8.2 - Lapis

Since version 8.2.0, it is possible to define permissions not only for identity as a whole, but also for individual attributes. This means that it is now possible for one user to view (or edit) all his attributes, and for example only one attribute for the other user.

The permissions control for a particular attribute is now available for extended attributes (EAV) only.

More about this feature you can find here.

Unauthenticated users come to CzechIdM for the first time. Without the need to fill any login or password, they are authenticated to CzechIdM and come to the front page.

More about this feature you can find here.

Bulk actions on roles is used for made easy and asynchronous changes on more roles. This actions are supported now:

This operation invokes account management for each selected role. The account management will be invoke for all users with the role. Account management itself and subsequent provisioning are performed asynchronously. You can see progress of this operations in the Events agenda.

On choosing that action is shows to user counts of relationships on the identities for selected roles.

More about this feature you can find here.

In some cases, we need obtain additional information and show them to the user before bulk operation starts. For example operation for invoke account management for all identities witch the role. In this case we want to show how many identites has that role (before start).

Prevalidate feature was developed exactly for this case. Every bulk operation has method prevalidate, returns the ModelResults.

More about this feature you can find here.

Archetype generate basic skeleton application for our devstack, including backend and frontend module.

With this archetype you can easily generate app skeleton. With this folder structure:

./idm-<your-artefact-id>/
 ├── Realization/                           ⟵ Realization folder (contains FE + BE)
 |   ├── frontend                           ⟵ frontend module
 |   |   └── czechidm-<your-artefact-id>/
 |   |       ├── src                        ⟵ frontend sources
 |   |       ├── test                       ⟵ frontend tests
 |   |       ├── component-descriptor.js
 |   |       ├── module-descriptor.js
 |   |       ├── package.json
 |   |       └── routes.js
 |   └── backend                            ⟵ backend module
 |       └── idm-<your-artefact-id>/
 |           ├── src                        ⟵ backend sources
 |           |   ├── main/
 |           |   └── test/
 |           └── pom.xml                    ⟵ backend pom.xml
 └── pom.xml                                ⟵ artefact pom.xml (you can remove this pom)

More about this feature you can find here.

• #1125 - Identity extended attributes - support authorization policies
• #636 - Reduce JWT token size
• #1121 - Execute synchronization asynchronously
• #1095 - Support Single-Sign-On
• #1162 - Delete virtual systems
• #1170 - Role - guarantee by role
• #1164 - Bulk backend action - prevalidate
• #681 - Create Maven archetype for CzechIdM module development
• #1053 - Include workflow for AD groups sync to our product
• #488 - List of changes for the managed system
• #1047 - Create default contract in synchronization of users
• #1126 - Sync of identities - add external code as correlation attribute.
• #1163 - Encryption key on confidential storage cannot be changed
• #379 - Resource - allow to map an attribute multiple times
• #1141 - Connid logs cannot be configured
• #1159 - Faster delete of logging events
• #1131 - Insufficient privileges for the request approver
• #1166 - Issue while create superAdminRole
• #1157 - Long running task detail and clearInterval
• #781 - Do acc and provisioning when system on role changed
• #1156 - Add test for Example filter builder
• #1144 - Body(Text) is null when template is created via GUI
• #1172 - Move ProvisioningOperationReport to product

• #1171 - Strange behavior after delete tree nodes in reconciliation
• #1155 - Acc: Update system entity wish attribute, after provisioning is executed
• #606 - IdmIdentityService.updateAuthorityChange should be thread-safe
• #1033 - Scheduling synchronization - prevent to start another long running task
• #1167 - Add cdata tag for description in backup feature
• #1175 - Unique on the automatic role (tree node)
• #1169 - Reusing the implementers in virtual systems
• #1149 - Cancell full provisioning batch error