PIP 5.2.0 – Release Notes
December 15th 2020
PhenixID Identity Provisioning (IP) 5.2.0 improves the stability, compatibility and security of your solution, and is recommended for all installations.
New or updated features
1. New REST Web Service Data Source
From this version, PIP now has a new web service data source using REST. This is the web service data source that we now recommend. Using this web service data source you get a lot of new features, for example:
- Multiple endpoints. You can create multiple REST WS data sources with different endpoints.
- Fire and forget. If you have a policy that takes a long time to finish, you can set up the web service to send the reply back to the client before starting to run the policy.
- Authentication. It is now up to you to choose your desired authentication for each web service endpoint.
Read more about the new REST Web Service in PSD1163.
2. Log for Web Server
A new log file has been added in the Log Settings. The log file will contain logging from the web server, when using web service data sources.
3. SNI For Web Service
In previous versions, the java parameter enableSNIExtension was set to false to prevent SNI from being included in any web service calls. This parameter has been removed, and the default behavior with included SNI has been restored.
To reset this parameter to false, edit the .vmoptions file for both the Configurator and the Service, and add the row below.
-Djsse.enableSNIExtension=false
4. New Jetty server for Web Services
The Jetty server, used for web service data sources, has been updated to version 9.4.31.
5. Web Server Addresses
The Jetty server can now be configured to listen to multiple specific ip addresses and host names. By default, the server listens to all addresses.
6. SSL Options
The options for SSL have been removed. The new recommendations for protecting PIP web service can be read in PSD1163.
7. LDAP Persistent Search
Improvements have been made in LDAP Persistent Search policies. If PIP loses the connection to the LDAP server, it will try to make a new connection to the server. During up to 1 minute, recurrent attempts will be made, before aborting and sending an alert.
8. LDAP Policy
When fetching LDAP attributes in the initial creation of session objects in an LDAP policy, the LDAP attribute names can now renamed from scratch when the session attributes are created. This is done by using |.
Ex: givenname|userGivenName
9. Alert at failing Action Data Source
If the Action Data Source used as the initial data source in a policy fails, the policy will now raise an alert. This is the same behavior as with other data source types.
Important Changes
1. Basic Auth in Web Service Actions
Due to the upgrade of the Jetty server, the dependency jar files for Jersey have been updated to newer versions. In this version of Jersey, basic authentication is made in another way than before.
If you have any web service action that is using basic auth for the authentication, those actions need to be updated to work in this version of PIP. For actions that PhenixID provides as additional downloadable action packages, download the new version from our web site. For actions that are custom made for you, you have to make sure those are updated as well.
Updated Actions
1. AES Encrypt/Decrypt Attribute
Version 1.0
A new action for AES encryption and decryption, using updated dependencies. The old version of the action has been deprecated.
2. Compose and Generate UserID
Version 2.0
Added audit logging when updating the counter value in LDAP.
3. Create LDAP Object
Version 2.4
The parameter ‘Include Session Attribute’ now supports mapping of session attribute names to LDAP attribute names.
4. Export to Excel
Version 1.5
The parameter for which attributes to include in the export now has support for SESSION().
The default name for the file is changed to PIPReport and the default sheet name is changed to PIP Export.
5. String Extract
Version 1.4
The action will not run if the mandatory parameters are not set.
6. Write to LDAP
Version 3.9
The parameter ‘Save Attributes’ now supports mapping of session attribute names to LDAP attribute names.
7. Condition Filter in Run Actions
The multiple condition filter used in several Run Actions are improved to handle () in the attribute value in a correct way.
8. REST Actions
The REST actions had a bug where the optional headers where not added in the correct way. This has now been fixed.
The basic auth has been updated to work with the new version of Jersey dependencies.
New configuration to make multiple simultaneous calls. This is made to decrease the time for the action to run.
9. Google Directory API Actions
The actions can now handle multi values in custom schema attributes.
Some of the actions that typically makes many calls can now be configured to make multiple simultaneous calls to Google. This is made to decrease the time for the action to run. How many simultaneous calls you can run depends on your account at Google, because they have a limit for how many calls you are allowed to make within a minute.
Read more in PSD1095.
10. ServiceNow – Update ServiceNow task
Version 1.1
The basic auth has been updated to work with the new version of Jersey dependencies.
Read more in PSD1100.
11. Visma HRM Get Persons Not Started
Version 1.2
This Visma action will now primarily fetch any upcoming employment, even when the person already has an ongoing employment.
The basic auth has been updated to work with the new version of Jersey dependencies.
Read more in PSD1138.
12. Visma Personec Actions
The Visma Personec actions now have support for entering the export type name, to support export type names that are individual for each customer.
New actions have been made to export organization data from Visma Personec.
Read more in PSD1114.
New Actions
1. Google Calendar Actions
A new action package for sending calendar information to Google.
Read more in PSD1157.
2. Google Mail Signature Actions
A new action package for sending mail signature information to Google.
Read more in PSD1158.
Bug Fixes
1. LDAP Policy
When using an LDAP directory with paged result, and setting a max result larger than the paged size, the policy would get more objects than the max number. This has now been fixed.
2. Setting values in number spinners
When setting a value in a number spinner in the Configurator, for example the log file size, the value was not saved if the user did not change focus in the panel before changing panel. This has now been fixed.
3. Global Parameters
When editing a standard global parameter, the Configurator presented the default value in the editing dialog instead of the old value. This has now been fixed.
4. AES Encryption key
When removing the global parameter for the AES Enkryption Key, the key was not reset until the restart of PIP. This has now been fixed.
5. No config.aam
If opening the Configurator without having any config.aam file, the Save option will now have the same function as the Save As function.
Misc
1. Java
Identity Provisioning is now tested and bundled with java 1.8.0_252 from Azule.
2. End of Support
Information about the oldest supported version can be found here.