Release notes
Product Logs Enhancements
Product logs has been enhanced to support ORG based logging and configurable logs directory.
ORG Based Logging
File logging in Identity and Provisioning servers have been enhanced to save in org based files. All org level log file names are prefixed with <OrgCode>_. The default log files are retained for logging non-org specific logs.
Logs listing in admin UI is adjusted to be org based. Master org logs page will list master org logs files as well as default log files.
The client org logs page will list only log files for that org.
Logs Directory Configuration
All product components have been enhanced to support configurable logs directory. When this is not configured, default logs directory is used as before. The change is reflected immediately and no tomcat/studio restart is required.
Identity Server
Logs directory can be configured for each Identity instance. The configuration is at Configuration => Configuration => Identity Server Logs. The property name is suffixed with instance name to identify the instance for which the logs directory is configuring.
Provisioning Server
Logs directory can be configured for each Provisioning instance. The configuration is at Configuration => Configuration => Provisioning Server Logs. The property name is suffixed with instance name to identify the instance for which the logs directory is configuring.
GIG
Logs directory can be configured for each GIG in a cluster. The configuration is at GIG Cluster => Configuration => Logs. The property name is suffixed with GIG name to identify the GIG for which the logs directory is configuring.
Studio
Logs directory can be configured for Studio at Tools => Configure.
Notification Engine Enhancement
Notification engine has been enhanced to support using master org SMTP configuration at notification level. Introduced a new column (USE_MASTER_ORG_CONFIG) in RT_NOTIFICATION to control this. Any feature can set this while creating runtime notification entry. Notification engine will use this configuration and use master org SMTP configuration when this is on for a notification. This feature is used for GIG connection failure notification when there is GIG association for the SMTP server in the org under which the GIG belongs to.
Compromised Password Checker Enhancement
Compromised password checker has been enhanced to have a configurable behaviour on check call failure. Introduced the below configuration parameter to control the behavior.
Google Workspace Enhancements
Google Workspace connector has been enhanced with user delegation and remove sign-in sessions using workflow. Also, removed the un-used parameter ‘Admin Password’ from connected system.
Google User Delegation
Google Workspace connector user data format has been enhanced with user delegation. The attribute used is delegates->email which can be export, lookup and import along with user details.
Prerequisites
The following scopes should be added in Google Admin console->Security->API Controls->Domain-wide Delegation for respective client-id to get permission for operations.
| Operation | Scope | |
| 1 | Export | |
| 2 | Import |
Attributes
| Name | Export | Lookup | Add | Modify | Delete | Type | ||
| Add | Replace | Delete | ||||||
| delegates->email | Y | Y | Y | Y | Y | Y | N | String |
Sample payload
Sign-Out Google User session via Workflow
Added functionality to revoke Google Sign-In sessions by initiating a workflow. The boolean attributes for this are ‘revokeSignInSessions’ and ’suspended’ in Google User data format. During disabling a google user account using workflow with suspended=true, we can revoke all sign-in sessions of the user by setting the attribute revokeSignInSessions=true.
Prerequisites
The following scopes should be added in Google Admin console->Security->API Controls->Domain-wide Delegation for respective client-id to get permission for operations.
| Operation | Scope | |
| 1 | Import |
Sample payload
Google Workspace 'Admin Password'
The un-used parameter ‘Admin Password’ has been removed from Google Connected Systems.
Ellucian Ethos Connector - API Version Header
Ellucian Ethos connector has been enhanced to support configurable API version header. To do this, the application has introduced a new plug-in parameter ApiVersionHeader to set the version for overriding default version for the APIs. This parameter can be configured for export, lookup and import. Introduced Advanced Settings in lookup to allow this configuration.
Can set a value like application/vnd.hedtech.integration.v8+json to override for data format. If the version is to be overridden for sub calls, version should be prefixed with sub data format name. For example, to override Employee and Person API in employee data format, can set a value Person=application/vnd.hedtech.integration.v8+json,Employee=application/vnd.hedtech.integration.v11+json. Global variable usage is supported to set this configuration.
Azure Active Directory Connector - Last Sign-In Data
Azure Active Directory connector User data format has been enhanced to support last sign-in data in export and lookup.
To fetch the sign-in activity, it requires a Microsoft Entra ID P1 or P2 license and the AuditLog.Read.All permission. This property is not returned for a user who has never signed in or last signed in before April 2020.
Following are the attributes supported for sign-in data.
| Name | Type |
| signInActivity.lastNonInteractiveSignInDateTime | Date |
| signInActivity.lastNonInteractiveSignInRequestId | String |
| signInActivity.lastSignInDateTime | Date |
| signInActivity.lastSignInRequestId | String |
Microsoft Access Database Connector - Driver Upgrade
Microsoft Access Database connector was using ODBC driver. ODBC drivers are not supported in latest versions of Java. So the connector has been upgraded to use UCanAccess driver. This driver needed the absolute path of the database file. Also, authentication credentials are optional when database file is directly accessed, so the connected system parameters are adjusted to match this.
Microsoft Access Database needs the query and SQL components to be escaped with [] when there special characters table or column name. So the query and SQL building is adjusted to support that.
Fixed defects
List of defects reported by customers or implementation, does not contain defects raised internally.
-
Fixed issue of retaining SPONSOR_ variable names in notifications when the context doesn't have sponsor. Made changes to clear the variable names when sponsor is missing.
Feature Affected: Notifications
-
Fixed issue of allowing non-server configuration admins to manage product attributes in Studio. Added extra check to limit product attribute management to admins having server configuration management rights.
Feature Affected: Manage Product Attributes
-
Fixed issue with view user access showing connected system name instead of display name.
Feature Affected: View User Access
-
Fixed issue with re-Captcha loading issue in Kiosk page, The images were compressed so you could not see all the images.
Feature Affected: Kiosk
-
Fixed issue with password reset on password expiry when password has special characters. Added proper escape to handle special characters in password.
Feature Affected: Password Reset on Password Expiry
-
Fixed issue with password breach check configuration. The default value of the configuration is set to not process breach check.
Feature Affected: Password Breach Check
-
Fixed issue with policy approval processing. Corrected the query loading policy resources to fix the issue.
Feature Affected: Policy Approval
-
Fixed date changed by the approver not reflected when the access period request has identity and non-identity resources. Fixed to set the modified date of identity resource to all resources in the request since only identity approval will be raised in this case, and other resources should not have a different end-date.
Feature Affected: Change Access with Approval
-
Fixed issue in clearing advanced lookup configuration parameter when the parameter has a default value. The empty value was getting replaced with default value when advanced configuration is taken again.
Feature Affected: Advanced Lookup Configuration
-
Fixed issue with modify logins for Canvas LMS connector. The Id attribute required for building the modify call URI was getting removed during sub-call processing. Made changes to remove the Id attribute only for add logins.
Feature Affected: Canvas LMS Connector
-
Fixed issue with PowerShell connector test connection. The process memory check done as part of connection test was failing in certain servers. Made changes to ignore memory check failures since connection creation is succeeded.
Feature Affected: PowerShell Connector
-
Fixed issue with refresh attribute schema when there are no custom attributes configured in Google Workspace. Added additional validations to handle this scenario.
Feature Affected: Google Workspace Connector
Downloads
The download links below are applicable to Fischer on-premise customers that host the Fischer IdM software in their environment. If you are a Fischer IaaS (Cloud) customer, all delivery of updates are performed by Fischer on a scheduled basis.
To download the latest update, you will need a login to the Fischer Release portal. If you are a Fischer on-premise customer and would like to request an account to the Fischer Release portal, please submit a request through the Fischer ticketing system.
Identity Linux 7.7.22 Installer
Identity Windows 7.7.22 Installer
DataForum Linux 7.7.22 Installer
DataForum Windows 7.7.22 Installer
Gateway Linux 7.7.22 Installer