CzechIdM 10.1.0

The main enhancements in version 10.1.0 is an extension of automatic assigned roles according to attributes by more types of rules. Differential synchronization support has been added to improve performance. This version also includes the IdM Tool extension, which now supports building projects with a single command.

Agenda for automatic role assignment by attributes has been extended with new types of rules. More precisely, it is an extension of the number of operators that can now be defined.

This extension greatly increases the use of automatic roles.

Previously only the 'equals' operator could be used, now the following are supported:

* Equals * Not equals * Start with * Not start with * End with * Not end with * Is empty * Is not empty * Contains * Not contains * Less or equal than * Greater or equal than


More about this feature you can find CzechIdM 10.1.0.

The goal of differential synchronization is to update the synchronized entity only if at least one mapped attribute value has changed. This prevents unnecessary event creation in the system.

Differential synchronization only checks the values of the mapped attributes. Ie. if the attribute that we do not map in IdM changes in the source account, the differential synchronization will not detect the change and the entity will not be saved.

In the picture below, only one change was detected.

Therefore, 18 elements are marked as ignored and one is marked as success (green color):

diff_sync_use_ (1)

More about this feature you can find CzechIdM 10.1.0.

This tool supports CzechIdM developers and implementers. The current version of IdM Tool makes it easier to release new module versions and build projects.

* Release product version - release product under final version, new development version will be set, tag will be prepared. * Release module version - release module under final version, new development version will be set, tag will be prepared. * Change product version - set version for all modules. * Get product version - for test reasons only. * Build product version - for test reasons only. * Build project - use released product and install additional released modules and libraries.

More about this feature you can find CzechIdM 10.1.0.

In version 10.1.0, a new agenda has been created that allows basic caches management in CzechIdM.

Currently active caches are displayed in ConfigurationModulesCache. Here we can see all caches, which have been initialized since start of the application. Note that cache is initialized lazily (when they are needed) so not all expected caches may be displayed in this table.

caches_fe (8)

Most operations, which need to invalidate cache, do so automatically and administrator does not need to worry about it. For example when you change configuration of CzechIdM from UI, then corresponding cached value is updated too (if it exists). There are basically only two situations, which would require manual cache eviction:

  • After direct modification of cached data in database (for example after ETL operation).
  • When cached data gets too big.

    More about this feature you can find CzechIdM 10.1.0.

  • #1373 - Add more comparison methods to automatic roles with attribute
  • #1973 - Agenda for show all IdM services with methods
  • #1965 - IdmTool - build project
  • #1711 - Trim or warn about leading and trailing whitespaces
  • #1958 - Differential sync
  • #2016 - Use Idm cache manager in all places in application
  • #2022 - Support of the delete bulk action for mapping
  • #1196 - Form values - add bulk action for delete
  • #1964 - IdmTool - release module
  • #578 - Duplicate mapping
  • #1954 - Add checkbox (Differential sync) on sync detail
  • #1712 - Allow empty strings for roots in synchronization of tree nodes
  • #1976 - Displaying cache usage and add possibility to clean it.
  • #1999 - FE validation documentation
  • #2015 - Add support of bulk action to the configuration table
  • #2044 - Bulk actions doc improvements
  • #1838 - Select box used in filter - support to select disabled entity.
  • #2023 - FE: Add empty option for clearable select boxes
  • #2051 - IdmTool - build project with extracted product artefact
  • #1987 - Add level property for bulk actions
  • #2045 - Make IdMTool return POSIX.1-correct return codes
  • #1986 - Rename bulk actions localization for remove entity from "remove" to "delete".
  • #1826 - Supports special characters in password policy prohibited characters
  • #1992 - Missing decision buttons on virtual request detail
  • #2020 - After upgrade version to 10 isn't possible create automatic role rule concepts with different type than identity
  • #1807 - If role has more than 100 owners, the approval process works only with 100 of them
  • #1988 - Login dialog is not shown, when token is disabled
  • #2036 - Deleted VS implementer's identity cannot be deleted from the 'implementers' list
  • #2005 - Password can contains prohibited characters in some cases
  • #2038 - FE: provisioning break recipient cannot be removed
  • #1729 - After using Virtual system connector, you can't switch to remote connector server connectors
  • #1990 - Popover with transaction id cannot be copied from modal
  • #2048 - Table with rules on automatic role request hasn't page sorting
  • #1859 - Password on target system cannot be changed until the first provisioning occurs
  • #1984 - Leftover records in sysprovisioningattribute
  • #2037 - In the attribute mapping configuration I can select any existing mapping
  • #1989 - Value missing in code list is not shown (empty select box)
  • #2026 - Purging temp files fails for higher TTL
  • #1995 - Password information has infinite loading (if URL contains ID instead username)
  • #2057 - Typos mistakes on password detail in czech language
  • #2049 - After refresh whole page request for automatic role missing existing rules