MidPoint 3.0 "Newton"

Last modified 27 Nov 2023 17:15 +01:00

Release 3.0 is a tenth midPoint release code-named Newton. The 3.0 release brings new major features such as entitlements, delegated administration, generic synchronization and RESTful interface.

Release date01 June 2014
Release type Production release
End of support01 June 2016

This release starts a new era of midPoint development. The Newton release is introducing features that are quite unique in the identity management field. It goes beyond traditional identity management. This midPoint version joins together provisioning-based identity management (IDM), privileged identity management (PIM) and organizational structure management into a single, unified model. The features can be combined into a powerful configurations that are still simple and easy to maintain. As usual we are following our development principles and we are reusing existing mechanisms, generalizing them and making the much more powerful.

Newton goes beyond traditional identity management. It is much more than just synchronization of accounts and users. The support for entitlements allows to extend the capabilities to groups, teams, privileges, resource-side roles and similar concepts which is moving midPoint in the direction of privileged identity management (PIM). MidPoint now allows seamless synchronization of these objects, therefore groups can be easily synchronized with midpoint roles which in turn can be synchronized with groups on other resources or even complex technical roles defined on the resource side. MidPoint goes beyond the tradition even in this aspect. As midPoint really understands the entitlements it can do very smart tricks. E.g. if a role is a representation of a group on resource and a user is assigned to that role user’s account can be automatically assigned to this group. All of that with just a handful of configuration statements. This is all considerably generic therefore similar principle can be applied to synchronization of organizational structure as well. And (as expected) all the midPoint principles can be applied to these new features. Therefore RBAC roles can be applied to simplify synchronization of organizational unit. Or even the roles itself. Which naturally creates the very powerful concept of meta-roles. And all of that is achieved mostly by reusing existing midPoint features. This is what we had in mind during last few midPoint releases. We have been slowly (you wound say "evolutionarily") introducing small changes to the code, one bit in each release. Now it all culminates with midPoint 3.0. We strongly believe that "Newton" is a very suitable name for this release.


Isaac_Newton (1642-1727) was an English physicist and mathematician. He is widely regarded as one of the greatest scientists of all time. He is perhaps best known for his work on theories that revolutionized our understanding of gravity and motion of the planets. His other works also provided significant contributions to our knowledge of mechanics, nature of light, calculus and numerous other fields.

Newton's contribution to science can hardly be exaggerated. However it has to be noted that many of his works were based on discoveries of his predecessors. Even though Newton's work was a turning point in science as we know it today it was also a culmination of numerous smaller discoveries, observations and theories. That's one the reasons why we have chosen the name of Sir Isaac Newton for this particular midPoint release.

Version 3.0 is a major turning point in midPoint development. It brings models and features that have the potential to change the field of identity management forever. MidPoint 3.0 is a culmination of works done in previous midPoint versions. This slow and evolutionary footwork done over a couple of years finally appeared in a form of integral product features. As a powerful model, a unifying theory - but with a very practical implementation.

MidPoint version 3.0 is named after one of the greatest English scientists. By doing so we would like to thank our English partner Salford Software for their contribution to the midPoint project.


midPoint 3.0 provides following features:

Changes With Respect to Version 2.2.x


  • Scripting Hooks

  • Schema documentation automatically generated from the definition (schemadoc)

  • Java Interfaces cleaned up and made available for public use

  • Entitlements

  • Generic Synchronization

  • Higher-order inducements

  • New expression evaluators for assignments and entitlement associations

  • Connector framework switched to common ConnId framework (v1.4)

  • Fine-grained authorization

  • Delegated administration

  • Flexible reporting

  • Bulk actions (midPoint scripting language)

  • Improved reporting (based on Jasper Reports)

  • Database performance improvements

  • Iteration support for focal objects (e.g. users)

  • Administration GUI customization

  • New administration GUI pages

  • Partial multi-tenancy support

  • Support for resource read-only mode

  • Extended function libraries for expressions

  • Support for time-based mappings in object template

  • Improved synchronization reaction configuration options

  • Improved reconciliation and synchronization performance

  • Support for filters in protected accounts specification

  • Support for binary attribute values

  • Support for user photo

  • Schema improvements

  • Schema documentation

  • Improved logging messages


Release 3.0 (Newton) is intended for full production use in enterprise environments. All features are stable and well tested.


MidPoint is known to work well in the following deployment environment. The following list is list of tested platforms, i.e. platforms that midPoint team or reliable partners personally tested this release. The version numbers in parentheses are the actual version numbers used for the tests. However it is very likely that midPoint will also work in similar environments. Also note that this list is not closed. MidPoint can be supported in almost any reasonably recent platform (please contact Evolveum for more details).


  • Sun/Oracle Java SE Runtime Environment 7 (1.7.0_09)

Please note that Java 6 environment is no longer supported (although it might work in some situations).

Web Containers

  • Apache Tomcat 6 (6.0.32, 6.0.33)

  • Apache Tomcat 7 (7.0.30, 7.0.32)

  • Sun/Oracle Glassfish 3 (3.1)


  • H2 (embedded, only recommended for demo deployments)

  • PostgreSQL (8.4.14, 9.1, 9.2)

  • MySQL
    Supported MySQL version is 5.6.10 and above (with MySQL JDBC ConnectorJ 5.1.23 and above).
    MySQL in previous versions didn’t support dates/timestamps with more accurate than second fraction precision.

  • Oracle 11g (

  • Microsoft SQL Server (2008, 2008 R2, 2012)

Unsupported Platforms

Following list contains platforms that midPoint is known not to work due to various issues. As these platforms are obsolete and/or marginal we have no plans to support midPoint for these platforms.

  • Java 6

  • Sun/Oracle GlassFish 2

Background and History

midPoint is roughly based on OpenIDM version 1. When compared to OpenIDM v1, midPoint code was made significantly "lighter" and provides much more sophisticated features. Although the architectural outline of OpenIDM v1 is still guiding the development of midPoint almost all the OpenIDM v1 code was rewritten. MidPoint is now based on relative changes and contains advanced identity management mechanisms such as advanced RBAC, provisioning consistency and other advanced IDM features. MidPoint development is independent for more than two years. The development pace is very rapid. Development team is small, flexible and very efficient. Contributions are welcome.

For the full project background see the midPoint History page.

Known Issues

See Jira

Was this page helpful?
Thanks for your feedback