PIP 6.1.4 Release Notes

November 9th 2022

The new release of PhenixID Identity Provisioning (PIP) improves the stability, compatibility and security of your solution, and is recommended for all installations.

New or updated features

1. Log settings changes affected immediately

In previous versions you needed to close and start the PIP Configurator or restart the service for when changes of log settings was made.
For this version:
– PIP service. PIP service will read the log4j2.xml every 30 seconds. So no need to restart service any more.
– PIP Configurator. When changes to log settings are made, general settings or policy based settings, the PIP Configurator will refresh new setting when you click save. So no need to close and start the PIP Configurator any more.
For more info about logging, please read PSD1192

2. Policy logging now supports folders

When configuring logging for specific policies, it is now possible to specify both the folder and the filename for the log file.
For more info about logging, please read PSD1192
This is also supported when migrating from older versions of PIP and you have used policy based logging with subfolder.
For more info about log migration, please read PSD1197

3. Sort session objects extended

A new action for sorting session objects using multiple session attributes. It is configured using JSON.
For more info, please read Sort Session Objects Extended

Updated Actions

1. REST Actions: TLS Client Authentication

Version: 1.5 (POST: 1.9)
For the REST Actions (GET, POST, PUT, DELETE, PATCH), new parameters have been added for allowing TLS Client Authentication (Mutual TLS) when connecting to the server.
For more info, please go to Action Overview and scroll down to REST for the REST action you are looking for.

2. Send mail action: no MIME-type for multiple attachments

Version: 3.0
When sending email using the send mail action, and multiple attachments have been attached, previously, no MIME-type would be set.
This has now been corrected.
For more info, please read Send Mail.

3. Certificate handler action

Version: 2.1
The certificate handler action would previously fail to validate CRLs (Certificate Revocation Lists) for certain certificates.
The certificate handler action would previously fail to extract custom certificate extensions from certificates.
This has now been corrected.
For more info, please read Certificate Handler.

4. New version of Google Actions

Version: 2.0
Based on new Google API 2.0
Added support to handle errors in OrgUnit actions.
For more info, please read PSD1171.

Bug Fixes

1. Logging: Fractional file size retention

When an old configuration has been upgraded to the new log4j2-based logging system, the resulting configuration could contain fractional file size retention which would not be handled correctly in the configurator.
This has now been corrected.

2. Manual policies incorrectly assigned to scheduler

It was possible to assign manual policies to schedulers. This has now been prevented, and when such a configuration is being loaded, manual policies are now removed from any scheduler.
This has now been corrected.

3. LDAP timestamp queries had holes

When LDAP queries was performed for policies, and timestamp filtering was being applied for a relative number of days, the resulting query was having holes, causing some objects being timestamped around midnight to not be matched at all.
This has now been corrected.

Misc

1. Java

Identity Provisioning is now tested and bundled with java 17.0.3_7 from Azul.

2. Upgrade verifications

Verify so there are no duplicate jar-files, as this might cause an unexpected behavior. Compare /lib with /ext. If duplicates exists, make sure to keep the latest version of jar-files.

3. End of Support

Information about the oldest supported version can be found here.