MidPoint 2.1.1 "Coeus" Update 1

Last modified 22 Apr 2024 12:47 +02:00

Release 2.1.1 is a seventh midPoint release. It is also the first maintenance update for 2.1.x version family code-named Coeus. The Coeus release brings new features, better stability and robustness. It is introducing new way of attribute mapping, password policies, provisioning dependencies and robustness features, organizational structure support and a lot of other features. The maintenance releases are intended to fix issues and provide small improvements. It also brings much better support for the widely-used database systems.

Release date	04 March 2013
Release type	Maintenance release

Features

midPoint 2.1.1 provides following features:

Account provisioning (create, read, update, delete accounts)
- Enabling and disabling accounts
- Support for mapping and expressions to determine account attributes
- Support of multi-value attributes
- Processing and computation fully based on relative changes
- Provisioning dependencies
- Provisioning robustness - ability to provision to non-accessible (offline) resources
- Provisioning consistency - ability to handle provisioning errors and compensate for inconsistencies
- Support for tolerant attributes
Integration of Identity Connector Framework (OpenICF)
- Unified Connector Framework (UCF) layer to allow more provisioning frameworks in the future
- Automatic generation and caching of resource schema from the connector
- Local connector discovery
- Support for connector hosts and remote connectors, identity connector and connectors host type
- Remote connector discovery
Improved administration GUI
- Preview changes page
- Basic account-centered views (browse and search accounts directly)
Flexible identity repository implementations and SQL repository implementation
- Identity repository based on relational databases
Live synchronization
Reconciliation
Advanced RBAC support and flexible account assignments
- Expressions in the roles
- Hierarchical roles
- Parametric roles (including ability to assign the same role several times with different parameters)
Several assignment enforcement modes
Customization expressions
PolyString support allows automatic conversion of strings in national alphabets
Custom schema extensibility
Enhanced logging and error reporting
Multi-node task manager component with HA support
Rule-based RBAC (RB-RBAC) ability by using conditional mappings in user template
Basic auditing
- Auditing to file (logging)
- Auditing to SQL table
Password policies
Lightweight deployment structure
Support for Apache Tomcat web container
Import from file and resource
- Object schema validation during import (can be switched off)
- Smart references between objects based on search filters
Simple handling of provisioning errors
Protected accounts (accounts that will not be affected by midPoint)
Segregation of Duties (SoD)
- Role exclusions
Export objects to XML
Enterprise class scalability (hundreds of thousands of users)

Changes with respect to version 2.0

When compared to the previous version, Coeus is introducing following changes:

Password policies
Auditing to SQL tables (see also basic information about auditing)
Recording synchronization situations in the shadows
Provisioning dependencies
Provisioning consistency
Remote connector discovery
Improved attribute mappings and expressions
Support for conditions in attribute mappings (roles, outbound/inbound mapping)
Experimental workflow integration
Organizational structure
GUI improvements
- Preview changes page
- Basic account-centered views (browse and search accounts directly)
Rule-based RBAC (RB-RBAC) ability by using conditional mappings in user template
Export objects to XML
Several assignment enforcement modes
Support for tolerant attributes
Experimental JasperReports integration

Changes in the internals, minor improvements and quality assurance:

Significantly increased number of integration tests
Improved overall quality, usability, stability and performance during testing phase that focused on requirements from customers
Internal search query representation was re-engineered
ValueConstruction changed completely to Mapping (non-compatible schema change)
Switching object name to PolyString for better national environment support
Improved internal support for asynchronous processes (still experimental)
Improved logging and presentation of operation results
Better GUI resilience in case of resource failures
Recording value origin (inbound, outbound, etc.) and displaying that in GUI
Ability to limit mapping to a specific channel
XML editor encrypts sensitive values
Support maven3 in the build process

Changes in 2.1.1:

Upgraded OpenICF framework to version 1.1.1.e6329
Support for a wide range of database systems
Better robustness in presence of broken connectors
Repository self-test
Added support for Byte primitive type which fixes some DB connector problems
Logging and error message improvements
GUI improvements
Bugfixes

Quality

Release 2.1.1 (Coeus Update 1) is intended for full production use in enterprise environments. All features are stable and well tested.

Platforms

MidPoint is known to work well in the following deployment environment. The following list is list of tested platforms, i.e. platforms that midPoint team or reliable partners personally tested this release. The version numbers in parentheses are the actual version numbers used for the tests. However it is very likely that midPoint will also work in similar environments. Also note that this list is not closed. MidPoint can be supported in almost any reasonably recent platform (please contant Evolveum for more details).

Java

Sun/Oracle Java SE Runtime Environment 6 update 26 or above (1.6.0_26, 1.6.0_35 64bit, 1.6.0_37)
Sun/Oracle Java SE Runtime Environment 7 (1.7.0_09)

Web Containers

Apache Tomcat 6 (6.0.32, 6.0.33)
Apache Tomcat 7 (7.0.30, 7.0.32)
Sun/Oracle Glassfish 3 (3.1.2.2)

Databases

H2 (embedded, only recommended for demo deployments)
PostgreSQL (8.4.14, 9.1, 9.2)
MySQL (5.5)
Oracle 11g (11.2.0.2.0)

Unsupported Platforms

Following list contains platforms that midPoint is known not to work due to various issues. As these platforms are obsolete and/or marginal we have no plans to support midPoint for these platforms.

Sun/Oracle Java SE Runtime Environment 6 update 25 or older
Sun/Oracle GlassFish 2

Download and Install

Release Form	Download	Install Instructions
Binary	https://evolveum.com/downloads/midpoint/2.1.1/midpoint.war	Installing MidPoint 2.1.1
Source	Evolveum/midpoint repository at github, tag v2.1.1	Building MidPoint From Source Code
Java API JavaDoc	https://www.evolveum.com/downloads/midpoint/2.1.1/midpoint-javadocs-2.1.1/	ZIP
XSD Docs	https://www.evolveum.com/downloads/midpoint/2.1.1/midpoint-xsddocs-2.1.1/	ZIP

Release Form

Download

Install Instructions

Binary

https://evolveum.com/downloads/midpoint/2.1.1/midpoint.war

Installing MidPoint 2.1.1

Source

Evolveum/midpoint repository at github, tag v2.1.1

Building MidPoint From Source Code

Java API JavaDoc

https://www.evolveum.com/downloads/midpoint/2.1.1/midpoint-javadocs-2.1.1/

ZIP

XSD Docs

https://www.evolveum.com/downloads/midpoint/2.1.1/midpoint-xsddocs-2.1.1/

ZIP

Background and History

midPoint is roughly based on OpenIDM version 1. When compared to OpenIDM v1, midPoint code was made significantly "lighter" and provides much more sophisticated features. Although the architectural outline of OpenIDM v1 is still guiding the development of midPoint almost all the OpenIDM v1 code was rewritten. MidPoint is now based on relative changes and contains advanced identity management mechanisms such as advanced RBAC, provisioning consistency, etc.

For the full project background see the midPoint History page.

Known Issues

Consistency mechanism fails to operate correctly in case new user is added (under some cirmustances) (MID-1056)
Provisioning script arguments can only be static (MID-1194)
Policy changes require application server restart in some scenarios (MID-1187)
Export creates data that do not comply to schema in some situations. Workaround: turn off schema checking during reimport. (MID-1197)
Import falsely displays a referential error in some cases (MID-1198)
Reimport of deep organizational structure may fail to create proper structure (MID-1199)
Use of consistency mechanism may cause application of a value of a weak mapping even if it should not be applied under some circumstances (MID-1201)

Change secret key in keystore

To generate new secret key (with different key size), you have to proceed through this steps:

shudtown midpoint
find JCEKS keystore in midpoint.home (by default it’s keystore.jceks, but file name can be different)
generate new key
keytool -genseckey -alias <SOME_ALIAS> -keystore <KEYSTORE_FILENAME> -storetype jceks -keyalg AES -keysize <KEY_SIZE>

Supported key sizes are: 128 (doesn’t require JCE), 192 and 256 (JCE required)

change configuration in config.xml in midpoint.home
<encryptionKeyAlias>default</encryptionKeyAlias> change 'default' to <SOME_ALIAS>
add/edit <xmlCipher></xmlCipher> in <keystore> element. You can use smaller cipher key size for encryption. For:

AES_128 use "http://www.w3.org/2001/04/xmlenc#aes128-cbc"

AES_256 use "http://www.w3.org/2001/04/xmlenc#aes256-cbc"

AES_192 use "http://www.w3.org/2001/04/xmlenc#aes192-cbc"

without quotation. This element is optional, if it doesn’t exist AES_128 is used.

From now every encryption operation uses new key, for decryption old key is used.

Was this page helpful?

YES NO

Thanks for your feedback