MidPoint 2.2 "Crius"

Last modified 22 Apr 2024 12:47 +02:00

Release 2.2 is an eighth midPoint release code-named Crius. The 2.2 release brings numerous new features and many improvements.

Release date01 September 2013
Release type Production release


midPoint 2.2 provides following features:

Disabled Features

  • Preview changes page

Changes With Respect to Version 2.1.x

  • Change to Apache License version 2.0

  • Production-quality workflow integration (using Activiti)

  • Authorizations for GUI and web service integrated into RBAC mechanism

  • Support for rename operations

  • Multi-layer attribute access limitations

  • Fetch strategy in schema handling to support attributes that are not returned from connector by default

  • Numerous activation enhancements

  • Introducing concept of inducement as a generalization of the user-account assignment concept

  • Keeping metadata for all objects (creation, modification, approvals)

  • More expression variables to support complex RBAC assignment/inducement structures and dynamic roles

  • Improved internal resource caching

  • Improved import overwrite operation

  • Ability to use dynamic expression in provisioning script arguments

  • Reconciliation provisioning scripts

  • Introducing matching rules which means a better support for case-insensitive resource attributes (especially identifiers)

  • Option not to ignore the source attribute when using simulated activation

  • Improved handling of protected accounts

  • Improved handling of tolerant attribute values using patterns (regexp)

  • Ability to limit inbound mappings to a specific channel

  • XML-based synchronization context serialization to support seamless upgrades of running processes

  • Built-in object migration capability for easier system upgrades and data model migrations

  • Cleanup task to automatically clean up old data from the system and make the data store sustainable

  • Numerous schema improvements and generalizations

  • Auditing login and logout events

  • Improved internal consistency mechanism to handle more failure cases

  • More built-in functions available to scripting expressions

  • Resource-specific object templates

  • Include mechanism for object templates

  • Resource-specific assignment enforcement policies

  • New relative

  • Configurable legalization of accounts that are violating assignment policy

  • Improved correlation expression to support more cases

  • Improved handling of task results and readability of the information

  • Additional report types

  • Ability to invoke reconciliation of a specific user from GUI

  • Significantly improved notifications

  • Higher-order dependencies (enables partial support for circular provisioning dependencies)

  • Conditional correlation expressions

  • Performance and scalability improvements

  • Improved documentation


Release 2.2 (Crius) is intended for full production use in enterprise environments. All features are stable and well tested.


MidPoint is known to work well in the following deployment environments. The following list is list of tested platforms, i.e. platforms on which midPoint team or reliable partners personally tested this release. The version numbers in parentheses are the actual version numbers used for the tests. However it is very likely that midPoint will also work in similar environments. Also note that this list is not closed. MidPoint can be supported on almost any reasonably recent platform (please contact Evolveum for more details).


  • Sun/Oracle Java SE Runtime Environment 7 (1.7.0_25)

Please note that Java 6 environment is no longer supported (although it might work in some situations).

Web Containers

  • Apache Tomcat 6 (6.0.32, 6.0.33)

  • Apache Tomcat 7 (7.0.30, 7.0.32)

  • Sun/Oracle GlassFish 3 (3.1)


  • H2 (embedded, only recommended for demo deployments)

  • PostgreSQL (8.4.14, 9.1, 9.2)

  • MySQL
    Supported MySQL version is 5.6.10 and above (with MySQL JDBC ConnectorJ 5.1.23 and above).
    MySQL in previous versions didn’t support dates/timestamps with more accurate than second fraction precision.

  • Oracle 11g (

  • Microsoft SQL Server (2008, 2008 R2, 2012)

Unsupported Platforms

Following list contains platforms that midPoint is known not to work due to various issues. As these platforms are obsolete and/or marginal we have no plans to support midPoint for these platforms.

  • Java 6

  • Sun/Oracle GlassFish 2

Background and History

midPoint is roughly based on OpenIDM version 1. When compared to OpenIDM v1, midPoint code was made significantly "lighter" and provides much more sophisticated features. Although the architectural outline of OpenIDM v1 is still guiding the development of midPoint almost all the OpenIDM v1 code was rewritten. MidPoint is now based on relative changes and contains advanced identity management mechanisms such as advanced RBAC, provisioning consistency and other advanced IDM features. MidPoint development is independent for more than two years. The development pace is very rapid. Development team is small, flexible and very efficient. Contributions are welcome.

For the full project background see the midPoint History page.

Known Issues

  1. Extra values in tolerant multi-value attributes with high-order dependencies MID-1561. Workaround: set the attribute to non-tolerant.

  2. AD connector does not distinguish error types (MID-1562) therefore the applicability of consistency mechanism on AD is limited (MID-1556). Workaround: use liveSync or frequent reconciliation.

  3. Slow shadow listing on debug page from MySQL when there is >500k shadows in database (MID-1586). MySQL does not choose correct index during ordering.

  4. Under certain circumstances account links disappear (MID-1575).

  5. Search filters are not resolved when using Roles→Edit role as well as in debug pages (MID-1571). Workaround: Maintain roles configurations in XML files outside midPoint. When you need to upload updated version of a role to midPoint, use "import from file" function.

  6. When importing large number of accounts from LDAP server (import from resource), be sure to suspend LDAP live sync task as it may cause severe performance problems (MID-1549) - this is basically caused by live sync task trying to process LDAP changelogs, which have already been processed by import itself. If you forgot to suspend live sync task during initial LDAP import, there is another workaround. Simply suspend LDAP live sync task, then edit this task on debug pages and delete <token> element in <extension> element. Then resume LDAP live sync task and issue is fixed.

  7. Linux/Solaris connector can’t fetch users - account attributes invalid names (MID-1547).

  8. Midpoint incorrectly detects Script capability for resources (MID-1511).

Was this page helpful?
Thanks for your feedback