Features

EIM-10626 JWTAccessToken should support refresh token
Fetching a new JWT access token with refresh token is now supported.

EIM-10801 History tab for person
History tab for persons and organizations added. This is similar to history tab created for agents in EIM-8955.
History tabs for agent, legalperson and organization can now have different permissions rights. The role IGM2_HistoryReader enables the history view for all three. Role IGM2_AgentHistoryReader allows only the agent history view. Role IGM2_LegalPersonHistoryReader allows legalperson and organization history views.

EIM-10905 Ease admin ui use when there are long lists and the action buttons are only below the list
Several Admin UI pages containing scrollable lists were updated to contain buttons also at the top of the page. Examples of such pages are the Organizations tab Service agreements, Services tab Roles and Agent groups tab Permissions.

EIM-10950 Custom attributes to Account UI
Account custom fields can be enabled for viewing and editing. See efecte_identity_configuration_reference.pdf how to enable the fields via igm.web.taglib.SelectTag.properties. The label texts for custom fields can be changed via igm.uitexts.XX.properties fields account.customBoolean1..2, account.customDate1..2, account.customInteger1..4, account.customString1..4. Note that customString1 is usually reserved for password reset email (key in uitext account.password.reset_email.label) but that depends on the account type. For those account types that do not use password reset email, the label text for customString1 can be changed with account.customString1.

EIM-10965 Searching agents with searchstrings in REST API
New optional search parameters gidSearchString1, ridSearchString1, ridSearchString2, searchString1-20, longString1-4 added to REST API agent search.
See efecte_identity_rest_api_reference.pdf 2.6.1 Search for agents.
Event API SearchAction modified to support searching by gidSearchString1, ridSearchString1, ridSearchString2, searchString1-20, longString1-4, name, firstNames, givenName, lastName, personName parameters. See SearchAction Javadocs in efecte_identity_javadoc-public-eventrules-2023.4.0.zip

EIM-10990 EIM supports PostgreSQL 15.5 and 13.13
EIM now supports PostgreSQL versions 15.5 and 13.13.
Check latest supported combinations from: efecte_identity_installation_guide.pdf

EIM-11007 Log tables for ht_task tables
Following logtables were created: loght_task, loght_taskcomment, loght_taskscope.

Improvements

EIM-10478 Event rules to support boolean values received from SAML assertion
SAML identity provider can configure type to a SAML attribute value. EIM can process following types in SAMLConverter: XSBoolean, XSInteger, XSString, XSURI, XSBase64Binary, XSDateTime and XSQName SAML attributes. Note that XSQName contains only the value part, the prefix is not available. Attributes that have no type are handled as Strings. All of these attributes are forwarded to authentication.success event as Strings.

EIM-10962 History tab improvements
Removed displayName, combinedEmail, combinedLocal from agent history tab because the content of those fields is collected from other fields.
Line breaks broke the csv export of history tabs, CSV content escaping has been improved to fix this.

EIM-10976 New flag in REST API for agent end point regarding serviceID handling when given as search parameter
New optional flags hasRoleViaService, hasValidityCheck, hasLPIdsOnly, extendedResponse added to REST API agent search.

Flag hasRoleViaService Controls whether agents with permissions via service are returned or if more lax query is used. If true, then only the agents matching following requirements are returned.
1. has a permission directly linked to the service.
2. has a permission indirectly linked to service via rolegroup or agent group.

Experimental flag hasValidityCheck is only used when hasRoleViaService=true. The agents containing non-valid links to service are excluded from the returned dataset.

Flag hasLPIdsOnly can be set to true for performance improvement with large datasets. If true, only the id field is set in the returned person object.

Flag extendedResponse can be set to true to return more fields as AgentExtendedSearchVO objects.
See efecte_identity_rest_api_reference.pdf 2.6.1 Search for agents.
 

Bug fixes

EIM-8291 CP-5647: Mass modify fails to select all agents often
Mass modify wizard sometimes selects only a subset of entities. The main reason for this is that sometimes the ajax call for selecting or unselecting an item in the backend either fails or is still in progress. Several changes were made to alleviate the problem. On frontend side the number of calls to backend is monitored and Next button is disabled until the ajax calls have returned. Also the state of selected or unselected items is set after the call returns from backend. If the backend side failed to process the ajax call or did not respond within 120 seconds, then an error message "Selecting or unselecting some items failed, please verify" is also shown. Key for the error message in the igm.uitexts.en.properties is "reporting.wizard.selection.unsuccessful".

EIM-10838 Oauth2 client credential apps role-claim does not show quotation mark correctly
Related to feature EIM-9938, there was an issue if quotation mark character (") was used in rolename or in role description. The quotation mark broke the format of the sent oauth claim.
This has been fixed.
We also support using escape tool in velocity macros for custom oauth claims. For example $!esc.java($!role.roleDescription).

EIM-10894 Upper limit of UI fields updated
There is an upper limit of fields that can be shown in the EIM UI. This caused Agent Mass change wizard operation Attribute changes failing to load. The field limit has been updated to allow 120 fields instead of previous 99. The change also allows the XML configured wizards to define more fields to be shown.

EIM-10938 History tab security tightening
On EIM version 2023.2/EIM-8955 we created the first beta version of the agent history. It was possible to see history without having IGM2_HistoryReader role. It was enough that user had role that was set in igm.web.taglib.selectTag.properties to allow seeing history tab. This has been fixed.
History tabs for agent, legalperson and organization can now have different permissions rights. The role IGM2_HistoryReader enables the history view for all three. Role IGM2_AgentHistoryReader allows only the agent history view. Role IGM2_LegalPersonHistoryReader allows legalperson and organization history views.

EIM-10982 Creating saml-capability through REST API with unencrypted key
REST API SAML Capability creation failed to create the capability if the provided keypair was not password protected.
The problem was related to the Bouncy Castle Crypto package update made in EIM version 2023.1 issue EIM-9765.
This has been now fixed.

EIM-11023 Fetching oauth2 accesstoken sometimes fail
Bug fixed which prevented sometimes fetching an access token.