PIP 5.3.0 – Release Notes
May 6th 2021
PhenixID Identity Provisioning (IP) 5.3.0 improves the stability, compatibility and security of your solution, and is recommended for all installations.
The main focus for this release is improvements in the Configurator, with a lot of new features to ease the configuration. Changes have also been made to give more space to components with a lot of information, like the action list in a policy. Therefore some buttons and checkboxes have been moved to new positions.
Major new features
1. Set condition for an action in a policy
A new option for setting a condition is available when you right click on an action in a policy. When selecting ‘Set Condition’ och ‘Edit Condition’ a new dialog is opened where a condition for the action can be entered.
The condition works the same way as the Run Action action, and only the session objects that meet the condition will run that specific action. The condition will only be used for the action in the associated policy where the condition is entered. If the action is used in any other policy, it will not be affected there.
When an action has a condition, its name in the action list in the policy will be italic.
2. Disable an action in a policy
A new option for disabling a policy has been added to the right click menu for an action in a policy, ‘Disable Action’. When disabling an action in a policy, that action will not run in that particular policy. This can be useful during testing, to avoid writing test information to production systems.
When an action is disabled, its name in the action list in the policy will be red. Also, the policy icon in the tree will have a disabled mark.
To enable the action, right click on the action again and choose ‘Enable Action’.
3. Cancel editing in an action
A cancel button has been added to the action panel. When using the cancel button all editing that has been made to the action will be canceled and the action is reloaded as it was before the editing was started.
4. One step back button
To ease the navigation in the Configuration a back button has been added. When using the back button you will go to the last shown object. This makes it easier to jump back and forth between to objects when working with the configuration.
5. Search for configuration objects
A search button has been added to the tool bar, to make it possible to search for actions, policies, data sources and schedulers. The standard search is made in the name and the description for the objects. If checking the check box ‘Search in values’ the search will also include parameters in actions, configuration in data sources and data source specific configuration in policies.
When the search is done, the result is shown in the list. To go to any of the objects in the list you can either double click the object or mark the object and click ‘Edit’.
6. Select action position in a policy
When rearranging the actions in a policy, it is now possible to enter the new desired place for the marked action and then hit ‘Enter’ to move the action to that position.
7. Export and import global parameters
It is now possible to export and import global parameters. In the global parameters list, mark the desired parameters and click on ‘Export’. If no global parameter is chosen, all parameters will be exported.
When importing parameters you get a list of all parameters in the import file. If any parameters already exists in you current configuration you can choose to either overwrite them with the new ones or skip to import that particular one.
New or updated features
1. Icon for action data sources
Action data sources are now using the icon for the configured action.
2. Order in right click menu
The menu options in the right click menu for objects in the main tree are now ordered in an alphabetical order.
3. Selecting a policy
When selecting a policy in for example the action Run Policy, it is now possible to filter the policies to decrease the number of policies in the list.
4. Action usage in data source
A new tab ‘Action Usage’ is added for data sources, to show the actions where the data source has been entered as a parameter.
5. Data source categories
Category has been added for data sources, to make it possible for you to arrange the data sources of the same type in different categories.
6. Remove category
A new option is available in the right click menu for categories, to remove the category and all underlying policies or data sources.
7. Policy type
When assigning a web service data source to a policy the policy type will be changed to ‘Triggered by data source’ to make it more comprehensible.
8. Remove actions for old action packages
There might still be configured instances of an action package in the configuration when an old action package is removed. This results in errors in the log file when the configuration is reloaded, due to that the corresponding actions can not be found.
On the ‘Actions’ node there are now a new option in the right click menu to show ‘Only Unused Actions Without Action Package’ that will show those actions so that you are able to delete them from the configuration.
Note: actions without action package that still is associated with a policy will not be listed in the search. These actions have to be disassociated from the policy first, then deleted.
9. Sorted session attributes
In the Policy Debugger, the session attributes will now be sorted by the name. To sort on any other column, you can double click on the column header.
10. LDAP Browser
The amount of time it takes to open the LDAP browser have been reduced. This applies both to the browser used when selecting a DN and the ‘Data Source Viewer/Editor’.
11. SMTP mail with TLS1.2
It is now possible to send mails using an SMTP server that requires TLS1.2 to be used.
12. Edit action from policy
When browsing the action tree in the Action tab in a policy, you can now right click on any action in the tree and choose ‘Edit this Action’.
13. Change data source in a policy
When changing the data source in a policy you now get the choice to either save the configuration for the previous data source as well or to remove any configuration for the previous data source.
14. Pre policy in REST web service policy
It is now possible to right click on the pre policy in a REST web service policy to go to the pre policy.
15. HTTPS/TLS support for web server
The web server that runs the web services can now be configured to use TLS for the communication. There is also a new method for creating a self signed certificate.
Read more in PSD1163.
16. LDAPS in Persistent Search
When using persistent search with Active Directory, standard LDAP on port 389 was always used before. Now, the persistent search will use the configured port and SSL/TLS if configured.
Please note that PIP have to trust the certificate used on the LDAP server. PSD1170 describes how to make PIP trust all certificates in the Windows trust store.
Since the connection using persistent search is made in another way then the normal connection, a new button has been added to the data source panel to test the connection using the persistent search way.
1. Java version
The java version has been updated from java 8 to java 15. If you have any custom actions or custom web services, make sure to test them with java 15 from Azule.
1. Add Static Attribute
New feature. A new parameter has been added to make it possible to create multiple new attributes with different values. For example, this can be useful to create both a status code attribute and a corresponding status message attribute.
2. Remove Attribute
Bug fix. When entering attribute names in the parameter ‘Keep Attribute(s)’ the attribute names where case sensitive. This has been corrected so the attribute names are case insensitive.
3. REST Actions
New feature. All REST Actions have got a new parameter where you can enter any response headers that you want to add as session attributes. You can also add a * to get all headers.
4. Visma Personec Actions
Improvement. The connection parameters now use global parameters, if they are left empty.
5. Visma Personec Organization Actions
Bug fix. When an organization had multiple ORGINFO, none of them where used to create session attributes. Now the current one will be used, and the others will be skipped.
1. Google Directory Admin Actions
The Google Directory Admin action package (used for provisioning users to G-Suite) is rewritten to support the new type of authentication, json instead of p12.
Each action has to be reconfigured with the new version of the action, in order to use the updated version. If this reconfiguration not is made, the old version will still be used.
Please read more in PSD1171.
1. Initial attributes in LDAP policy
In version 5.2.0 a new feature where introduced where you can give the initial attributes in an LDAP policy custom names. This resulted in a bug where attributes that where not given a new name got the case that you had entered instead of the case that the directory used. This has been fixed so that attributes that are not renamed will get the attribut names as they are delivered by the LDAP directory.
2. Alert in policy debugger
If an action failed while running the policy in the policy debugger, in the mode where all actions are run without confirmation, the policy did not stop and no alert was made. This has been fixed so that a policy that has the ‘Stop Policy if an Action Fails’ checkbox checked will stop and trigger an alert if any action fails.
3. Rename policy category with sub category
Renaming a policy category that have one or more sub categories did not work as expected. This has now been fixed.
4. Port for web server
If the web server was configured to run on a port that was already in use, and therefore could not start in the Configurator, and you then changed the port, the web server would still remember the first tested port until you restarted the Configurator. This has now been fixed.
Identity Provisioning is now tested and bundled with java 15.0.2_7 from Azule.
2. Updated dependencies
The following jar files have been updated to newer versions to make AES encryption work well with Java 15:
aes-crypto-1.1.jar -> aes-crypto-1.2.jar
shiro-core-1.4.2.jar -> shiro-core-1.7.1.jar
The following jar file have been updated to newer version to send smtp mails using TLS1.2:
mailapi-1.4.2.jar -> javax.mail-1.6.2.jar
3. New instructions
PSD1170 describes how to make PIP trust all certificates in the Windows trust store.
4. Upgrade verifications
Verify so there is no duplicate Jar-files, as this might cause an unexpected behavior.
Compare /lib with /ext. If duplicates exists, make sure to keep the latest version of jar-files.
5. End of Support
Information about the oldest supported version can be found here.