MidPoint 3.7.2 "Darwin" Update 2

Last modified 09 Aug 2024 14:01 +02:00

Release 3.7.2 is a twenty-fifth midPoint release. It is the second maintenance update for 3.7.x version family code-named Darwin. The 3.7.2 release brings stability improvements and several minor features.

Release date08 June 2018
Release type Maintenance release
End of support18 December 2019
darwin.png

Charles_Darwin (1809 - 1882) was English naturalist, geologist and biologist, best known for the theory of evolution. Darwin's famous book On the Origin of Species described theory of evolution, mechanism of natural selection that explains the diversity of life. His voyage on HMS Beagle established him as an eminent geologist and made him famous as a popular author. Darwin has been described as one of the most influential figures in human history.

Darwin's theory of evolution is the unifying theory of the life sciences. The theory describes the process how species evolve and adapt over successive generations. MidPoint 3.7 is such an evolutionary step in midPoint development. This midPoint release brings gradual improvements in many diverse areas. Identity governance features are improved, both in capabilities of the engine and the user interface. MidPoint expressions have gained more power and ease of use. There are notable improvements in user interface, security, task management and many smaller improvements in various areas. The scope of almost the entire release was guided by midPoint subscribers and sponsors - which provided the perfect environment for this step in midPoint evolution.

Features

midPoint 3.7.2 provides following features:

Changes with respect to version 3.7.1

  • Support for CredSSP version 5 and 6.

  • Various bugfixes

  • Ninja tool ready for upgrade to midPoint 3.8

Old CSVFile Connector is deprecated and it is no longer bundled with midPoint.
Support for PostgreSQL 8.4 is deprecated. The support will be dropped in the future.
Oracle database 11g support was deprecated in midPoint 3.7. This will be replaced for Oracle 12c database support in midPoint 3.8.
Suport for MySQL 5.6 is deprecated.
Support for Microsoft SQL Server 2008, 2008 R2 and 2012 is deprecated. The support will be dropped in the future.

Changes With Respect to Version 3.6

  • Stand-alone deployment based on Spring Boot

  • User interface improvements

    • New assignment list tab

    • Improvement for human-readable error messages

    • Improved approval messages and screens

    • Improved policy violation messages

    • Support for associations in role editor

    • User interface support for policy rules

    • Customization improvements

    • Visualization of approval process

  • Governance improvements

    • Improved assignment metadata

    • Policy rules for attribute values

    • Dependency policy rules

  • Expression, mapping and bulk action improvements

  • Security improvements

  • Task improvements

  • Miscellaneous improvements

    • Post report script

    • Improved provisioning script error handling

    • Improved JSON/YAML support

    • Import validation improvements

Java 7 environment is no longer supported.
XPath2 scripting is no longer supported.
Old CSVFile Connector is deprecated and it is no longer bundled with midPoint.
Support for PostgreSQL 8.4 is deprecated. The support will be dropped in the future.
Oracle database 11g support is deprecated in midPoint 3.7. This will be replaced for Oracle 12c database support in midPoint 3.8.
Support for Microsoft SQL Server 2008 and 2008 R2 is deprecated. The support will be dropped in the future.

Purpose and Quality

Release 3.7.2 (Darwin Update 2) is intended for full production use. It belongs to a feature release family, supported only for a reduced time period. Therefore it is intended for users that prefer new features over long-term stability.

All features are stable and well tested - except the features that are explicitly marked as experimental or partially implemented. Those features are supported only with special subscription contract.

Limitations

  • MidPoint 3.7.2 comes with a bundled LDAP-based eDirectory connector. This connector is stable, however it is not included in the normal midPoint support. Support for this connector has to be purchased separately.

Platforms

MidPoint is known to work well in the following deployment environment. The following list is list of tested platforms, i.e. platforms that midPoint team or reliable partners personally tested with this release. The version numbers in parentheses are the actual version numbers used for the tests. However it is very likely that midPoint will also work in similar environments. Also note that this list is not closed. MidPoint can be supported in almost any reasonably recent platform (please contact Evolveum for more details).

Java

  • OpenJDK 8 (1.8.0_91, 1.8.0_111, 1.8.0_151)

  • Sun/Oracle Java SE Runtime Environment 8 (1.8.0_45, 1.8.0_65, 1.8.0_74, 1.8.0_131)

Web Containers

  • Apache Tomcat 8 (8.0.14, 8.0.20, 8.0.28, 8.0.30, 8.0.33, 8.5.4)

  • BEA/Oracle WebLogic (12c) - special subscription required

Web container (application server) support

MidPoint 3.7 introduced Stand-alone deployment form that does not need an application server. This is the primary deployment model for midPoint. The deployment to web container is still supported. However the only supported web container is Apache Tomcat. Other web containers (application servers) may be supported if the support is explicitly negotiated in midPoint subscription. Except for those cases midPoint development team will not provide any support for other web containers.

Currently there are no plans to remove support for deployed midPoint installation using a WAR file. However, it is possible that this deployment form will get phased out eventually unless there are active subscribers preferring this deployment method. MidPoint subscription is strongly recommended if you plan to use this method in the future.

Databases

  • H2 (embedded, only recommended for demo deployments)

  • PostgreSQL (8.4.14, 9.1, 9.2, 9.3, 9.4, 9.4.5, 9.5, 9.5.1)
    Support for PostgreSQL 8.4 is deprecated. The support will be dropped in the future.

  • MariaDB (10.0.28)

  • MySQL (5.6.26, 5.7)
    Supported MySQL version is 5.6.10 and above (with MySQL JDBC ConnectorJ 5.1.23 and above).
    MySQL in previous versions didn’t support dates/timestamps with more accurate than second fraction precision.

  • Oracle 11g (11.2.0.2.0)
    Oracle 11g support is deprecated in midPoint 3.7. This will be replaced for Oracle 12c support in midPoint 3.8.

  • Microsoft SQL Server (2008, 2008 R2, 2012, 2014)
    Support for Microsoft SQL Server 2008 and 2008 R2 is deprecated. The support will be dropped in the future.

Supported Browsers

  • Firefox (any recent version)

  • Safari (any recent version)

  • Chrome (any recent version)

  • Opera (any recent version)

  • Microsoft Internet Explorer (version 9 or later)

Recent version of browser as mentioned above means any stable stock version of the browser released in the last two years. We formally support only stock, non-customized versions of the browsers without any extensions or other add-ons. According to the experience most extensions should work fine with midPoint. However, it is not possible to test midPoint with all of them and support all of them. Therefore, if you chose to use extensions or customize the browser in any non-standard way you are doing that on your own risk. We reserve the right not to support customized web browsers.

Microsoft Internet Explorer compatibility mode is not supported.

Important Bundled Components

Component Version Description

ConnId

1.4.3.0

ConnId Connector Framework

LDAP connector bundle

1.5.1

LDAP, Active Directory and eDirectory connector

CSV connector

2.1

Connector for CSV files

DatabaseTable connector

1.4.2.0

Connector for simple database tables

Stand-alone deployment model

MidPoint 3.7 deployment method has changed. Stand-alone deployment is now the default deployment method. MidPoint default configuration, scripts and almost everything else was adapted for this method.

Upgrade

MidPoint is software that is designed for easy upgradeability. We do our best to maintain strong backward compatibility of midPoint data model, configuration and system behavior. However, midPoint is also very flexible and comprehensive software system with a very rich data model. It is not humanly possible to test all the potential upgrade paths and scenarios. Also some changes in midPoint behavior are inevitable to maintain midPoint development pace. Therefore we can assure reliable midPoint upgrades only for midPoint subscribers. This section provides overall overview of the changes and upgrade procedures. Although we try to our best it is not possible to foresee all possible uses of midPoint. Therefore the information provided in this section are for information purposes only without any guarantees of completeness. In case of any doubts about upgrade or behavior changes please use services associated with midPoint subscription or purchase professional services.

Upgrade from midPoint 3.0, 3.1, 3.1.1, 3.2, 3.3, 3.3.1, 3.4, 3.4.1, 3.5, 3.5.1, 3.6, 3.6.1 and 3.7

Upgrade path from MidPoint 3.0 goes through midPoint 3.1, 3.1.1, 3.2, 3.3, 3.4.1, 3.5.1 and 3.6.1. Upgrade to midPoint 3.1 first (refer to the midPoint 3.1 release notes). Then upgrade from midPoint 3.1 to 3.1.1, from 3.1.1 to 3.2 then to 3.3, then to 3.4.1, 3.5.1, 3.6.1 and finally to 3.7.2.

Upgrade from midPoint 3.7 and 3.7.1

MidPoint 3.7.2 data model have not changed since midPoint 3.7. Therefore there is no need to update the database.

Changes in initial objects since 3.7 and 3.7.1

There were no changes to initial object since midPoint 3.7.

Bundled connector changes since 3.7 and 3.7.1.

LDAP and AD connectors were upgraded to latest versions.

Behavior changes since 3.7

  • URLs used by Stand-Alone Deployment were changed to match the URLs used by Tomcat-based deployments of midPoint 3.6 and earlier. This means that all deployment forms now use /midpoint/ context root path in the URL by default (e.g. http://localhost:8080/midpoint/). This choice was made based on user feedback to keep the compatibility with previous midPoint versions and to keep the two deployment models as closely aligned as possible. For the stand-alone deployment there is an automatic HTTP redirect from the root URL (e.g. http://localhost:8080/) to midPoint context root (e.g. http://localhost:8080/midpoint/). Therefore in midPoint 3.7.2 both deployment method should behave in a natural, expected and compatible way.

  • Processing of authorizations for proxy authentication in the REST interface was corrected. The processing of proxy authorizations now behave as documented.

  • Processing of object authorizations was corrected. Authorizations now take into consideration also the properties of existing removed containers even in replace and id-only delete cases. Therefore, appropriate property authorization is needed even when deleting a value that contains those properties.

  • Password reset schema was deprecated. Existing password reset configuration still works, but it will be replace by new password reset configuration in the future.

Public interface changes since 3.7

  • REST interface was extended with experimental password reset method.

Important internal changes since 3.7

There were not critical internal changes since midPoint 3.7.

Known Issues and Limitations

As all real-world software midPoint 3.7.2 has some known issues. Full list of the issues is maintained in bug tracking system. As far as we know at the time of the release there was no known critical or security issue.

There is currently no plan to fix the known issues of midPoint 3.7.2 en masse. These issues will be fixed in future maintenance versions of midPoint only if the fix is covered by a support agreement or subscription. No other issues will be fixed - except for severe security issues that may be found in the future.

The known issues of midPoint 3.7.2 may or may not be fixed in following releases. This depends on the available time, issue severity and many variables that are currently difficult to predict. The only reliable way how to make sure that an issue is fixed is to purchase midPoint support. Or you can fix the bug yourself. MidPoint is always open to contributions.

This may seem a little bit harsh at a first sight. But there are very good reasons for this policy. And in fact it is no worse than what you get with most commercial software. We are just saying that with plain language instead of scrambling it into a legal mumbo-jumbo.

There is a support to set up storage of credentials in either encrypted or hashed form. There is also unsupported and undocumented option to turn off credential storage. This option partially works, but there may be side effects and interactions. This option is not fully supported yet. Do not use it or use it only at your own risk. It is not included in any midPoint support agreement.

Native attribute with the name of 'id' cannot be currently used in midPoint (MID-3872). If the attribute name in the resource cannot be changed then the workaround is to force the use of legacy schema. In that case midPoint will use the legacy ConnId attribute names (icfs:name and icfs:uid).

JavaDoc is temporarily not available due to the issue in Java platform. This issue is fixed in Java 9 platform, but backport of this fix to Java 8 is (quite surprisingly) not planned.

Credits

Majority of the work on the Darwin release was done by the Evolveum team. However, this release would not be possible without the help of our partners, customers, contributors, friends and families. We would like to express our thanks to all the people that contributed to the midPoint project both by providing financial support, their own time or those that maintain a pleasant and creative environment for midPoint team. However, midPoint project would not exist without proper funding. Therefore we would like to express our deepest gratitude to all midPoint subscribers that made midPoint project possible.

Disclaimer

Planned release dates are just that: they are planned. We do not promise or guarantee release dates. Software development is a creative activity that includes a lot of inherent risk. We are trying really hard to provide the best estimates. We are not able to provide precise dates for releases or deliveries. Do not rely on midPoint release dates. Plan your project properly to address the risk of delayed midPoint releases.

Planned scope of midPoint releases is also an estimate. MidPoint development process always includes the balancing of the iron triangle. Therefore planned release scope may change at any time. There is a method to make sure that midPoint releases will work well for your project and that method is platform subscription.

We do not make any claims that midPoint is perfect. Quite the contrary. MidPoint is a practical software, developed by living and breathing developers and deployed in a real world. There are both known and unknown issues in midPoint. Also, midPoint is not feature-complete. New features are introduced in midPoint all the time. But not all of them are completed. There are always some limitations. As the license states, midPoint is provided "AS IS". Please do not rely on midPoint functionality that you have not tested to make sure that it works. MidPoint support and subscription programs are a way how to handle those issues. But even with support service, do not rely on functionality that is not documented. If you plan to use undocumented or non-existing functionality, platform subscription is the right service for you.

Was this page helpful?
YES NO
Thanks for your feedback