9.6:release_notes.md

CzechIdM 9.6.0 - Quartz

The aim of version Quartz was optimize processes like account management, provisioning, events mechanism and the most used frontend contents - identity detail (assigned roles, password change) and role request detail.

Incremental account management and provisioning

For optimization reasons, incremental account management has been implemented. This allows assign or modify roles to the identity so that the necessary calculations are performed only for the assigned/modified roles of that identity.

Incremental provisioning is closely related to incremental account management. This ensures that provisioning is made only for the accounts touched. This means that if a user has multiple different accounts (A, B) and an additional role is assigned (that assigns the same A account), then account management and provisioning is performed only for A (not B).

More about this feature you can find here.

Edit password metadata

For password is possible set flag Password never expires. This flag disable filling valid till. Password never expires and another attributes for password like valid till, is possible set via agenda information about password that is accessible via identity detail and password agenda.

pass003

More about this feature you can find here.

Role request is executed asynchronously

Instead of executing a single assigned role in the request asynchronously, the whole request is executed asynchronously. Thanks to this change was implemented incremental account management and the event queue contains a less events.

More about this feature you can find here.

Provisioning can be fully disabled for the target system

It's possible to configure the target system as inactive without provisioning queue - provisioning operation will not be created into queue - transformation scripts for mapped attributes will not be evaluated (except attribute marked as account identifier). Just ACM for creation IdM account with identifier (uid) will be called.

More about this feature you can find here.

All new features in this version:

  • #1534 - Incremental account management and provisioning
  • #1631 - Deduplication use _eavs instead of getSubDefinition
  • #1619 - Filtering of entities generate too many selects
  • #1185 - Create endpoint to read metadata about identity password
  • #1384 - Support "Password never expires"
  • #1543 - Make execution of role-request async
  • #1530 - Login block (2nd in a row) behaves differently after the elapse of 1st block
  • #1639 - Don't create role-request concept before first save
  • #1633 - Add role request to automatic roles by tree structures
  • #1617 - FE: Add filter on currently assigned roles and role request detail
  • #1624 - Deduplication stress tests
  • #1567 - Propage parent event properties on the NOTIFY event
  • #1557 - FE - role info component with tree support
  • #1622 - Entity event queue - make batch size for event processing configurable
  • #539 - Inactive system fills provisioning queue
  • #1632 - Add role request to automatic roles by attribute
  • #1575 - Optimalization of role-requests (search, save)
  • #1416 - FE: Dashboard - "quick" buttons registration support
  • #1623 - ACM does not creates account for second system
  • #1559 - No documentation piece on copying roles from a user
  • #1588 - Entity events - transactions
  • #1576 - Update monitoring and backup strategy
  • #1638 - Warn user about new duplicities during creating new role concept
  • #1536 - "Eye" on password field - user can see entered password
  • #1613 - Workflow detail call history process without superProcessInstanceId
  • #1637 - FE: Add role description column into role select - by catalogue modal window
  • #1535 - Make link for help for password more visible
  • #1584 - Inactive user in role guarantee agenda

All defects fixed in this version:

  • #514 - Transaction - noRollbackOn
  • #1501 - Feature copy roles by user doesn't made deep copy
  • #1568 - Deleted dependent task - Fail in the task result
  • #1627 - Null values in index uxidentityaccount
  • #1554 - Changing the password should clear block login date
  • #1618 - Provisioning bulk action without filter doesn't work
  • #1540 - Displaying bulk actions for systems require ROLEREAD and SYSTEMDELETE
  • #1531 - Scheduler start by other task - can't select task with the similar description
  • #1500 - When HR process is stopped manually, its next run processes wrong items
  • #1553 - Limit equals in provisioning brake
  • #1634 - Assigning of 100 subroles consumes too much memory
  • #1571 - Name of automatic role is cleared after parameter is added
  • #1570 - Tests for role deduplication and order
  • #1597 - Attribute mapping without defined script can be modified or deleted
  • #1551 - Method 'findIds' doesn't work with page request
  • #1642 - Set EAV instance back to DTO after save
  • #1641 - Fix processors order in agenda