Sun Java[TM] System Identity Manager 7.1 Update 1 Release Notes |
Identity Manager 7.1 Update 1 Features
This section of the Identity Manager 7.1 Update 1 Release Notes provides information about
What’s New in This ReleaseThis section provides additional information about the new features provided in Identity Manager 7.1, and the information is organized into the following sections:
Administrator and User Interfaces
- Identity Manager’s User Extended Attributes now fully supports multi-valued attributes. (ID-14863)
Note
An attribute condition that refers to a multi-valued extended attribute will evaluate correctly for a user object only after that user object has been re-serialized. If you want such an attribute condition to evaluate correctly for all user objects, then you must re-serialize all user objects.
Instructions for re-serializing users are provided Upgrade Issues.
- A Return to Main Menu button was added to the Launch Requests form to take users back to the Identity Manager Home page. (ID-15957)
- Call timer and tracing functions are now related, and Call Timing statistics can only be collected when tracing is enabled. This change affects the Identity Manager Debug pages. For more information see Identity Manager Tuning, Troubleshooting, and Error Messages in Documentation Additions and Corrections. (ID-17106)
Auditing
Identity Manager Integrated Development Environment (IDE)
For more information about this new tool, see Identity Manager Tuning, Troubleshooting, and Error Messages.
- The Netbeans embedded application server now automatically shuts down whenever you perform any of the following project operations (ID-16738):
- Identity Manager IDE’s Manage Embedded Repository feature can now import your customizations as well as default init.xml as long as you select the Initialize Repository or Automatically publish IDM objects repository settings. (ID-16749)
- The following changes have been made to the CBE shipped with Identity Manager (ID-16812):
- Performance enhancements include:
- Incremental XML validation (Identity Manager only validates files that have changed since the last build)
- Incremental pattern substitution and copying (Identity Manager only applies pattern substitutions and copies files that have changed since the last build).
- The Build Project action no longer creates a WAR in it's warred form. There is now a separate Create IDM War action that builds the WAR.
- Target names in build.xml have been simplified and are now consistent with the project actions. For more information, refer to ”Ant Targets” in the “Core CBE (Configuration Build Environment)” section of the README.txt provided.
- You can now safely run ant targets by right-clicking build-netbeans.xml.
- JSP validation has been cleaned up, and the “Setup JSP Validation” section of the README.txt describes best practices for enabling JSP validation.
- Documentation improvements include, an improved overview of the CBE in the README.txt and more inline comments in build.xml and build-netbeans.xml.
- A single CLASSPATH variable in build.xml now controls the CLASSPATH for both the purposes of building and for auto-completion in the JSP and Java editors. For more information, see the new “How to Add a New JAR Dependency” section provided in the README.txt.
- In the build-config.properties file, install.includes has been replaced by install.pattern.substitution.excludes and install.excludes.
- The ant property names were changed, and they now use the standard “.” ant convention instead of “-”. In addition, lighthouse* property names were changed to idm*.
- XML validation is now run both before and after pattern substitutions are applied.
- For Identity Manager 7.1 Update 1, it was necessary to change the following files in the Identity Manager project:
If you have modified any of these files, you must manually merge the changes. See Upgrading Version 7.1 Projects to Version 7.1 Update 1 for more information.
Password Synchronization
- PasswordSync uses a newly created servlet to provide support for 64-bit Windows. This servlet goes in to the web.xml file and should be configured as follows (ID-15660):
Resources
New Resource Versions
The following new resource versions have been added this release:
- The Identity Manager NDSResourceAdapter now supports NetWare 6.5 with eDirectory 8.8. (ID-10612)
- The Identity Manager MySAP adapter now supports MySAP ERP 2005 (ECC 6.0) Kernel version 7.00 on SAP. (ID-15205)
- Identity Manager now supports Sun Access Manager 7.1. (ID-16365)
- Identity Manager now supports SAP GRC Access Enforcer 5.2. (ID-16642)
Resource Adapter Updates
- MySQL resource adapter now supports account iteration. The adapter discards duplicate usernames and skips null usernames. (ID-6204)
- The RACF adapter now allows you to control dataset rules directly, rather than have Identity Manager administer them. This feature enables you to create dataset rules different from the rules that are native to Identity Manager. (ID-10446)
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE ResourceAction PUBLIC 'waveset.dtd' 'waveset.dtd'>
<ResourceAction name='create after action'>
<ResTypeAction restype='RACF'>
<act>
var TSO_PROMPT = " READY";
var TSO_MORE = " ***";
var cmd1 = "addsd '"+identity+".test1.**' owner('"+identity+"')[enter]";
var result1 = hostAccess.doCmd(cmd1, TSO_PROMPT, TSO_MORE);
</act>
</ResTypeAction>
</ResourceAction>
- The resource used for the Service Provider master repository can now have multiple variables in the identity template. (ID-14290)
- You can now configure the Database Table adapter to skip past rows that failed during Active Sync processing so that the next poll will not repeatedly process failed rows. (ID-15147)
- The RACF LDAP resource adapter now supports pass-through authentication. (ID-15251)
- The Access Enforcer Resource adapter now supports the change password feature. (ID-15403)
A new Resource Attribute (Use IDM Password on Create) has been added to configure the behavior for a create operation. Access Enforcer generates a password for the create operation and sends an email containing the generated password to the newly created user. You cannot prevent this email from being sent, but if you want Identity Manager to set the password to the one sent to the adapter, set this attribute to true and Identity Manager will set the password to the desired value.
In addition, the following attributes are available from the SAP Resource adapter:
- The SAP Adapter now supports the Rename feature. For more information, see Renaming Accounts in Documentation Additions and Corrections. (ID-15582)
- The rethrowAllSQLExceptions parameter has been added to the Database Table adapter. (ID-16419)
- The Oracle ERP adapter now has an npw_number account attribute to support contingent workers. The npw_number account attribute functions in the same manner as employee_number, but the employee_number attribute and npw_number attribute are mutually exclusive. If both are entered on create, employee_number takes precedence. (ID-16507)
- Support for accessing Remedy servers has changed. The Sun Identity Manager Gateway no longer depends on version 4.5 of the Remedy API libraries. Now, you must put Remedy libraries in the Gateway directory (the Remedy libraries are located on the Remedy server). For more information, see Remedy in Documentation Additions and Corrections. (ID-16551)
- It is now possible to specify the domain for an Active Directory resource in the resource authentication properties. This makes it possible to limit a login module to authenticate against just one domain. In a multi-domain AD environment, this prevents accounts from being locked out due to failed login attempts. (ID-16603) To implement this feature, add the following authentication property in the resource XML within the <AuthnProperties> element:
- Identity Manager can now use the Attachmate Adapter for Sun Java System Identity Manager product to connect to mainframe resources. (ID-16631)
- The checkIfUserExists method now takes a JCO.Client argument, which gives you the option of creating a new connection or using an existing one. A new connection is necessary in cases where this method is not the first method performed on the connection. The use of an existing connection is still provided for backward compatibility. In the current version, only the rename operation uses this new functionality. (ID-16902)
Security
- Identity Manager now provides a new, built-in ObjectGroup/organization called End User that, initially, has no member objects. The End User ObjectGroup/organization enables users to view several types of objects, including tasks, rules, roles, and resources. This ObjectGroup/organization is implicitly assigned to all users. For more information, see Chapter 5, Administration in Documentation Additions and Corrections. (ID-14630)
- When defining an AdminRole, you can now select an Exclude All Controlled Child Organizations and Contained Objects checkbox to exclude all controlled child organizations and their contained objects from the user’s scope of control. Clear this checkbox to grant the user assigned the AdminRole the associated Capabilities on all child organizations and their contents. (16859)
- The Text display component can now render autocomplete="off" on input fields where the autocomplete attribute of the display property has been set to off. Specifying autocomplete="off" prevents browsers from offering to store the user's credentials on their computer. (ID-17045)
You can make this customization in XPRESS by adding the display property. Using a value other than off prevents the autocomplete attribute from being rendered (which is the same as not setting the property).
To enable this feature for the Identity Manager login.jsp, continueLogin.jsp, user/login.jsp, and user/continueLogin.jsp login pages, change the ui.web.disableAutocomplete system configuration object to true.
Other Identity Manager login forms are generated from XPRESS, so you must modify the following forms (located in the sample directory) to use the new display property:
The display property has been added to the preceding forms, but the property is commented out by default.
Note
According to the support article provided at the following location,
http://support.microsoft.com/default.aspx?scid=kb;en-us;329156
AutoComplete does not work in Internet Explorer if you use JavaScript to submit the form.
Bugs Fixed in This ReleaseThis section describe the bugs fixed in Identity Manager 7.1 Update 1, and the information is organized as follows:
Administrator and User Interfaces
- Clicking Edit on the User Results page before specifying a user to edit no longer causes a 404 File Not Found error. Now an error message appears, indicating you must select a user. (ID-10944)
- The View Dashboards page now displays the Dashboard Summary column in localized text. (ID-11544)
- The confirmation forms that display when you perform actions on multiple users or on organizations from the Accounts list or Find Users results can now be fully localized. (ID-12248)
- The Summary column on the Run Reports page now displays correctly localized text. (ID-12393)
- The Resource List Group view on the Resource tab now displays the Resource Group list in the order that it was saved instead of sorting the list. (ID-14117)
- The synchronization mechanism for the legacy role and current roles attribute can now clear the legacy role attribute when roles are removed. (ID-14568)
- When you unassign resource accounts from a user using the Edit User functionality, the accounts’ SITUATION in the account index are now properly updated in all cases. (ID-15310)
- Clicking a form’s Refresh button (not the browser page Refresh) after changing a user’s role assignments no longer generates approvals for roles that have already been approved. (ID-15500)
- The JavaScript functions used by the Selector display component no longer cause errors in Internet Explorer. (ID-15540)
- Dashboard graph names are now consistently localized on the Dashboard Edit page. (ID-16008)
- Identity Manager now properly updates sub/super roles during a SaveAs action. (ID-16010)
- Combining the Users Organization search option with other search options no longer causes an empty find users result. (ID-16076)
- The session is now correctly set during expansions and derivation while processing resource account creations in bulk action. (ID-16181)
- If a delegate is deleted, then any work items (such as approvals) that were supposed to be delegated are now assigned to the next person up the path of existing delegators. In addition, Identity Manager records the event in the System Log. (ID-16417)
- When creating or editing a user, Administrators can now assign a manager who is outside the Administrator’s scope of control. (ID-16452)
- Identity Manager now properly sorts Extended User Attributes in the User Account treetable. (ID-16488)
- Performance related to the caching of organizations has been improved. You should see improved concurrency for processes that access organization data, such as user creation and editing. (ID-16543)
- When delegating future work items to users, the list of users to whom you can delegate will consist of users who are in scope for the user whom delegation is being defined; regardless of whether they are defined by the user or by an administrator on their behalf. (ID-16561)
- You can now edit and save current or previous workItem delegations. (ID-16564)
- When delegating future work items for a user, if the user does not have an Identity Manager manager or cannot access any other users or DelegateWorkItemsRules, that user is no longer allowed to create new delegations, edit existing delegations, or edit previous delegations. (ID-16566)
- TaskDefinitions containing ManualActions will now run correctly from the End User interface. (ID-16694)
- You can now use the Dynamic Tabbed User Form to assign multiple resource accounts. (ID-16711)
- Server tasks are now sorted by start time. (ID-16783)
- During a Search action, the RuleDrivenMembersCache now returns a unique list of ObjectGroupRefs so the same user cannot be returned multiple times for the same organization. (ID-16795)
- The Status column no longer displays on Results pages when the status column is not populated with data. (ID-16889)
- Opening a field-level help (iHelp) window in WebKit-based browsers (such as Safari in Mac OS X) no longer yields an empty (blank) window. (ID-16927)
- A null pointer exception no longer occurs when users try to change their own passwords through the End User interface. (ID-16942)
- Using continueLogin.jsp from the Administrator interface no longer causes JavaScript errors. (ID-16989)
- Administrators with improper permissions can no longer delete objects from the debug pages. (16991)
- The continueLogin.jsp page now contains a Forgot User ID? button. (ID-16992)
- You can now clear the DatePicker field type value on forms. To clear this field, all three parts of the multi-field property (day, month and year) must be empty. (ID-17022)
- A cross-site scripting vulnerability was identified and fixed in the following pages (ID-17241):
Auditing
- Now, when you launch a periodic access review and then go to the Access Reviews page, you no longer have to manually refresh the page to see your scan displayed in the list. (D-14169, 16570)
- The Identity Manager Compliance features provide tasks, policies, and rules that you can use as is. (ID-16127, 16571)
Identity Manager initially creates these objects in either the Top or All object groups as appropriate. For deployments that use delegated administration with administrators that do not control the Top object group, you may want to add some or all Auditor objects to other object groups. Identity Manager provides a script that lists and adds or removes object groups from the Auditor objects. (For a complete list of Auditor objects, see $WSHOME/sample/scripts/AuditorObjects.txt.)
Note
In the following scripts, the expected form of idm-url is [http://]hostname:port[/idm/servlet/rpcrouter2], where at least hostname:port are required. You can omit the Identity Manager server if it is bound to the default URL path.
Installation and Upgrade
Identity Manager Integrated Development Environment (IDE)
- You can now test rules in a rule library by selecting the rule node in tree view or by right-clicking within the <Form>/<Rule> element in the XML. (ID-14093, 14842)
Note
You can use the rule tester to edit and test a rule library, but navigation and property support for rule libraries is not currently implemented.
- Locked objects can now be unlocked when you check in or close a view. (ID-14797, 16573)
Now, when you check in a view, the view becomes read-only. You can then right-click Repository > Checkout View and select Unlock View from the pop-up menu to check out and make the view writable again. Also, when you close the view window, the view is implicitly unlocked.
For 7.0 compatibility, you must remove com.waveset.rpc.SimpleRpcHandler from web.xml to prevent the unlocking problem. Now, when you are setting up a full-featured project, Identity Manager IDE automatically checks the web.xml and asks if you want com.waveset.rpc.SimpleRpcHandler removed.
Password Synchronization
- The Password Synchronization dll now shows the correct error messages for connection failures instead of the There was a soap client error: -2147467259 message. This change also fixes possible handle leaks during connection failures. (ID-15451)
- Computer object changes in Active Directory no longer cause a handle leak in the PasswordSync dll. (ID-16495)
- Booting the AD domain controller in Directory Service Restore mode with Password Synchronization installed no longer causes a continuous reboot cycle if Password Synchronization crashes. (ID-16695)
- If you use JMS to synchronize a Windows Active Directory user password for a user who does not exist in Identity Manager, an appropriate message will be logged in the trace. (ID-16920)
Reconciliation
Reports
- You can now select a resource name for the y-axis of a usage report, and the value will be used in the query. (ID-12035)
- Changes to user’s authentication questions are now logged in the audit logs. (ID-13082)
- Identity Manager logs an error when it deletes a non-existent user and now create an audit event for reporting. (ID-13284)
Note
In versions 6.0 SP4 and later, the delete event is recorded in the system logs instead of the audit log report.
- HTML <b></b> tags are now removed from the following PDF reports (ID-15408):
- Identity Manager now supports the CLOB datatype for acctAttrChanges when using an Oracle database as the Identity Manager repository. (ID-15326)
The advantage of using CLOB (instead of using the default VARCHAR(4000) datatype) is that it allows a much larger set of changes to be logged; however, it also makes this column more difficult to query, due to the proprietary nature of the CLOB access routines.
To enable a larger set of changes, you must change the log.acctAttrChanges column type to CLOB (from VARCHAR(4000)) and adjust the maxLogAcctAttrChangesLength attribute of the RepositoryConfiguration Configuration Object correspondingly.
- Received email no longer contains garbage HTML tags in the message body. Email headers are now processed through processMessage instead of processImage, and they are checked for empty strings as well as nulls. (ID-15745)
- The Password Change Chart and other usage reports now require the operand value before submitting the form. (ID-15777)
- When editing reports, you can now click the Run button to execute a report without saving the report changes. Use the Save button to save any changes made to the report. (ID-17212)
Resources
- The SecurID UNIX adapter now uses the Resource User Attribute name to resolve the schema attribute name (LHS value) for read/modify. (ID-10521)
- The SecurID ACE/Server adapters now enforce the RSA requirement that a “default login” can only be comprised of single-byte English characters. (ID-13805)
- You can now use the Mutex Acquire Timeout resource attribute for UNIX adapters to specify how much time (in seconds) certain operations will wait for the scripting mutex. (ID-14234)
- Identity Manager 7.1 Update 1 supports Remedy versions 6.3 and 7.0. However, there are many substantial differences between these versions in terms of their sample data, defaults, and out-of-the-box configuration. For example, the name of the “ticket” schema in version 6.3 is HPD:HelpDesk, while in 7.0 it has been changed to HPD:Help Desk. (ID-14611)
- The Audit Log has been updated to more accurately reflect what has happened to resource attributes during the creation or modification of a resource account. (ID-15323)
- If a Resource Affinity account on a RACF resource has insufficient privileges to list a user, Identity Manager will now provide an appropriate error message. (ID-15331)
- When deleting RACF accounts, the system now queries the user’s (using a search mask) data set profiles, enumerates over the data set, and deletes the individual data sets (instead of trying to remove them all using a DELDSD .** command) (ID-15413)
- All Oracle ERP responsibilities are now listed in the default Oracle ERP User Form’s Responsibilities drop-down list. This list will include Oracle ERP Responsibilities currently not assigned to any user. (ID-15492)
- The Oracle ERP adapter no longer returns a java.lang.IndexOutOfBoundsException when trying to retrieve a responsibility that does not exist in Oracle ERP. The adapter now returns a null value. (ID-15493)
- The FlatFileActiveSync processLine now returns normal processing errors for use in AllowedErrorCount calculations. (ID-15662)
- Before and after actions now operate correctly on the HP OpenVMS adapter. (ID-15920)
- Deadlocks no longer occur when you use Active Sync with a PeopleSoft resource. (ID-16109)
- The SAP adapter now supports updating the ALIAS field in SAP. The attribute mapping in the schema configuration is ALIAS->USERALIAS. (ID-16320)
- A null pointer exception no longer results in the Database Table resource adapter when the database is down or the resource is misconfigured. (ID-16358)
- The WF_ACTION_ERROR workflow variable is now set when there is a error in the Remedy resource adapter. (ID-16360)
- The attribute names on left-hand side of the SAP adapter schema map have been changed as follows: (ID-16399)
Old Name
New Name
title
titleP
nameSupplement
titleSupplement
communicationTypeCUA
communicationType
personName
addressName
personName2
addressName2
personName3
addressName3
personName4
addressName4
cityPostalCode2
poBoxPostalCode
cityPostalCode3
companyPostalCode
poBoxCityNumber
poBoxCityCode
streetCode
streetNumber
- The Oracle ERP adapter no longer erases previous values for responsibilities during a single user load. A Default value clause has been added to the form to initialize the responsibilities correctly. (ID-16414, 16654)
- The Default RACF ListUser AttrParse now supports RACF versions 1.6 and 1.8 by allowing for differences in formatting in the DEFAULT-GROUP line, and by making the PHRASEDATE optional. (ID-16580)
- The SAP adapter schema map attribute names were changed to more closely represent the SAP semantics of the attribute. (ID-16634)
- The gateway can now return the correct value when accounts are locked due to an expired password, which enables Identity Manager to allow users to change their password. (ID-16681)
- Resource adapters that use the IBM Host on Demand software, can now properly load HoD JAR files. (ID-16690).
- Now, when you set the AIX Resource Adapter Completely Remove User attribute to true, the attribute can now properly add the -p argument to the rmuser command emitted by the adapter. (ID-16706)
- The XmlParser now correctly strips DOCTYPE declarations from XML strings. (ID-16909)
- When using Attachmate libraries to access a mainframe, Identity Manager uses the port specified in the resource instead of always using the default TCP port (23). (ID-17046)
- The sample AccessEnforcerUserForm now handles cases where an Access Enforcer user’s role assignment only contains a single SAP role. (ID-17161)
Roles
Scheduler
Security
Server
SPE
- For the SPE Sync task, transaction retries no longer fail before reaching the specified maximum number of retries. If a target resource is down and you execute a delete operation against the source resource with Transaction Retries enabled, the delete operation will not fail until the number of transaction retries exceeds the specified maximum. (ID-16120)
- SPE can now use SPE user naming attributes other than accountId to access users through the Forgot Your Password form. Although accountId is the default attribute, you can now configure user look-up from within the SPE configuration to use other look-up attribute names. (ID-16918)
Workflow
Additional Defects Fixed
9940, 11690, 14489, 15073, 15906,16382, 16395, 16500, 16536, 16560, 16586, 16596, 16610, 16656, 16680, 16770, 16870, 16930, 17044, 17055
Known IssuesThis section of the Identity Manager 7.1 Update 1 Release Notes lists known issues and workarounds:
- A regression causes Identity Manager password synchronization to fail when used with Sun JavaTM System Directory Server Enterprise Edition 6.0, 6.1, and 6.2. The failure will be corrected in the Directory Server 6.3 release. If versions 6.0, 6.1, or 6.2 are required to work with Identity Manager, please request a Directory Server hotfix from Support, referencing Directory Server bug 6604342. (ID-14895)
- When you expand the resource objects of a Sun Java System Access Manager 7.0 resource from the Resources tab, you might see the following error: (ID-15525)
Error listing objects. ==> com.waveset.util.WavesetException: Error trying to get attribute value for attribute 'guid'. ==> java.lang.IllegalAccessError: tried to access method com.sun.identity.idm.AMIdentity.getUniversalId()Ljava/lang/String; from class com.waveset.adapter.SunAccessManagerRealmResourceAdapter
- The default LocalFiles repository does not work with Sun Java System Application Server 9.x. You must use one of the supported databases (listed in the Supported Software and Environments section of these Release Notes) or MySQL during development. Some individuals have had success disabling the SecurityManager for the particular container and setting the memory higher, but neither action is a definitive fix for this issue. (ID-15589)
- Some of the words on the tab of “Edit User” screen could wrap around in multi-language mode. (ID-16054)
table.Tab2TblNew td
{background-image:url(../images/tabs/level2_deselect.jpg);background-repeat:repeat-x;b ackground-position:left top;background-color:#C4CBD1;border:solid 1px #8f989f;white-space:nowrap}table.Tab2TblNew td.Tab2TblSelTd
{border-bottom:none;background-image:url(../images/tabs/level3_selected.jpg);backgroun d-repeat:repeat-x;background-position:left bottom;background-color:#F2F4F3;border-left:solid 1px #8f989f;border-right:solid 1px #8f989f;border-top:solid 1px #8f989f;white-space:nowrap}
- Due to interoperability issues between WebSphere data sources and Oracle JDBC drivers, Oracle customers who want to use a WebSphere data source with Identity Manager must use Oracle 10g R2 and the corresponding JDBC driver. (The Oracle 9 JDBC driver will not work with a WebSphere data source and Identity Manager.) (ID-16167)
- Numbers display in the Priority and Severity columns of the Violation Summary Report instead of text descriptions. (ID-16932)
- The Violation Summary Report does not show Corrected or Remediating violations. (ID-16933)
- The Violation State column in the Violation Summary Report should be localized. (ID-17011)
- Add an EXEMPTED option to the Possible States drop-down menu in the Violation Summary Report. (ID-17042)
- The Identity Manager installer does not run with a 64-bit JDK. (ID-17104)
- All Inactive Account Scan reports do not display their results on the View Risk Analysis page. To view the result from these reports, go to the Server Tasks page. (ID-17255)
- When installing Password Synchronization, be sure to use the binary that is appropriate for the operating system on which you are installing. The binary for 32-bit Windows is called IdmPwSync_x86.msi and the binary for 64-bit Windows is called IdmPwSync_x64.msi. If you install the wrong binary, it may appear to succeed, but Password Synchronization will not operate properly. (ID-17290)
- Identity Manager’s round robin account policy might not generate sequential order assignment of authentication questions. (ID-17295)
- A Sealing violation exception might occur when you use Identity Manager 7.1 or 7.1 Update 1 with Oracle 10g on Sun Java System Application Server Enterprise Edition 8.2. The problem can be caused by having more than one Oracle JDBC JAR file in the CLASSPATH or by having an incompatible version of the JDBC JAR file in the CLASSPATH. (ID-17311)
- WRQ looks though the classpath to discover its own entry. From that entry, WRQ computes the directory where the JAR is stored, and then uses that directory to read the .JAW (licensing file). However, both BEA and WebSphere use non-standard protocol names (BEA uses zip, and WebSphere uses wsjar) rather than the standard JAR, which is the protocol the WRQ code assumes exists. (ID-17319)
- Before creating a new resource, be sure to enable the resource type in the list of configured types. Otherwise, the newly created resource object may not have all the required fields. (ID-17324)
- When editing or updating a user, if you try to assign an idmManager that does not yet exist (for example, the idmManager is missing), you will see the following error message and the change cannot be saved. (ID-17339)
- Report configurations are not preserved when upgrading from 7.1 to 7.1 Update 1. Please save the report configuration objects prior to upgrading. (ID-17363)
- When executing Load From Resource, and the resource supports ACCOUNT_CASE_INSENSITIVE_IDS, if the user's accountId differs in case from the accountId stored in Identity Manager’s ResourceInfo user object, a second ResourceInfo will be added to the user object with the accountId in the same case as reported by the resource.