.
Import all templates into Designer by using the option Email templates > Add all templates and deploy to the Identity Vault.
You might encounter the following issues while working with Designer on Linux platforms:
NetIQ Corporation recommends that you do not run Designer with the gtk-qt-engine RPM installed, because it causes crashes and Designer theme issues. This RPM package is installed with SUSE Linux and some other Linux distributions.
If you must use the gtk-qt-engine RPM package, obtain the latest version that you can download from the KDE-Look Web site. Note that even with the latest version of the package, the Designer theme functionality might not be present.
To determine whether you have the gtk-qt-engine RPM package installed, enter:
rpm -qa|grep gtk-qt
If gtk-qt-engine appears in the list, run the following command as the root user to remove the package:
rpm -e gtk-qt-engine
To launch Designer, you must add the appropriate version of XULRunner to the Designer.ini file using the following steps:
Check the XULRunner version in the /usr/lib directory.
Open the Designer.ini file from the Designer installation directory.
If you are running SLED 12 SP1, add the following line at the end of the Designer.ini file:
-Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-24.0/
Save the Designer.ini file, then launch Designer. (Bug 617010)
Issue: If the 32-bit version of XULRunner is installed on a 64-bit Linux distribution, the JVM might crash when you launch Designer, when the Welcome Page displays, or when you view a Help topic. (Bug 748277, Bug 749437)
Workaround:
Open the Designer.ini file located in the Designer installation directory.
Add the following line at the end of the Designer.ini file:
-Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.9/
Save the Designer.ini file, then launch Designer.
Issue: If the Welcome page is not displayed correctly on Linux, it is probably because your version of XULRunner is not compatible with Eclipse. Designer uses the embedded browser that XULRunner provides in a few places, including the Welcome page and the Help system.
Workaround: To download a compatible version of XULRunner:
Download the XULRunner installer for Linux from the Mozilla FTP site.
Unregister your current version of XULRunner by running the following command as root:
xulrunner --unregister-global
Follow the instructions to install XULRunner.
Restart Designer, then confirm that the Welcome page is working, as expected.
Issue: When you browse the Help content on the openSUSE 11.2 platform, it throws an exception. This is probably because your version of XULRunner is not compatible with Eclipse. (Bug 609379)
Workaround:
Download the xulrunner-1.8.1.3.en-US.linux-i686.tar file and install it on openSUSE 11.2.
Open the Designer.ini file from the Designer installation directory, then add the following line at the end:
-Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner
Save the Designer.ini file, then restart Designer.
Issue: Designer does not correctly display the Welcome page on an openSUSE 13.2 server. (Bug 754029)
Workaround: Install XULRunner 1.9.2 on the openSUSE server:
Open the Designer.ini file located in the Designer installation directory.
Add the following line at the end of the Designer.ini file:
-Dorg.eclipse.swt.browser.XULRunnerPath=/usr/lib/xulrunner-1.9.2/
Save the Designer.ini file, then launch Designer.
Issue: When you perform a live import in Designer 4.5 that is running on eDirectory 8.8 SP7, Designer crashes. This is caused by a NICI library mismatch because Designer 4.6 is designed to work on eDirectory 8.8.8 that has NICI 2.7.7, whereas eDirectory 8.8 SP7 uses NICI 2.7.6. (Bug 872479)
Workaround: Either upgrade to eDirectory 8.8 SP8 or use the following procedure:
Stop Designer.
Execute the following command:
export LD_LIBRARY_PATH=/opt/novell/lib64/:/opt/novell/eDirectory/lib64/:/opt/novell/eDirectory/lib64/nds-modules/
Start Designer using the ./Designer command.
Do not use the StartDesigner.sh command.
You might encounter the following issues when you use workflows in Designer:
Issue: Under the Resources List in the Role Editor, a read-only list of the associated resources is available along with the role. The information in this list is obtained and updated for all the roles when the Role Catalog is imported from eDirectory. You can see new resource associations but not the resource associations that have been removed in the User Application. (Bug 516730)
Workaround: To workaround this issue, perform the following actions:
From Designer’s main menu, select Windows > Preferences > NetIQ > Provisioning > Import/Deploy.
Select Delete local object on import when object has been deleted in Identity Vault.
Click Apply or OK.
From the Provisioning View, select the Role Catalog object and run the Live Import. This action imports the resource associations and provides you the updated correct information.
Issue: If you create a role or resource subcontainer, add one or more objects to the subcontainer, deploy the Role Catalog, and then delete the subcontainer and try to re-deploy the Catalog, Designer throws a java.lang.NullPointerException error message.
This issue occurs because Designer does not immediately delete role or resource objects when you delete those objects in the Role Catalog. Instead, Designer marks the objects for deletion by the Role and Resource Service Driver when the driver deploys the Catalog to the Identity Vault. (Bug 846814)
Workaround: Complete the following steps:
In the Provisioning view, right-click the role or resource object located in the subcontainer you want to delete and select Delete.
Select Delete object in identity vault on deploy of parent container, then click OK.
Right-click Role Catalog and select Live > Deploy All.
Click Deploy, then click OK.
To verify the Role and Resource Service Driver has deleted the role, log into iManager.
In iManager, click View Objects.
In the Tree, navigate to your User Application driver and expand AppConfig > RoleConfig > RoleDefs.
Click the container where the role was previously stored. If the role is still in the container in the Identity Vault, refresh until the Role and Resource Service Driver removes the role.
In the Provisioning View in Designer, right-click the subcontainer you want to remove and select Delete, then click OK.
Right-click Role Catalog and select Live > Deploy All.
Click Deploy, then click OK.
Issue: Designer currently displays deployment status incorrectly when you delete a role from the Role Catalog in Designer and then deploy the Catalog to the Identity Vault. In some instances, when the Role and Resource Service Driver successfully deletes a role from the Identity Vault, Designer incorrectly displays a failure message. At the same time, if the Role and Resource Driver is stopped, Designer incorrectly displays a success message. (Bug 846029, Bug 847047)
Workaround: To verify that the Role and Resource Driver removed the role you deleted from the Identity Vault, complete the following steps:
Log in to iManager and click View Objects.
In the Tree, navigate to your User Application driver and expand AppConfig > RoleConfig > RoleDefs.
Click the container where the role was previously stored.
When finished, close iManager.
Issue: If you install Designer 4.6 in your environment, import or create the User Application driver, and then upgrade or downgrade any of the User Application driver packages, Designer creates duplicate objects in the DAL, including objects in the User, Provisioning, Role, and Resource categories. Because of the duplicate objects, Designer does not deploy the driver to the live environment, and the driver does not function, as expected. (Bug 855670, Bug 857475, Bug 826765)
Workaround: Complete the following steps:
Start Designer.
When prompted to check for Designer updates, select Yes and click OK.
Update your Designer installation to the 4.5 AU4 version.
Delete the existing User Application driver.
(Conditional) If the Identity Vault contains a previous version of the User Application driver, complete the following steps:
In the Modeler, right-click the driver set and select Live > Import.
Click Browse.
Select the User Application driver in your Identity Vault and click OK, then click Continue.
Click Yes to confirm.
Click Import, then click OK when finished.
(Conditional) If you have a previous backup of the User Application driver, complete the following steps:
In the Modeler, right-click the driver set and select Import from Configuration File.
Click Browse, then navigate to the location of the backed-up User Application driver configuration file.
Select the XML file and click OK, then click OK again.
Provide the requested information for the imported driver and click Next.
Click OK when finished.
In the Modeler, right-click the User Application driver and select Driver > Properties.
Click Packages.
Perform any necessary upgrade or downgrade procedures, then click OK.
Right-click the driver and select Driver > Live > Deploy, then follow the steps in the Deployment Summary.
You might encounter the following issues when you use Document Generator:
Designer 4.5 does not generate documentation for roles-based entitlement policies or roles-based provisioning module resources. For more information about generating documentation for projects, see “Documenting Projects” in the Designer 4.0.2 for Identity Manager 4.0.2 Administration Guide. (Bug 480369)
In Designer projects with more than 40 drivers installed or very large roles-based provisioning module deployments, the Document Generator fails with an out-of-memory error.
This error occurs due to limitations in the Apache FOP print formatter that Designer uses to generate documentation. For information on the memory-usage limitations of the FOP formatter and suggestions for improving memory usage, see “Memory Usage” on the Apache FOP Project page . (Bug 796616, Bug 520231)
Issue: When you generate a document in Designer, it is not listed in the Generated folder in the project, though it (the generated PDF document) opens without any errors. (Bug 879625)
Workaround: Refresh the Generated folder to make the generated document available in the list.
You might encounter the following issues while working with workspaces used by previous versions of Designer:
Designer 2.1.1 workspaces are not compatible with Designer 4.6. Designer stores projects and configuration information in a workspace. These workspaces are not compatible from one version of Designer to another. You must point Designer 4.6 to a new workspace and not to a workspace that was used by a previous version of Designer.
To work around this issue, convert the older projects to Designer 3.0.1, then import them into Designer 3.5. (Bug 531135)
You might encounter the following issues when you upgrade Designer:
Designer Auto Update Window Contains Incorrect Information About Upgrading
Upgrading from Designer 3.0.1 to Designer 4.6 is Not Supported
Manually Modify and Deploy Schema Changes After Upgrading to Designer 4.5
Migrating Package Linkages to New Structure After Upgrading to Designer 4.5
Upgrading User Application Driver Package from Designer 3.0 to 4.6 Shows the Package as Customized
Designer does not Generate Certificates for eDirectory Servers with NICI 2.7.7.0
Issue: The Auto Update feature performs only an automatic update and does not upgrade your current version to Designer 4.6.
Workaround: Manually upgrade to Designer 4.6.
Issue: Designer 3.5 and later is a full-fledged RCP application. It does not support upgrades from versions of Designer prior to 3.5. If you import a Designer 3.0.1 project into the latest release of Designer, Designer automatically converts the project to version 4.6 so that the project can be used in the latest Designer release. (Bug 531690)
Workaround: There is no workaround at this time.
Issue: If you create a project using a previous version of Designer and then upgrade your environment to Designer 4.6, you must manually update and deploy the schema to be able to work with the project.
In addition, if you create a project using a previous version of Designer and then import that project into a Designer 4.6 environment, you must also perform the schema update and deploy the updated schema. (Bug 845210)
Workaround: To modify and deploy Designer 4.6 schema changes, complete the following steps:
In the Modeler, right-click the Identity Vault and select Manage Vault Schema.
In the Classes list, select DirXML-PkgItemAux.
In the Attributes window for the DirXML-PkgItemAux class, click the Add Optional icon.
In the Select Optional Attribute window, select DirXML-pkgLinkages and click OK.
Click OK.
Save your Designer project.
Right-click the Identity Vault and select Live > Schema > Compare.
Click the drop-down menu and select Show all.
Expand Attributes and select DirXML-pkgLinkages.
If the Compare Status is Unequal, select Update eDirectory.
Expand Classes and select DirXML-PkgItemAux.
If the Compare Status is Unequal, select Update eDirectory.
Click Reconcile, then click No.
Click OK when finished.
To migrate your Package Catalog to the new linkage structure, complete the following steps:
(Conditional) If you have not already imported your project into Designer 4.6, click File > Import and follow the steps in the Import Wizard.
(Conditional) If you want to update an existing project, we recommend you back up your project:
Click Project > Export Project.
In the Export Project window, select the project.
Select To archive file.
(Conditional) Click either Save in zip format or Save in tar format, as appropriate for your environment.
Click Browse and navigate to where you want to save the backup file.
In the Outline view, right-click Package Catalog and select Migrate Linkages.
Click Yes to confirm you have already backed up your project.
Click OK.
This procedure is applicable for projects that were created using any version prior to Designer 4.6 and for projects imported from the Identity Vault. (Bug 847441)
If you create a User Application driver package using Designer 3.0 and then upgrade to Designer 4.6, the property of the User Application base package that is installed, is shown as Customized. (Bug 889949)
Issue: This error occurs because the upgrade program does not delete the org.eclipse.osgi container. (Bug 886559)
Workaround: Delete the container from <designer_install_location>\configuration\ and start Designer.
Issue: Designer 4.6 needs NICI 3.0.1.0 to create certificates if you are connecting to an Identity Vault with eDirectory 9.0 or later. If you are installing Designer on a server with eDirectory version 8.8.8, Designer can use NICI 2.7.7 that is packaged with Designer 4.6.
Workaround: To solve the problem,
Make sure that eDirectory version is 9.0.2 or later.
Upgrade the NICI version packaged with Designer. For more information about upgrading NICI, see “Upgrading NICI”.
You might encounter the following issues when you uninstall Designer:
When you run the installer to uninstall Designer from a Windows server, the installer might not remove all folders created during the installation process. In some environments, the installer does not remove the packages or plugins folders from the Designer installation folder. (Bug 748541)
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2017 NetIQ Corporation. All Rights Reserved.