1.1 New Features and Enhancements

Introduction of a New Configuration Property Key to Disable Nested Group Search

When retrieving the access permissions of a user, Identity Applications looks for the group membership attribute and displays all permissions granted to that user by direct group assignment and through nested group membership. This functionality is enabled by default. However, if you wish to disable the default nested group search and have it only check for direct group assignments, add the following property to the ism-configuration.properties file and restart Tomcat: DirectoryService/realms/jndi/params/USE_NESTED_GROUPS=false

New Property Introduced In the Roles and Resource Service Driver

A new parameter is added to the Role and Resource Service Driver that lets you to configure how the driver handles MOT transactions. By default, when a role is assigned to a dynamic group, the driver uses Multi Object Transaction (MOT) to update multiple attributes of the user and group entities using a single thread. However, if you want to enable parallel processing of multiple threads at the same time, set the value of the Disable Dynamic Group evaluation in a single MOT transaction property to true in the driver configuration wizard.

Extended Functionality of the User Application Driver's Enable oidpInstanceData attribute clean-up Property

The Enable oidpInstanceData attribute clean-up property now provides enhanced functionality. In addition to the oidpInstanceData attribute cleanup, this property now handles the DirXML-EntitlementResult cleanup.

By default, the entitlement result that caused an event is purged from the DirXML-EntitlementResult attribute after notifying the User Application driver. Starting with this release, if the entitlement results are not purged and continue to increase in number, the driver will delete them from the DirXML-EntitlementResult attribute when its value reaches 5000 or greater.