MidPoint 4.6 "Baumgarten"

Last modified 02 Nov 2022 06:39 +01:00

Release 4.6 is a forty-third midPoint release code-named Baumgarten. The 4.6 release brings substantial GUI improvements, smart correlation, resource inheritance, and many smaller enhancements.

Release date21 October 2022
Release type Feature release
End of support21 October 2023
baumgarten.png

Alexander Gottlieb Baumgarten (1714 – 1762) was a German philosopher. Baumgarten appropriated the word aesthetics, which had previously meant "sensation", to mean taste or "sense" of beauty. In so doing, he gave the word a different significance, thereby inventing its modern usage. For Baumgarten, a science of aesthetics would be a deduction of the rules or principles of artistic or natural beauty from individual "taste".

Just as Alexander Baumgarten turned his mind to the beauty, midPoint is much nicer in this release. MidPoint looks much better due to major GUI style improvements. System administration is easier, supported by a brand-new resource wizard and resource templates. There are significant improvements to end-user part of the user interface, contributing to ease-of-use. New smart correlation mechanism aids in faster deployments and smoother system operation. Overall, midPoint 4.6 looks better, and it is easier to use.

Changes With Respect To Version 4.5

New Features and Improvements

Major New Features and Improvements in the User Interface

Major New Features Outside the User Interface

  • Smart correlation. MidPoint now supports very flexible correlation of resource objects (accounts, groups, and so on) to respective focus objects (users, roles, orgs, …​). Multiple weighted correlation rules can be used. Matching based on fuzzy logic (Levenshtein distance, trigram similarity) is supported. As experimental features, custom normalization and matching data from multiple sources are available.

  • Resource templates. No more copying-and-pasting of resource configuration fragments! MidPoint now supports the inheritance between resources and resource object types. This means the administrator can define features common to multiple resources, and put them in the "super-resource" (or resource template) definition. The same is true at the level of resource object types. See Resource and object type inheritance for more information. This feature is used in the new resource definition wizard.

Other User Interface Improvements

  • Assignment panels can be configured to use the repository for searching. This setup provides more flexible search, especially by the target objects attributes, including full-text search on the target objects. It can also help performance on the assignment panel for deployments with many assignments per object.

  • Archetype, role, and GUI customization changes are applied almost immediately. They do not require logout and re-login to take effect. Users are logged out automatically when their administrative status is set to disabled. When user permissions are changed, e.g. a role is assigned or unassigned, this takes immediate effect. (See the detailed description.)

  • The configuration for Self-service Profile page was separated from the configuration of the editing of respective objects (typically the user or service) in the standard user interface used by the administrator. Hence, it is now possible to provide a custom configuration for the self-service use.

  • Small improvements on the credentials page.

  • The informational text for search fields can be overridden (MID-7461).

  • The header font color is customizable (in addition to the background one - MID-7158).

  • The improved search panel now contains a drop-down of relevant object collections (MID-6597).

Miscellaneous Improvements

  • Query API provides new filters referencedBy and ownedBy, as well as support for nested filter for reference targets (a.k.a. "target filter").

  • There are ConnID Connector Server (Java) improvements and documentation updates.

  • Resource administrative operational state property is now searchable in the native repository (MID-7746).

  • The nonIterativeChangeExecution activity was generalized into explicitChangeExecution one. It now allows to execute multiple unrelated changes.

Internal Improvements

  • The resource definition schema was cleaned up. This includes improved structure of object type definitions (among others, integrating the synchronization configuration), better handling of default kind and intent values, and the possibility to globally override object class definitions. Please see the detailed description for more information.

  • The new connector.available property can be used to find connector objects that are really loaded.

  • Spring Boot was upgraded from 2.5 to 2.7.

Releases Of Other Components

  • New version (3.5) of LDAP connector bundle (including LDAP Connector and Active Directory Connector) was released and bundled with midPoint.

  • New version (2.5) of CSV Connector was released and bundled with midPoint.

  • New version (1.5.0.0) of DatabaseTable Connector was released and bundled with midPoint.

    • New versions of these connectors (LDAP, CSV, database table) support the configuration discovery and contain several bugfixes, many of which were contributed by the community.

  • Docker images will be released in Docker Hub soon after midPoint 4.6 release.

  • Overlay project examples will be released soon after midPoint 4.6 release.

  • MidPoint Studio version 4.6 will be released soon after midPoint 4.6 release.

  • Prism data representation library 4.6 was released together with midPoint 4.6.

  • Midpoint client Java library will be released soon after midPoint 4.6 release.

Purpose and Quality

Release 4.6 (Baumgarten) is intended for full production use. It belongs to a feature release family, supported only for a reduced time period. Therefore it is intended for users that prefer new features over long-term stability.

All features are stable and well tested - except the features that are explicitly marked as experimental or partially implemented. Those features are supported only with special subscription contract.

Limitations

Following list provides summary of limitation of this midPoint release.

  • Functionality that is marked as Experimental Functionality is not supported for general use (yet). Such features are not covered by midPoint support. They are supported only for those subscribers that funded the development of this feature by the means of subscriptions and sponsoring or for those that explicitly negotiated such support in their support contracts.

  • MidPoint comes with bundled LDAP Connector. Support for LDAP connector is included in standard midPoint support service, but there are limitations. This "bundled" support only includes operations of LDAP connector that 100% compliant with LDAP standards. Any non-standard functionality is explicitly excluded from the bundled support. We strongly recommend to explicitly negotiate support for a specific LDAP server in your midPoint support contract. Otherwise, only standard LDAP functionality is covered by the support. See LDAP Connector page for more details.

  • MidPoint comes with bundled Active Directory Connector (LDAP). Support for AD connector is included in standard midPoint support service, but there are limitations. Only some versions of Active Directory deployments are supported. Basic AD operations are supported, but advanced operations may not be supported at all. The connector does not claim to be feature-complete. See Active Directory Connector (LDAP) page for more details.

  • MidPoint user interface has flexible (responsive) design, it is able to adapt to various screen sizes, including screen sizes used by some mobile devices. However, midPoint administration interface is also quite complex, and it would be very difficult to correctly support all midPoint functionality on very small screens. Therefore, midPoint often works well on larger mobile devices (tablets), but it is very likely to be problematic on small screens (mobile phones). Even though midPoint may work well on mobile devices, the support for small screens is not included in standard midPoint subscription. Partial support for small screens (e.g. only for self-service purposes) may be provided, but it has to be explicitly negotiated in a subscription contract.

  • There are several add-ons and extensions for midPoint that are not explicitly distributed with midPoint. This includes Java client library, various samples, scripts, connectors and other non-bundled items. Support for these non-bundled items is limited. Generally speaking, those non-bundled items are supported only for platform subscribers and those that explicitly negotiated the support in their contract.

  • MidPoint contains a basic case management user interface. This part of midPoint user interface is not finished. The only supported parts of this user interface are those that are used to process requests, approvals, and manual correlation. Other parts of case management user interface are considered to be experimental, especially the parts dealing with manual provisioning cases.

  • Production deployments of midPoint in Microsoft Windows environment are not supported. Microsoft Windows is supported only for evaluation, demo, development and similar non-production purposes.

This list is just an overview, it may not be complete. Please see the documentation regarding detailed limitations of individual features.

Platforms

MidPoint is known to work well in the following deployment environment. The following list is list of tested platforms, i.e. platforms that midPoint team or reliable partners personally tested with this release. The version numbers in parentheses are the actual version numbers used for the tests.

It is very likely that midPoint will also work in similar environments. But only the versions specified below are supported as part of midPoint subscription and support programs - unless a different version is explicitly agreed in the contract.

Operating System

MidPoint is likely to work on any operating system that supports the Java platform. However, for production deployment, only some operating systems are supported:

  • Linux (x86_64)

We are positive that midPoint can be successfully installed on other operating systems, especially macOS and Microsoft Windows desktop. Such installations can be used to for evaluation, demonstration or development purposes. However, we do not support these operating systems for production environments. The tooling for production use is not maintained, such as various run control (start/stop) scripts, low-level administration and migration tools, backup and recovery support and so on.

Java

  • OpenJDK 11 (11.0.16).

  • OpenJDK 17. This is a recommended platform.

OpenJDK 17 is the recommended Java platform to run midPoint.

Support for Oracle builds of JDK is provided only for the period in which Oracle provides public support (free updates) for their builds. As far as we are aware, free updates for Oracle JDK 11 are no longer available. Which means that Oracle JDK 11 is not supported for MidPoint anymore. MidPoint is an open source project, and as such it relies on open source components. We cannot provide support for platform that do not have public updates as we would not have access to those updates, and therefore we cannot reproduce and fix issues. Use of open source OpenJDK builds with public support is recommended instead of proprietary builds.

Databases

Since midPoint 4.4, midPoint comes with two repository implementations: native and generic. Native PostgreSQL repository implementation is strongly recommended for all production deployments.

See Repository Database Support for more details.

Since midPoint 4.0, PostgreSQL is the recommended database for midPoint deployments. Our strategy is to officially support the latest stable version of PostgreSQL database (to the practically possible extent). PostgreSQL database is the only database with clear long-term support plan in midPoint. We make no commitments for future support of any other database engines. See Repository Database Support page for the details. Only a direct connection from midPoint to the database engine is supported. Database and/or SQL proxies, database load balancers or any other devices (e.g. firewalls) that alter the communication are not supported.

Native Database Support

Native PostgreSQL repository implementation is developed and tuned specially for PostgreSQL database, taking advantage of native database features, providing improved performance and scalability.

This is now the primary and recommended repository for midPoint deployments. Following database engines are supported:

  • PostgreSQL 15, 14, and 13

Generic Database Support (deprecated)

Generic repository implementation is based on object-relational mapping abstraction (Hibernate), supporting several database engines with the same code. Following database engines are supported with this implementation:

  • H2 (embedded). Supported only in embedded mode. Not supported for production deployments. Only the version specifically bundled with midPoint is supported.
    H2 is intended only for development, demo and similar use cases. It is not supported for any production use. Also, upgrade of deployments based on H2 database are not supported.

  • PostgreSQL 15, 14, 13, 12, and 11

  • Oracle 21c

  • Microsoft SQL Server 2019

Support for generic repository implementation together with all the database engines supported by this implementation is deprecated. It is strongly recommended to migrate to native PostgreSQL repository implementation as soon as possible. See Repository Database Support for more details.

Supported Browsers

  • Firefox

  • Safari

  • Chrome

  • Edge

  • Opera

Any recent version of the browsers is supported. That means any stable stock version of the browser released in the last two years. We formally support only stock, non-customized versions of the browsers without any extensions or other add-ons. According to the experience most extensions should work fine with midPoint. However, it is not possible to test midPoint with all of them and support all of them. Therefore, if you chose to use extensions or customize the browser in any non-standard way you are doing that on your own risk. We reserve the right not to support customized web browsers.

Important Bundled Components

Component Version Description

Tomcat

9.0.65

Web container

ConnId

1.5.1.10

ConnId Connector Framework

LDAP connector bundle

3.5

LDAP and Active Directory

CSV connector

2.5

Connector for CSV files

DatabaseTable connector

1.5.0.0

Connector for simple database tables

Upgrade

MidPoint is a software designed with easy upgradeability in mind. We do our best to maintain strong backward compatibility of midPoint data model, configuration and system behavior. However, midPoint is also very flexible and comprehensive software system with a very rich data model. It is not humanly possible to test all the potential upgrade paths and scenarios. Also, some changes in midPoint behavior are inevitable to maintain midPoint development pace. Therefore, there may be some manual actions and configuration changes that need to be done during upgrades, mostly related to feature lifecycle.

This section provides overall overview of the changes and upgrade procedures. Although we try to our best, it is not possible to foresee all possible uses of midPoint. Therefore, the information provided in this section are for information purposes only without any guarantees of completeness. In case of any doubts about upgrade or behavior changes please use services associated with midPoint subscription programs.

Please refer to the MidPoint Upgrade Guide for general instructions and description of the upgrade process. The guide describes the steps applicable for upgrades of all midPoint releases. Following sections provide details regarding release 4.6.

Upgrade From MidPoint 4.5.x

MidPoint 4.6 data model is backwards compatible with previous midPoint version. Please follow our Upgrade guide carefully.

Note that:

  • There are database schema changes (see Database schema upgrade).

  • Version numbers of some bundled connectors have changed. Connector references from the resource definitions that are using the bundled connectors need to be updated.

  • If there are any open ID Match-based correlation cases, they should be resolved or deleted before the migration.

  • See also the Actions required information below.

It is strongly recommended migrating to the new native PostgreSQL repository implementation for all deployments that have not migrated yet. However, it is not recommended upgrading the system and migrating the repositories in one step. It is recommended doing it in two separate steps. Please see Migration to Native PostgreSQL Repository for the details.

Upgrade From MidPoint Versions Older Than 4.5

Upgrade from midPoint versions older than 4.5 to midPoint 4.6 is not supported directly. Please upgrade to midPoint 4.5.x first.

Deprecation, Feature Removal And Major Incompatible Changes Since 4.5

This section is relevant to the majority of midPoint deployments. It refers to the most significant functionality removals and changes in this version.
  • WAR packaging for midPoint binary was changed to JAR packaging (midpoint.jar).

    Actions required:

    • If provided scripts (in bin directory) are used for start/stop: none.

    • If the service is used for start/stop:

      • either replace midpoint.war with midpoint.jar in you service definitions,

      • or recreate the service with version 4.6 if you have no custom options in the service.

    • If midPoint overlays are developed, then please see this document.

      Explicit deployment of midPoint WAR to Tomcat became unsupported in the previous version (4.5).
  • Older versions of commons-lang and commons-collections libraries were removed and are now fully replaced by newer versions from group org.apache.commons, that is commons-lang3 and commons-collections4. This may affect existing Groovy scripts.

    Actions required:

    • Any imports from packages org.apache.commons.lang must be replaced with respective imports from org.apache.commons.lang3 (rarely org.apache.commons.text, e.g. WordUtils) and package org.apache.commons.collections must be replaced with org.apache.commons.collections4.

    • Alternatively, provide the older JARs in the runtime by putting them in ${midpoint.home}/lib.

  • As part of GUI upgrade, there are changes in CSS class names.

    Actions required:

    • Check for Font-Awesome icons and standard Bootstrap CSS classes used in your configuration.

  • Shopping cart and role catalog were fully replaced by the new request access wizard.

    Actions required:

    • Shopping cart configuration has to be updated and moved to proper place. See request access.

Changes In Initial Objects Since 4.5

This section is relevant to the majority of midPoint deployments.

MidPoint has a built-in set of "initial objects" that it will automatically create in the database if they are not present. This includes vital objects for the system to be configured (e.g. role Superuser and user administrator). These objects may change in some midPoint releases. However, midPoint is conservative and avoids overwrite of customized configuration objects. Therefore, midPoint does not overwrite existing objects when they are already in the database. This may result in upgrade problems if the existing object contains configuration that is no longer supported in a new version.

The following list contains a summary of changes to the initial objects in this midPoint release. The complete new set of initial objects is in the config/initial-objects directory in both the source and binary distributions.

  • 000-system-configuration.xml: Added default configuration for Request access GUI. Self-service Home page configuration was reworked to use new schema for widgets. Added configuration for different parts of Resource details page (e.g. virtual containers' configuration, connector properties panel configuration, and so on). StringUtils package name was upgraded in the expression profile.

  • 015-security-policy.xml: Added default configuration for flexible authentication.

  • 027-archetype-correlation-case.xml: Added panels ordering.

  • 040-role-enduser.xml: It was updated with Self service Home and Profile pages configuration. The (unneeded) "self-owned-task-add-execute-changes" authorization was removed.

  • 042-role-reviewer.xml: The orgs-read authorization was fixed to read basic organization properties.

  • 043-role-delegator.xml: Delegator role was updated with Self service Home page configuration.

  • 240-lookup-state.xml: It was updated with new values.

  • 516-archetype-task-shadows-delete-long-time-not-updated.xml: The name computation script was changed to show referenced resource objects information.

  • 518-archetype-task-execute-deltas.xml: The order of elements was fixed to comply with the XSD definition.

  • 000-system-configuration.xml, 023-archetype-manual-provisioning-case.xml, 027-archetype-correlation-case.xml, 059-archetype-report.xml, 060-archetype-report-dashboard.xml, 501-archetype-task-reconciliation.xml, 504-archetype-task-live-sync.xml, 506-archetype-task-cleanup.xml, 507-archetype-task-report.xml, 511-archetype-task-report-export-classic.xml: Some changes related to AdminLTE upgrade were made in these files (e.g. icon css class changes).

Please review source code history for detailed list of changes.

Actions required:

  • The changes in adminGuiConfiguration must be applied thoroughly. Otherwise, the respective parts of GUI (request access wizard, resource definition wizard, the home page) will not function properly after the upgrade.

  • The default configuration for flexible authentication (in 015-security-policy.xml) should be applied appropriately. Otherwise, non-GUI logins may not work correctly.

  • Although (in general) other problems caused by the changes in initial objects are unlikely to occur, the implementors are advised to review also the other changes and assess the impact on case-by-case basis.

Copies of initial object files are located in config/initial-objects directory of midPoint distribution packages. These files can be used as a reference during upgrades. On-line version can be found in midPoint source code.

Schema Changes Since 4.5

This section is relevant to the majority of midPoint deployments. It mostly describes what data items were marked as deprecated, or removed altogether from the schema. (Additions are not described here.) You should at least scan through it - or use the ninja tool to check the deprecations for you.
  • roleCatalogRef, roleCatalogCollections, defaultCollection, and defaultAssignmentConstraints in roleManagement in the system configuration object are now deprecated. The whole configuration for requesting access (role catalog, shopping cart) was moved to adminGuiConfiguration/accessRequest.

  • userDashboardLink and userDashboard in the admin GUI configuration are now deprecated. The new homePage item should be used instead. To be able to see the home dashboard properly, changes from system configuration must be applied. This change is not backward compatible, so if you had any customizations on home dashboard, they must be migrated to the new schema. The old configuration for userDashboardLink contained attribute authorization where the required authorizations to see the widget needed to be specified. This was completely changed, and the visibility for different users is not managed by authorizations, but by standard visibility element. The same merging mechanism as for other GUI parts applies.

  • followOn property of ID Match-based correlator is now deprecated. The new referenceIdProperty should be used instead.

  • name property in GuiActionType is deprecated. The identifier should be used instead.

  • auxiliaryObjectClass, baseContext, searchHierarchyScope in the resource object type definition are now deprecated. They were moved to the new delineation item.

  • The whole synchronization/objectSynchronization item in the resource definition is now deprecated. It was heavily refactored and its parts are now available in the individual object type definitions.

  • The now-deprecated nonIterativeChangeExecution activity definition was generalized into explicitChangeExecution.

  • Items mailAuthentication and smsAuthentication (in AuthenticationsPolicyType), additionalAuthenticationName in AbstractRegistrationPolicyType, and securityQuestionReset, mailReset, and smsReset (CredentialsResetPolicyType) were removed in 4.6, as they had been deprecated before (in 4.1 and 4.5).

  • The schema for experimental items correlator (and related definitions) introduced in 4.5 was reworked, as it got the final form in 4.6. In a similar way, experimental extending and using relations between correlators were replaced by standardized super relation. (So, you may ignore this if you stick with the regular - not experimental - features.)

  • CapabilityCollectionType was moved from common-3 namespace to capabilities-3 one. Normally, this change should be transparent to administrators of midPoint, as they should not need to refer to this type explicitly. However, if you mention CapabilityCollectionType in your configuration (typically by including xsi:type="c:CapabilityCollectionType" declaration), you have to change this to xsi:type="cap:CapabilityCollectionType" (or remove it).

  • Deprecated items forked and chained removed from EventHandlerType type (element handler). Content of forked can be left without the wrapping forked element with the same behavior - this is the default behavior of a sequence of handlers/notifiers. Content of chained must be rewritten to preserve the desired logic, e.g. apply more filters to desired notifiers.

Actions required:

  • Inspect your configuration for deprecated items, and replace them by their suggested equivalents. You can use ninja tool for this. The changes in items correlator and CapabilityCollectionType type require manual inspection.

Behavior Changes Since 4.5

This section describes changes in the behavior that existed before this release. New behavior is not mentioned here. Plain bugfixes (correcting incorrect behavior) are skipped too. Only things that cannot be described as simple "fixing" something are described here.

The changes since 4.5 are of interest probably for "advanced" midPoint deployments only. You should at least scan through them, though.

  • The meaning of unspecified (missing) kind and intent values - at various places in the configuration - was clarified. This process started in 4.5, but it was completed in 4.6. Please see the detailed description of the changes.

  • The process of shadow classification (i.e. determining its kind and intent) was significantly reworked. Please see the detailed description of the changes.

  • The meaning of requireAssignmentTarget configuration item in Flexible Authentication Configuration was changed. Previously, the values were checked against target (and resource) references in assignments. Therefore, only directly assigned roles were taken into account. (Moreover, the validity of the assignments was not checked.) This was changed, and now the effectively assigned roles are considered. The check is based on roleMembershipRef values. Resources are no longer taken into account. Please see MID-8123 and commit c55b06e9 for more information.

  • Assignment approvals are skipped on focus deletion. There’s no point in approving these changes, as it is not clear what should be done in the case of their rejection. In the need of focus deletion approvals, please use appropriate policy constraints (referring to object deletion). See MID-7912 and 43e0eb54.

  • Handling of shadows in "reaping" state was changed. See Dead shadows, MID-8069, and commits dc42c96c and faa835e6.

  • The "dry run" reconciliation task now correctly deletes missing accounts. See 90236d8a. (We mention this change here, as there may be deployments that rely on "dry run" doing nothing with the shadows, even if the corresponding accounts are in fact missing.)

  • If the synchronization sorter returns no classification, the default classification algorithm is now employed.

  • Logging of exceptions occurring during provisioning operations was slightly reduced to make log files more readable. See MID-6695 and commits e9b9d96b and 0db34470.

  • Names of approval work items and cases now contain not only users' full name, but the plain (login) name as well. See MID-8111 and commit ef6fdcad.

  • Audit import is more forgiving, no longer fails on unrecognizable data: see MID-7913 and commit a17f3544. This is more robust but less attentive administrator may overlook data loss in case of schema incompatibility.

  • The (custom) logging configuration may be affected by the fact that some implementation classes (e.g. ArchetypeManager, ContextLoader, ResourceManager, ConnectorManager, ResourceCache, SystemObjectCache) were moved to different packages, and other ones were refactored into smaller constituents.

Java and REST API Changes Since 4.5

As for the Java API, this section describes changes in midpoint and basic function libraries. (MidPoint does not have explicitly defined Java API, yet. But these two objects are something that can be unofficially considered to be the API of midPoint, usable e.g. from scripts.)

midpoint.getFocusesByCorrelationRule

This method was not quite compatible with correlators changes introduced in 4.5, and is definitely not compatible with synchronization schema changes done in this release. So, it was rewritten from scratch, and renamed to findCandidateOwners. (The old signature is still available but marked as deprecated.) There may be minor differences in the behavior, so please review javadoc and adapt your code, if necessary.

Explicit Creation of Resource Objects (Java & REST)

All new shadows that are explicitly created or linked ("by value" i.e. not from repository) must be fully classified: The client is responsible for providing both kind and intent values in them.

Internal Changes Since 4.5

These changes should not influence people that use midPoint "as is". They should also not influence the XML/JSON/YAML-based customizations or scripting expressions that rely just on the provided library classes. These changes will influence midPoint forks and deployments that are heavily customized using the Java components.
  • Xalan was replaced by JVM-internal XML transformer. See MID-7959 and commit 7cad9100.

  • Cache invalidation mechanism was updated. An implementation of the newly-introduced CacheInvalidationListener can declare events it is interested in. The cache dispatcher then filters those events, and invokes the listener only with the relevant ones. This mechanism is used for compiled GUI profile invalidation. See (in-progress) design notes for more information.

  • ResourceShadowDiscriminator is gone, as it was too universal, and hence fuzzy. It was replaced by a set of more specialized classes. There are minor related signature changes for methods in ProvisioningService (ResourceShadowCoordinatesResourceOperationCoordinates). (d62cd32e)

  • Shadow classification and tag generation functionality now reside in the provisioning-impl module (7296dd15). To implement that, part of expression support was moved down from model-common to repo-common module (71105192). ProvisioningService.getObject now classifies shadows fetched from the resource, just like methods for searching or live sync/async update do (MID-7910, d62cd32e).

  • Resource/object type capabilities are now stored in statically-defined container instead of previously-used dynamic ("xsd:any") one. Related utility methods were renamed to better reflect their meaning. (c91029fb)

  • The provisioning module is more cautious when dealing with connector capabilities: When asking for a connector with a given capability, null value may be legitimately returned. (The main connector was returned in such situations in previous versions of midPoint.) Such an operation will be then refused at the level of midPoint, without even invoking the connector. The exception to this rule is when native capabilities are not known. See #4 in 3ab25c80.

  • Object archetype determination in the clockwork is now based solely on assignments, not on archetypeRef values. It is not a functional change, as these should be always consistent, given the specified limitations for the use of archetypes. Along with this change, ObjectTypeUtil.hasArchetype was renamed to hasArchetypeRef to better reflect the fact that it inspects archetypeRef, not the assignments. See 158a0dce.

  • Methods for querying SelectorOptions were changed.

  • RawObjectType was added to handle unknown or legacy object types. See MID-7913 and b39a7582.

  • CaseWorkItemUtil was merged into CaseTypeUtil (488a86af, bc7ed5d2, ada24368).

  • The process of building GUI was changed. Please see the relevant parts of the GUI Development Guide for more information.

Known Issues and Limitations

As all real-world software midPoint 4.6 has some known issues. Full list of the issues is maintained in bug tracking system. As far as we know at the time of the release there was no known critical or security issue.

There is currently no plan to fix the known issues of midPoint 4.6 en masse. These issues will be fixed in future maintenance versions of midPoint only if the fix is covered by a support agreement or subscription. No other issues will be fixed - except for severe security issues that may be found in the future.

The known issues of midPoint 4.6 may or may not be fixed in following releases. This depends on the available time, issue severity and many variables that are currently difficult to predict. The only reliable way how to make sure that an issue is fixed is to purchase midPoint support. Or you can fix the bug yourself. MidPoint is always open to contributions.

This may seem a little bit harsh at a first sight. But there are very good reasons for this policy. And in fact it is no worse than what you get with most commercial software. We are just saying that with plain language instead of scrambling it into a legal mumbo-jumbo.

Credits

Majority of the work on the Baumgarten release was done by the Evolveum team. However, this release would not be possible without the help of our partners, customers, contributors, friends and families. We would like to express our thanks to all the people that contributed to the midPoint project both by providing financial support, their own time or those that maintain a pleasant and creative environment for midPoint team. However, midPoint project would not exist without proper funding. Therefore we would like to express our deepest gratitude to all midPoint subscribers that made midPoint project possible.

Disclaimer

Planned release dates are just that: they are planned. We do not promise or guarantee release dates. Software development is a creative activity that includes a lot of inherent risk. We are trying really hard to provide the best estimates. We are not able to provide precise dates for releases or deliveries. Do not rely on midPoint release dates. Plan your project properly to address the risk of delayed midPoint releases.

Planned scope of midPoint releases is also an estimate. MidPoint development process always includes the balancing of the iron triangle. Therefore planned release scope may change at any time. There is a method to make sure that midPoint releases will work well for your project and that method is platform subscription.

We do not make any claims that midPoint is perfect. Quite the contrary. MidPoint is a practical software, developed by living and breathing developers and deployed in a real world. There are both known and unknown issues in midPoint. Also, midPoint is not feature-complete. New features are introduced in midPoint all the time. But not all of them are completed. There are always some limitations. As the license states, midPoint is provided "AS IS". Please do not rely on midPoint functionality that you have not tested to make sure that it works. MidPoint support and subscription programs are a way how to handle those issues. But even with support service, do not rely on functionality that is not documented. If you plan to use undocumented or non-existing functionality, platform subscription is the right service for you.