10.8:release_notes.md

CzechIdM 1.8.0

The main goal of the version 10.8.0 is to continue improving UX, especially in the area of connecting external systems. Therefore the Microsoft Active Directory connection wizard was created in this version, which simplifies the entire connection process to 5 easy steps. Another major milestone was the creation of the remote connector management agenda and the login token management agenda.

This version completes the 10th series of the CzechIdM and therefore becomes another LTS (long term support) version and thus replaces the previous LTS 9.7.

Less user-visible but still important implemented features: - Support for sync and provisioning of an identity state. - Bulk action for form attributes deletion. - Task for generating new initialization vector for values in the confidential storage. - And much more …

The most ambitious goal is to create the wizard for connecting of the Microsoft Active Directory system (AD). Connecting AD with IdM is very important part of IdM usage but at the same time manual connection setting can be a relatively complex matter for many even advanced users.

The complication starts in communication with AD. Here it is very important to use secure communication (SSL), which requires installation of a correct certificate. It is also important to verify that our service AD account has sufficient privileges.

However, the biggest difficulties can occur with many rules that must be followed during the connection (connector settings) and especially in the way how to correctly map the individual attributes of AD. Correct selection and mapping of IdM attributes to AD may not be easy for inexperienced users.

This wizard therefore solves all these mentioned problems and is based on our best experience with efficient management of AD systems.

wizard_ad_03

You can find more about this feature here.

The goal of this agenda is to facilitate the management of all connectors (local and remote) that are used in IdM.

Standalone connector server agenda is available from main menu SystemConnector servers. Remote connector servers can be configured here and configuration is effective for all related systems. Connectors installed on the same server together with CzechIdM are shown. Systems related to remote connector server or to concrete connector can be found on server or connector detail.

remote-connector-servers

You can find more about this feature here.

The main benefit of this agenda is the ability to manage authentication tokens directly through the IdM GUI. So now, for example, you can log out specific user or generate a system token.

Use token agenda for generating system tokens, which can be used for system to system communication. Token expiration can be optionally set but is not required. Token will grant the same authorities and permissions as token owner.

generate-token-detail

You can find more about this feature here.

The new bulk actions for operations with contract guarantees have been added. They provide adding, removing and replacing of contract guarantees.

They enable the administrators or any other authorized IdM users to easily change contract guarantees of the large amount of identities with only several clicks. Changes are applied on all contracts of the particular identity and if some guarantees are not successfully added, removed or changed, mostly because of missing permissions, this fact is logged in the task result log.

bulkactionoiperationselect

You can find more about this feature here.

  • #2627 - Wizard - MSAD - Users
  • #2628 - Add remote connector server agenda
  • #2664 - Bulk add and remove contract manager
  • #1199 - Token - add agenda
  • #869 - Allow sync and provisioning of a identity state
  • #2665 - Verification of product test scenarios.
  • #2688 - Wizard: support remote server usage
  • #2652 - Create a task to generate new initialization vector for values in the confidential storage
  • #2553 - Allow component for selecting tree node to limit its values only on a single tree type
  • #2576 - Configurable role authorizer type for role change request
  • #2617 - FE: create CodeableField component
  • #92 - Component Basic.Loading - show backdrop with offset
  • #868 - Configure default value by attribute persistent type
  • #344 - Form attribute definition - Order
  • #2692 - IdmTool - support release candidate
  • #2680 - Wizard - MSAD+WinRM - Users
  • #2586 - Update library apache httpclient to new version
  • #2683 - Authentication: Support swith user with sso enabled
  • #346 - Add hateoas links do dto, when list is returned
  • #2634 - Bulk action: Show available bulk actions, when no row is selected
  • #2572 - Enable saving a lot of permissions together (current limit is 255 characters)
  • #2614 - Eav: Implement BE bulk action for delete form attribute
  • #2564 - Pass provisioning context to scripts
  • #2675 - Automation of product integration tests - prerequisities
  • #430 - Authentication FE feedback
  • #2691 - Allow open links in CzechIdM in new panel (eq. by middle click)
  • #87 - Componet BasicTable - support for FE only pagination

- 🟡 #2686 - Synchronization of identities and contracts sometimes left Waiting tasks (→ next synchronization failed to start HR processes) - 🟡 #2660 - Missing configuration of one system after exporting+importing 2 systems at the same time, missing settings of synchronization of contracts - 🟡 #2600 - Removing authorization policy form role assigned to many users fails - 🟡 #359 - Templates detail fix editor with Apache velocity - 🟢 #2651 - An old version of a script is sometimes displayed directly after upload/redeploy - 🟢 #2657 - Adding/removing the scheduled run of a scheduled task is not visible - 🟢 #2677 - Audit - filtering by last month doesn't display some days at the end of the month

The changelog for this and previouse versions can be found here.