CP-IMV-140100-0010 Release Notes

cis141
Tabulated below are the enhancements and defects that are fixed in the Identity Manager Cumulative Patch (CP) 10:
 
Enhancements
Enhancement
Descriptions
Offline Endpoint Management
Identity Manager provides full support for endpoint outages. The outages can include planned outages that are managed by administrators and unplanned outages.
For more information, see Manage Offline Endpoints.
Active Directory Connector supports Log Rotation
The Active Directory connector is enhanced to support configurable log file size and number of files to retain.
For more information, see Active Directory Connector Log Rotation.
Identity Manager Server
Support Ticket
Engineering Ticket
Problem Summary
Root Cause and Additional Deployment Instructions
Associated Risks
1192626
DE401856
Create or modify user task failed while evaluating the configured policies.
Issue with the Status attribute setting.
HIGH
20013461
20012947
DE422300
Post Identity Manager upgrade, SOAP queries from Policy Xpress Action elements fail with a NullPointerException.
SOAP HTTP Header caused the issue.
HIGH
20021961
DE424201
Inbound notification filtering issue.
Inbound notification filter was missing thus causing the filtering issue.
HIGH
1235684
DE394439
Import of data from Identity Manager to Identity Governance fails.
A bad search filter error caused the import operation to fail.
HIGH
1304437
DE415777
Sensitive user data is exposed in the View Submitted Task (VST).
The metadata attribute "vst_hide" which controls the visibility of a property is disabled.
HIGH
20032048
DE426426
Database session is blocked.
The taskNumber sequence is not cached.
HIGH
1259283
DE430745
Suboptimal query filter caused CPU starvation.
Regression of DE294526.
HIGH
20061775
DE434342
Upgrade from 14.0 SP1 to 14.2 fails in a multi- database environment.
System writes Object Store SQL query into the Task Persistence SQL script file.
HIGH
1328839
DE414328
In a Bulk Task operation, the "Dates Filter" field does not function correctly.
The Date attribute value comparison is done as a string.
HIGH
1309929
DE408149
On submission of the Modify User task, the Policy Xpress Policy of Type=UI does not perform Outbound Sync to the Provisioning Server.
When the password attribute is changed, the "Modify User" task sends Account Sync twice and behaves inappropriately.
MEDIUM
1294359
DE413038
Actions related to "SynchronizeUserProvisioningRolesAddAccountsEvent" are failing.
Regression issue due to the removal of "SynchronizeUserProvisioningRolesAddAccountsEvent" event.
MEDIUM
1312267
DE411784
Few Policy Xpress policies fail with null pointer exception.
Null pointer exception is triggered as few attribute values are not saved in a task session.
MEDIUM
1371557
DE421561
Policy Xpress Soap Query results in an error: "Execute SOAP Query: Generated By Policy Xpress: Failed to execute ExecuteSoapWebserviceEvent. ERROR MESSAGE: NullPointerException:null"
DE400864 caused regression issue.
MEDIUM
20034492
DE427034
Identity Manager Management Console is vulnerable to user enumeration.
Error message on login failure is vulnerable.
MEDIUM
20052127
20069790 
DE429142
DE432881 
Policy Xpress Policy SOAP Query failed with the following error: "Failed running web service" which was caused by "Could not send Message.;HTTP response '403: Forbidden' when communicating with http://hostname/iam/im/TEWS6/env?wsdl".
Basic authentication included extra checks which resulted in the error.
MEDIUM
890286
DE328251
PolicyXpress Web Service call fails due to an empty service name.
WebSphere does not accept an empty Qname namespace.
MEDIUM
1189686
20042849
DE385002
DE430182 
Misalignment of "Task ID" field in the View Submitted Tasks search screen.
HTML code needs improvement in terms of field alignment.
MEDIUM
20046148
DE430030
Active Directory connector is unable to handle the latest list of ISO 3166 country codes.
Active Directory connector should be updated to handle the latest list of ISO 3166 country codes.
MEDIUM
1328054
DE410630
Scope for account templates does not evaluate search operations (CONTAINS, STARTS WITH and so on) correctly.
Unable to perform search operation successfully as the system replaces "*" with an escape character.
MEDIUM
1296416
DE415976
Long response time when searching for an Account Template.
Enhancement to speed up the search time for the account templates.
LOW
1356214
DE416499
Identity Manager services fail to start.
Identity Manager fetches all Audit table information instead of fetching requested attributes thus hindering the startup of Identity Manager services.
LOW
1296852
DE420500
Few system tasks caused Identity Manager performance degradation.
Enhancement to improve the performance of Identity Manager.
LOW
1278810
DE408197 
A user who is disabled after the configured number of failed login attempts, is able to access Identity Manager after providing correct login credentials in the next attempt.
GET request is not handled properly in frameworkloginfilter.
LOW
20041089
DE427444
The LDAP error 53 sent as a response in the TEWS call made to Identity Manager, contains an invalid character that invalidates the xml and blocks the service that made the SOAP call.
The TEWS response XML is unable to parse as it contains {nul} character.
LOW
20045033
DE428239
REST services called via a policy do not accept the Date Time Stamp in the header.
Header value is not retrieved in a proper order.
LOW
745231
DE294526
Bulk Task operation does not check attributes with empty value.
Code changes were reverted via DE430745 as it caused performance issues.
LOW
20063058
DE434635
When searched for <Attribute Field>= *, the fields with empty values are part of the search results.
Implementation bug.
LOW
1291433
DE404940
Unable to trigger workflow on the Modify Active Directory Group task events.
Implementation bug.
LOW
Provisioning Server
Support Ticket
Engineering Ticket
Problem Summary
Root Cause and Additional Deployment Instructions
Associated Risks
1362475
DE417705
Provisioning Server ran out of available threads.
Insufficient memory for the Provisioning Server (IMPS) service to run smoothly.
HIGH
01291085
1337539 
DE404413
DE413496 
The Active Directory connector logs messages without adhering to the endpoint logging configuration.
Improper implementation of Endpoint logging configuration.
MEDIUM
1283837
20014459 
DE407321
DE422395 
Group membership revocation fails on de-provisioning an account template.
Group membership revocation fails because of the group DN mismatch between an Account and Account Template.
MEDIUM
20009154
DE421424 
Provisioning Server crashes.
Provisioning Server tries to use an invalid connection and crashes.
MEDIUM
1347256
DE415589
CA TopSecret V2 connector is unable to update account profiles.
Incorrect account profiles synchronization logic.
MEDIUM
20046148
DE430030
Active Directory connector is unable to handle the latest list of ISO 3166 country codes.
Active Directory connector should be updated to handle the latest list of ISO 3166 country codes.
MEDIUM
1372320
DE420439
Relationship between DYN Account Template and its associated endpoints break on deleting the association between DYN Account Template and DYN endpoint.
Implementation bug
MEDIUM
1327076
DE410537
Suppression hotfix is not available in the Identity Manager patch.
 -
LOW
1214849
DE402848
Connection error while creating a Home Drive on a File/Print server for a new user.
Retrial of API "WNetAddConnection2"fixed the customer issue.
LOW
1363897
DE418312
Oracle Application responsibilities are not end dated.
On deleting the last Account Template for an account, the respective Oracle Application responsibilities are not end dated.
Additional Instructions:
To end date all existing Oracle responsibilities on account deletion, set the environment variable ENDDATE_RESP_ON_DELETEACCOUNT to 1 in the C++ Connector Server. Next, start the server.
LOW
1342920
DE421604
In a situation where C++ Connector Server crashes more often, the following error might occur: When an endpoint is explored and the Provisioning Server cannot access the endpoint, it generate a Child Delete action.
Since C++ Connector Server is crashing more often, it confuses Provisioning Server to believe that an endpoint does not exist.
LOW
Java Connector Server
Support Ticket
Engineering Ticket
Problem Summary
Root Cause and Additional Deployment Instructions
Associated Risks
1279957
DE404268
Identity Manager does not honour Unix v2 connector password algorithms.
Unix v2 connector code uses fixed algorithm to encrypt account passwords.
HIGH
1302374
DE406342
Exception is thrown when a parameter is declared as "IN OUT" in a stored procedure for any JDBC dynamic connector.
JDBC connector does not support "IN OUT" for a parameter.
HIGH
1230790
DE396742
LDAP DYN connector fails to delete endpoint accounts with the following error: "javax.naming.NamingException DELETE operation skipped java.lang.ArrayIndexOutOfBoundsException: 1"
 LDAP DYN connector fails to synchronize accounts with ArrayIndexOutOfBounds exception.
MEDIUM
1265731
DE399272
RSA endpoint Explore fails with "Error searching security domains in null".
Reuse of "searchContextID" caused the issue.
MEDIUM
1303757
DE407023
Salesforce connector does not support the Federation ID attribute.
No mapping exists for the Federation ID attribute at the connector level.
MEDIUM
1336542
DE417024
Search for SAP Accounts in the Provisioning Manager retrieves all the SAP roles (including Compound roles) but the search fails from the Identity Manager User Console interface.
Implementation bug.
MEDIUM
1351913
DE416392
When HP-UX account is locked due to many failed login attempts, the account status still remains 'Active'.
The account status is not shown correctly after maximum tries.
LOW
Connector Xpress
Support Ticket
Engineering Ticket
Problem Summary
Root Cause and Additional Deployment Instructions
Associated Risks
1293966
DE404442 
  • Connector Xpress GUI fails to load the Account schema with DYN connectors greater than 450+ multi-str attributes.
  • The DYN Account schema has an upper bound limit of 500 multi-str attributes.
The limitations set for the multi-str attribute caused the issue.
LOW