NetIQ Identity Manager Identity Applications 4.8 Service Pack 2 HotFix 1 Release Notes

October 2020

NetIQ Identity Manager Identity Applications 4.8 Service Pack 2 Hotfix 1 (4.8.2.1) resolves specific previous issues. This document outlines why you should install this hotfix.

For the list of software fixes and enhancements in the previous release, see NetIQ Identity Manager 4.8 Service Pack 2 Release Notes.

1.0 What’s New?

This release includes the following software fixes:

  • OCTCR28Q282683: Resource modification leading to an issue in the /rest/catalog/resources/resourceV2 API that results in mix up of key value pair of the resource categories.

  • OCTCR28Q231611: Assigning role to groups and containers does not trigger an approval process when approval is configured for that role. (Bug 1172124)

  • OCTCR28Q282474: Team managers unable to reassign their tasks to the reporting manager.

  • OCTCR28Q280503: Conditions defined in DAL relationship in Designer are not used correctly when searching users in a team on New Request page.

  • OCTCR28Q282552: Team Manager and administrators are unable to search users while requesting permissions for others, if additional user search attributes have been added in the Settings page.

  • OCTCR28Q232125: User search on New Request page returns NPE when requesting permissions for others.(Bug 1172191)

  • OCTCR28Q283419: getWorkEntriesRequest SOAP endpoint returns NPE if no task is assigned to the user.

  • OCTCR28Q283211: idmdash making multiple REST calls to /IDMProv/rest/access/tasks/badge?limit=200 rather than one to load the tasks on Applications > My Approvals page in the Dashboard.

  • OCTCR28Q286157: idmdash making unwanted REST calls to /rest/access/rob when logging in to the dashboard.

This hotfix includes CVE-2020-25839 that addresses a potential injection attack. Special thanks go to Norbert Klasen for responsibly disclosing this issue to us.

2.0 Upgrading to Identity Applications 4.8.2 HotFix1

You must be on Identity Manager 4.8.2 at a minimum to apply this hotfix.

IMPORTANT:In a cluster setup, ensure that you install the hotfix on each node of the Identity Applications cluster.

2.1 Upgrading to Identity Applications 4.8.2 HotFix 1 on Linux

  1. Stop the Tomcat service running on your Identity Applications server by running the following command:

    systemctl stop netiq-tomcat.service

  2. Back up the IDMProv.war, idmadmin.war, idmdash.war, and workflow.war files from the /opt/netiq/idm/apps/tomcat/webapps location.

  3. Delete the following directories and files from the /opt/netiq/idm/apps/tomcat/webapps directory:

    • IDMProv.war

    • IDMProv directory

    • idmadmin.war

    • idmadmin directory

    • idmdash.war

    • idmdash directory

    • workflow.war

    • workflow directory

  4. Download and extract the IDM48-APPS-SP2_HF1.zip file from the NetIQ Download site.

  5. Rename idmadmin-4.8.2.1.war to idmadmin.war and idmdash-4.8.2.1.war to idmdash.war.

  6. Copy the IDMProv.war, idmadmin.war, idmdash.war, and workflow.war files from the extracted location to <Tomcat-installed-location>/webapps directory.

  7. Run the following commands to execute permissions and user rights for the replaced war files:

    • chmod +x IDMProv.war idmadmin.war idmdash.war workflow.war

    • chown -R novlua:novlua IDMProv.war idmadmin.war idmdash.war workflow.war

  8. Delete all the directories and files from the /opt/netiq/idm/apps/tomcat/temp and /opt/netiq/idm/apps/tomcat/work directories.

  9. Navigate to the /opt/netiq/idm/apps/tomcat/conf directory and set com.netiq.idm.rbpm.updateConfig-On-StartUp flag to true in the ism-configuration.properties file.

  10. Start the Tomcat service on your Identity Applications server by running the following command:

    systemctl start netiq-tomcat.service

2.2 Upgrading to Identity Applications 4.8.2 HotFix 1 on Windows

  1. From the Windows services, stop the IDM Apps Tomcat Service running on your Identity Applications server.

  2. Back up the IDMProv.war, idmadmin.war, idmdash.war, and workflow.war files from the <Identity Applications Tomcat installed location>\webapps\ folder.

  3. Delete the following from the <Identity Applications Tomcat installed location>\webapps\ folder.

    • IDMProv.war

    • IDMProv folder

    • idmadmin.war

    • idmadmin folder

    • idmdash.war

    • idmdash folder

    • workflow.war

    • workflow folder

  4. Download and extract the IDM48-APPS-SP2_HF1.zip file from the NetIQ Download site.

  5. Rename idmadmin-4.8.2.1.war to idmadmin.war and idmdash-4.8.2.1.war to idmdash.war.

  6. Copy the IDMProv.war, idmadmin.war, idmdash.war, and workflow.war files from the extracted location to <Identity Applications Tomcat installed location>\webapps\ folder.

  7. Delete all the files and folders from the <Identity Applications Tomcat installed location>\temp and <Identity Applications Tomcat installed location>\work folders.

  8. Navigate to the C:\NetIQ\idm\apps\tomcat\conf\ folder and set com.netiq.idm.rbpm.updateConfig-On-StartUp flag to true in the ism-configuration.properties file.

  9. From the Windows services, start the IDM Apps Tomcat Service on your Identity Applications server.

3.0 Known Issue

NetIQ strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.

3.1 Identity Applications Issue

You might encounter the following issue when you use Identity Applications, which includes Dashboard, Identity Applications Administration interface, and the User Application:

Settings to Enable and Disable Role to Role Approval Process is Not Working At Client Level

Issue: In the settings page, if the approval process for role to role mapping is enabled for default client (client1) and disabled for other clients (say client2), the approval process is triggered for both client1 and client2 users when a child role is mapped to a parent role. (Defect OCTCR28Q289168)

Workaround: There is no workaround at this time. The enable and disable approval settings for role to role mapping must be configured for the default client, which will apply to all clients.

3.2 Identity Reporting Issue

You might encounter the following issue when you use Identity Reporting.

Data Generated in the Role Assignments of User Report is not Formatted Properly

Issue: The Role Assignments of User Current State report displays the distinguished name (DN) of the group, approvers, and requester instead of their full names in the Source column. This is observed specifically for roles that are assigned to the user through role assignments to groups, containers, or through role to role mapping. (Defect OCTCR28Q287067)

Workaround: There is no workaround at this time. However, there is no functionality loss. The fix for this issue will be available shortly.

4.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information website.

For general corporate and product information, see the NetIQ Corporate website.

For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.

5.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.

Copyright © 2020 NetIQ Corporation, a Micro Focus company. All Rights Reserved.