PIP 6.1.1 Release Notes

September 1st 2022

The new release of PhenixID Identity Provisioning (PIP) improves the stability, compatibility and security of your solution, and is recommended for all installations.

New or updated features

1. Handle policies from scheduler

We have now added a tab in the scheduler configuration where policies can be added, removed and rearranged.

2. Attributes with no value in REST

When the REST web service receives a request with an attribute without value, it will now create the session attribute with an empty string value instead of no value.

3. Improvements in LDAP error handling

Improvements have been made in the handling of errors when sending requests to LDAP. We have ensured that any error attribute will always contain the error message. We have also made sure that if the connection to the LDAP directory is lost during a search, the action will fail.

4. Transaction log

The list of transaction logs at a policy is now sorted so the most resent run is at the top of the list.

Updated Actions

1. Auto Attribute Populator

Version 2.8
A new parameter is added to lower the number of calls to the LDAP directory when a group to update is constantly without any members. In the default manor, a ‘remove all members’ call will be made for the group, every time the action is run, regardless of if the group had any members or not. The new parameter makes it possible to hand over the current member list to the action, to not make any unnecessary calls if the group was empty before and should still be empty.

2. Compose and Generate User ID

Version 3.1
Lonely or trailing spaces as value for a string part of the user id are always removed from the value. To have a lonely space, or a trailing space, use [SPACE].

3. Match to LDAP Object

Version 3.3
It is now possible to fetch the same attribute multiple times when assigning them different session attribute names.

4. Match to XML

Version 1.2
Fixed a bug where the action would fail if the desired attribute had no value.

5. Search LDAP

Version 1.7
It is now possible to fetch the same attribute multiple times when assigning them different session attribute names.

6. Send Mail

Version 2.9
A new parameter is added to make it possible to send one email for each session object, even when the receiving mail address is the same for all objects.

Bug Fixes

1. Object selection in policy debugger

If the policy was started with a file data source, the object selection did not work as expected when manually running the policy in the policy debugger. This has now been fixed.

2. Web Service request selection

When manually running a web service policy in the policy debugger, a list of incoming requests is shown. The list was previously cleared when hitting the refresh button. This bug is fixed so that unhandled requests will stay in the list.

3. Policy specific logging

When creating a new logger for policy specific logging, using the default settings, the log file was never created when running PIP. The reason was that the filePattern attribute was missing in file appender in log4j.xml. This bug has been fixed, but if you have created loggers that are not working, you may have to edit them.

4. Cron schedulers

A confusing log print regarding failed restarting of cron schedulers have been removed.

Misc

1. Java

Identity Provisioning is now tested and bundled with java 17.0.0_35 from Azul.

2. Removed dependencies

The following dependencies have been removed from /lib

esapi-2.2.3.1.jar
log4j-1.2.17.jar

3. Upgrade verifications

Verify so there are no duplicate jar-files, as this might cause an unexpected behavior.

Compare /lib with /ext. If duplicates exists, make sure to keep the latest version of jar-files.

4. End of Support

Information about the oldest supported version can be found here.