PIP 5.2.0 Release Notes – PhenixID Support

PIP 5.2.0 – Release Notes

December 15th 2020

PhenixID Identity Provisioning (IP) 5.2.0 improves the stability, compatibility and security of your solution, and is recommended for all installations.

New or updated features

1. New REST Web Service Data Source

From this version, PIP now has a new web service data source using REST. This is the web service data source that we now recommend. Using this web service data source you get a lot of new features, for example:

Multiple endpoints. You can create multiple REST WS data sources with different endpoints.
Fire and forget. If you have a policy that takes a long time to finish, you can set up the web service to send the reply back to the client before starting to run the policy.
Authentication. It is now up to you to choose your desired authentication for each web service endpoint.

Read more about the new REST Web Service in PSD1163.

2. Log for Web Server

A new log file has been added in the Log Settings. The log file will contain logging from the web server, when using web service data sources.

3. SNI For Web Service

In previous versions, the java parameter enableSNIExtension was set to false to prevent SNI from being included in any web service calls. This parameter has been removed, and the default behavior with included SNI has been restored.

To reset this parameter to false, edit the .vmoptions file for both the Configurator and the Service, and add the row below.

-Djsse.enableSNIExtension=false

4. New Jetty server for Web Services

The Jetty server, used for web service data sources, has been updated to version 9.4.31.

5. Web Server Addresses

The Jetty server can now be configured to listen to multiple specific ip addresses and host names. By default, the server listens to all addresses.

6. SSL Options

The options for SSL have been removed. The new recommendations for protecting PIP web service can be read in PSD1163.

7. LDAP Persistent Search

Improvements have been made in LDAP Persistent Search policies. If PIP loses the connection to the LDAP server, it will try to make a new connection to the server. During up to 1 minute, recurrent attempts will be made, before aborting and sending an alert.

8. LDAP Policy

When fetching LDAP attributes in the initial creation of session objects in an LDAP policy, the LDAP attribute names can now renamed from scratch when the session attributes are created. This is done by using |.
Ex: givenname|userGivenName

9. Alert at failing Action Data Source

If the Action Data Source used as the initial data source in a policy fails, the policy will now raise an alert. This is the same behavior as with other data source types.

Important Changes

1. Basic Auth in Web Service Actions

Due to the upgrade of the Jetty server, the dependency jar files for Jersey have been updated to newer versions. In this version of Jersey, basic authentication is made in another way than before.

If you have any web service action that is using basic auth for the authentication, those actions need to be updated to work in this version of PIP. For actions that PhenixID provides as additional downloadable action packages, download the new version from our web site. For actions that are custom made for you, you have to make sure those are updated as well.

Updated Actions

1. AES Encrypt/Decrypt Attribute

Version 1.0
A new action for AES encryption and decryption, using updated dependencies. The old version of the action has been deprecated.

2. Compose and Generate UserID

Version 2.0
Added audit logging when updating the counter value in LDAP.

3. Create LDAP Object

Version 2.4
The parameter ‘Include Session Attribute’ now supports mapping of session attribute names to LDAP attribute names.

4. Export to Excel

Version 1.5
The parameter for which attributes to include in the export now has support for SESSION().

The default name for the file is changed to PIPReport and the default sheet name is changed to PIP Export.

5. String Extract

Version 1.4
The action will not run if the mandatory parameters are not set.

6. Write to LDAP

Version 3.9
The parameter ‘Save Attributes’ now supports mapping of session attribute names to LDAP attribute names.

7. Condition Filter in Run Actions

The multiple condition filter used in several Run Actions are improved to handle () in the attribute value in a correct way.

8. REST Actions

The REST actions had a bug where the optional headers where not added in the correct way. This has now been fixed.

The basic auth has been updated to work with the new version of Jersey dependencies.

New configuration to make multiple simultaneous calls. This is made to decrease the time for the action to run.

9. Google Directory API Actions

The actions can now handle multi values in custom schema attributes.

Some of the actions that typically makes many calls can now be configured to make multiple simultaneous calls to Google. This is made to decrease the time for the action to run. How many simultaneous calls you can run depends on your account at Google, because they have a limit for how many calls you are allowed to make within a minute.

10. ServiceNow – Update ServiceNow task

Version 1.1
The basic auth has been updated to work with the new version of Jersey dependencies.

11. Visma HRM Get Persons Not Started

Version 1.2
This Visma action will now primarily fetch any upcoming employment, even when the person already has an ongoing employment.

The basic auth has been updated to work with the new version of Jersey dependencies.

12. Visma Personec Actions

The Visma Personec actions now have support for entering the export type name, to support export type names that are individual for each customer.

New actions have been made to export organization data from Visma Personec.

New Actions

1. Google Calendar Actions

A new action package for sending calendar information to Google.
Read more in PSD1157.

2. Google Mail Signature Actions

A new action package for sending mail signature information to Google.
Read more in PSD1158.

Bug Fixes

1. LDAP Policy

When using an LDAP directory with paged result, and setting a max result larger than the paged size, the policy would get more objects than the max number. This has now been fixed.

2. Setting values in number spinners

When setting a value in a number spinner in the Configurator, for example the log file size, the value was not saved if the user did not change focus in the panel before changing panel. This has now been fixed.

3. Global Parameters

When editing a standard global parameter, the Configurator presented the default value in the editing dialog instead of the old value. This has now been fixed.

4. AES Encryption key

When removing the global parameter for the AES Enkryption Key, the key was not reset until the restart of PIP. This has now been fixed.

5. No config.aam

If opening the Configurator without having any config.aam file, the Save option will now have the same function as the Save As function.