Features

EIM-10321 SMS MFA for Oauth2 applications

Oauth2 applications (Public and Confidential) registered in EIM now support SMS MFA. If SMS MFA is configured and enabled by application, one-time passcode is delivered to authenticated agent's mobile number.

See detailed description in FAM manual chapter: 4.4.1 OAuth2 application registration
Check also documentation in configuration reference regarding igm.oauth2.properties.

EIM-10536 REST API support for managing Roles and Agent Groups

Added multiple new functions to REST API

The Role endpoint: 
"Get role", "Create role", "Update role", "Delete role", "Get Role Localizations" and "Add Role Localization" calls added.

The Service endpoint:
"Add a role to a service" and "remove a role from a service" calls added.

The Agent Group endpoint:
"Get agent group", "Create agent group", Update agent group", "Delete agent group", "Adding agent to agent group" and "Removing agent to agent group" calls added. Note that agent group cannot be moved to a different service agreement.

More detailed information can be found in Efecte Identity Management REST API Reference.

EIM Java API and Web Services API have been updated to support Role and Agent group custom field access. See the Class IGMRoleWS and IGMAgentGroupWS in efecte_identity_javadoc-public-api-2023.3.0.zip in the EIM package doc/rm5api folder.

EIM-10700 Email search improvements

Added configuration option agent.search.email.option.Include=true/false to igm.web.taglib.SelectTag.properties. This allows searching agents by email in Admin UI. Wildcards are supported the same as in any other search types in Admin UI.

Added new function public List<Integer> getAgentIdsWithEmail(String emailAddress, boolean allowWildCards) to SearchAction in event API. This allows searching by email using wildcards via event API.

Added new parameter allowWildCards to /rest-api/agent endpoint. This enables to use wildcards with parameters accountUid, lastName and email. Note that parameter name supported the wildCards %25 or * and _ or ? already. The new allowWildCards parameter does not change that behaviour.

EIM-10784 Possibility to hide report error sending dialog

Report error sending dialog can be now hidden from users by modifying rm5idm-custom.css to contain following: 
.error-reporting { display: none; }

This has been also documented in Efecte Identity Management
Feature Setup Guide under chapter "Branding".

Browser cache clearing is required to see the effect.

To make sure that error reports are not send at all, set empty value to the following item in igm.migration.properties:
module.reporterror.recipients=

EIM-10788 Events related to rolegroup

Following new events were implemented for role group handling: rolegroup.created, rolegroup.updated, rolegroup.removed, 
rolegroup.role_added, rolegroup.role_updated, rolegroup.role_removed.

Those events will contain PolicyServiceRoleContext, ServiceRoleContext, PolicyContext and oldValue references when applicable. See the efecte_identity_event_rules_manual.pdf Chapter 6.17 Role Group Related Events and the javadocs in efecte_identity_javadoc-public-eventrules-2023.3.0.zip.

Note that adding, modifying or deleting roles from role group do not fire permission events.

Improvements

EIM-10750 Federated authentication Account case sensitivity

Federated authentications (SAML,LDAP,openID etc.) have been changed to utilize case sensitive comparison only when multiple accounts are found and only their case is different.

Changes are relevant in cases where account type has case sensitivity set to "Case sensitive".

This change is further development for bug fix EIM-10693.

EIM-10768 Mobile number can be set as search option and shown in result column in Admin UI for agent search

Added configuration option agent.search.mobile.option.Include=true/false to igm.web.taglib.SelectTag.properties. This allows searching agents by mobile in Admin UI. Wildcards are supported the same as in any other search types in Admin UI.
Added configuration option agent.search.mobile.Include=true/false to igm.web.taglib.SelectTag.properties. This allows showing the mobile number in the search result list.

EIM-10769 Admin UI limit the amount of externalId fields in search type

Added new configuration option to igm.web.taglib.SelectTag.properties, search.ignoredExternalTypes.option. 
It defines a comma separated list of External ID type names which are not shown in the Admin UI agent or person search options drop down. To ignore the default External ID field, add search.option.externalId to the list.

Added another configuration option organization.search.ignoredNonOrganizationExternalTypes.option to limit externalId search options in organization search.

EIM-10772 Provisioning UI item name field width

Configurable truncation style was added to Provisioning shadow browser Item name field.
To setup wrapping instead of the default resizeTo50 write the following to igm.web.taglib.SelectTag.properties
truncateStyle.provisioning.list.name=wrapAt50

EIM-10889 MySQL 5.7.41 version support

MySQL database was integration tested with the following combination:
JBoss EAP 7.2.0 - MySQL 5.7.41 (MySQL JDBC Driver 5.1.38, XA)

However, it is recommended for MySQL customers to plan migration to PostgreSQL database.

Bug fixes

EIM-7850 Fetching task count from EIM causes error on agent scope update

Earlier fetching task count in the EIM landing page may sometimes fail and show error to end user.
Now if task counting has failed for any reason, the task tab in the left side of EIM UI will not show the number of tasks assigned to logged in user. The task count should get back to correct value on the next fetch, which is run at 15 second interval by default. See also EIM-8954 for more details about configuring task count.

EIM-10742 Agent person name search failed in some cases when Oracle database was in use

Agent person name search failed in some cases when Oracle database was in use. This is now fixed but please note that Oracle databases are not officially supported since EIM 2022.2.

EIM-10762 Agent search REST API does not return lastName and firstNames properties

Agent search REST API (GET /rest-api/agent) returned lastName and firstNames json parameters always with null data. This has been fixed.

EIM-10812 Browsing agents from agent mass change wizard does not work
 

Browsing agents in mass change wizard was broken on EIM 2022.2 due to change in EIM-8952. This has now been fixed.

EIM-10848 Agent group's statusCode was always zero when it was created through even trules, webservice or JAVA API

Agent group's statusCode was always zero when it was created through eventrules, Web Service or Java API.
This has now been fixed that agent group's statusCode will be the one provided with the create request.

As a side effect of this change the Java API client with old jar files reads the agent group statusCode as null. See also EIM-10536 about the other updates to EIM Web Service and Java API.

End of Life notices

EIM-10887 End of life for multiple old database and application server versions

EIM version 2023.3 does not support/was not anymore tested with following database/application server versions:

Database:
Postgre 13.0
DB2 11.5.0.0

Application server:
JBOSS EAP 7.2.0 (Except with MySQL 5.7)

Documentation has been updated accordingly.