No checking is done on organization name, administrator name, account name, user attribute name (left hand side of schema map), or task names for invalid characters (ID-1145, 1206, 1679, 1734, 1767, 2413, 3331). You cannot use a dollar ($), a comma (,), a period (.), an apostrophe (’), an ampersand (&), a left bracket ([), a right bracket (]), or a colon (:) in the name for these types of objects.
The calendar object is not fully viewable if the browser is using large fonts. (ID-2120).
The Select All checkbox on the Find Results page and the List Task page does not become un-selected if one of the items in the list is un-selected (ID-5090). The selectAll checkbox is ignored during the resulting action if not all of the members in the list have their checkbox selected.
If you make a change to a custom message catalog, it is necessary to restart the server in order to see your changes. (ID-6792)
The current mechanism for detecting a failed Server assumes that all the systems in an Identity Manager cluster are synchronized with respect to time. (ID-7064) With the default failure interval of five minutes, if one server is five minutes out of sync with another, the server that is ahead will declare the server that is behind to be dead, causing unpredictable results.
Workaround: Maintain better time synchronization or increase the failover interval.
On Windows, if you are logging in as a user whose name contains double-byte characters and the default encoding for the machine only supports single-byte characters, you must set the USER_JPI_PROFILE environment variable to an existing directory whose name contains only single byte characters. (ID-8540)
If you extract a resource to an XML file using the File Format as XML option, and then select CSV File Format from the drop-down list, the following message dialog is displayed: (ID-10847)
The form has already been submitted. |
Workaround: To avoid this message, click Accounts -> Extract to File -> Choose a Resource -> Choose CSV File Format. Click Download to download the resource account details in .csv file format.
If an expanded node contains less than one page of data and you insert a new child of that node (for example, if you are creating a User in the organization) before the first record on the page, Identity Manager will insert a page with one item before the current page on the subsequent refresh. (ID-12151)
Workaround: To realign the pages, click the First Page button.
If you modify a Role form to change the showSuperAndSubRoles variable from 0 to 1, and then import a super role object definition file containing existing subroles from the Configure tab, those subroles will not be modified to include the <SuperRoles> section. However, if you use the Identity Manager graphic user interface to create a super role, the subroles referenced by that super role will be updated. (ID-15053)
This issue can occur with roles created outside Identity Manager that have references to existing roles (either subroles or super roles) already in the system.
When importing these roles, the roles that already exist in the system are not updated to reflect the new relationships; for example, referential integrity is not maintained. Use the RoleUpdater to check and correct the referential integrity if roles are imported in this way.
Workaround: You can update roles outside the upgrade process by importing a new RoleUpdater.xml file found in sample/forms/RoleUpdater.xml. By default, Identity Manager adds the subrole links during upgrade or when you import RoleUpdater.xml.
To disable this new functionality, set the RoleUpdater attribute nofixsubrolelinks to true. For example,
<MapEntry key='nofixsubrolelinks' value='true' /> |
If you modify settings (such as adding additional column attributes) on an existing changelog, these modifications might not appear in a pre-existing changelog CSV file. (ID-15973)
The Repository Configuration object has an attribute named maxAttrValLength. The value of this attribute is ignored, and is always 255. (ID-16261)
While in a localized Identity Manager session, users might encounter partial localization (a mix of English and the selected language) in Process Diagram applets. (ID-16139)
Direct-mode password synchronization requires SimpleRpcHandler to be configured in the web.xml file. By default, this handler is not provided as a handler for the rpcrouter2 servlet. (ID-16469) To use direct-mode password synchronization, set the handlers initialization parameter in the following way:
<init-param> <param-name>handlers</param-name> <param-value>com.waveset.rpc.SimpleRpcHandler, com.waveset.rpc.PasswordSyncHandler</param-value> </init-param>
Note that SimpleRpcHandler is known to interfere with certain RemoteSession calls. If you plan on using RemoteSession as well as direct-mode password synchronization, configure a separate servlet for handling RemoteSession calls.
Accounts > Extract to File saves XML and CSV file formats as .dat extensions, rather than the expected .xml and .csv extensions. (ID-17521)
Workaround: The saved files can be manually renamed with the appropriate file extensions.
The String Quality Policy page displays text in vertical lines. (ID-18551)
Role type delegations will override role approval delegations made for a specific role. (ID-18559)
For example, if future role work item types for one or more specific roles are delegated to user one, while all future business role work items are delegated to user two, the specific roles from the first delegation will be delegated to user two rather than user one.
The scenario delegation summary follows:
Delegate role approval for business role 1 to user one
Delegate business role approval to user two
In all requests where a user was assigned a business role approval, the business role will be delegated to user two.
Enabling a role does not give the user an option to update assigned roles. (ID-18647)
Workarounds: Manually update the assigned users, or update the assigned users from the List/Find Roles pages.
Roles contained by other roles can now be conditionally assigned to users when their parent role is assigned. A condition can be specified on the association between the parent and contained role when editing the parent role. A condition can be created or can reference a rule. If a rule is specified, all user view attributes required for the evaluation of the rule must be specified via rule argument. (ID-18734)
Upgrading from Identity Manager 7.x to Identity Manager 8.0 will fail if the repository is MySQL and the 7.x installation has configured role objects. This problem occurs when the upgradeto80from71.mysql script executes. When this script executes, the columns in the old object table, which contain the 7.x roles, and the new role table are in a different order. (ID-18874)
The data warehouse message catalog, WICMessages.properties, is loaded based on the server location instead of the user's location. For example, if an application server is running in a Japanese locale, the query attributes will be displayed in Japanese, even if the user's interface is normally in English. (ID-18898)
Workaround: Restart the application server in a locale with a UTF-8 variant that corresponds to the browser's language setting.
Identity Manager 8.0 added a new queryable attribute, assignedRoles, which references all direct and indirect roles assigned to a user. (ID-18921) Prior releases contain the still available queryable attribute, role, which only contains roles directly assigned to users. The upgrade process only automatically refreshes users with indirect roles to enable population of assignedRoles. A report for users Assigned a Role will not return all users assigned to a role in an upgraded environment until all users have been refreshed.
Workarounds:
Refresh all users.
Create a report for users with directly assigned roles.
The Sort by Repetition option does not work on the Scheduled Tasks table. (ID-20377)