Features

EIM-10637 Support for JBOSS 7.4.14
Support for application server JBoss EAP 7.4.14.
See efecte_identity_installation_guide.pdf Chapter 4.1 Creating JBoss domain notes about setting jdk.serialFilter. It may be needed with certain use cases due to security tightening on JBoss EAP 7.4.13 onwards.
Integration tests were run with
PostgreSQL 15.5 PostgreSQL 13.13 and DB2 11.5.7 databases with PostgreSQL jdbc driver version 42.4.2 and DB2 jdbc driver version 4.31.10.

EIM-10803 History tab for account
History tab for accounts added. This is similar to history tab created for agents in EIM-8955.

The generic role IGM2_HistoryReader or specific role IGM2_AccountHistoryReader enables the account history view.

Not all attributes are shown in history view, for example following attributes are excluded:
userpassword, userpasswordhistory, lastLogin, lastFailLogin, failLoginCount

Login related attributes above are not saved in the log table when they change and therefore history data regarding those can be misleading.

EIM-11070 REST API: support for handling person’s and organization’s custom attributes
Support for reading and writing person’s and organization’s custom attributes added in REST API.
See detailed description in efecte_identity_rest_api_reference.pdf manual chapter: “2.7.4 Create person”, “2.7.5 Update person”, “2.7.3 Find person”, “2.7.7 Find organization”, “2.7.8 Create organization” and “2.7.9 Update organization”
Please note that searching based on custom attributes is not supported.

EIM-11135 Additional searchStrings and new longStrings for legalperson schema
New searchStrings, searchString9-20 and longString1-4 were added to legalperson and organization. They can be used the same way as searchStrings1-8. Maximum length of searchString9-20 is 255. Maximum length of longString1-4 is 4000 but it may depend on the underlying database encoding. For example if the database encodes characters as 3 bytes, then the max length of longString might be 4000/3.

In REST API PersonSearchVO, LegalPersonVO, LegalPersonCustomVO, OrganizationVO and OrganizationCustomVO will contain the new searchString9-20 and longString1-4.

New optional search parameters gidSearchString1, gidSearchString2, givenName, accountUid, agentId, mobile, telePhone, fax, zipCode, city, street, searchString1-20, longString1-4 added to REST API agent search.
See efecte_identity_rest_api_reference.pdf 2.7.1 Search for legal person.

Event API SearchAction modified to support searching by gidSearchString1, gidSearchString2, givenName, accountUid, agentId, mobile, telePhone, fax, zipCode, city, street, searchString1-20, longString1-4 parameters.
See SearchAction Javadocs in efecte_identity_javadoc-public-eventrules-2024.1.0.zip

SearchString1-20 and longString1-4 can be used in Shadow-to-IdM lookup.

Earlier the searchString5-8 could not be used in Shadow-to-IdM lookup.

EIM-11171 Logging for EIM Oauth2 applications
There is now a possibility to enable logging for EIM oauth2 applications. This will show which EIM oauth2 applications have been used for authentication through EIM.

Configuration will be done in igm.logging.properties
Logging is not enabled by default.

See detailed description in FAM manual chapter: “4.10 Oauth2 Authentication logging”

Example of the content: 2024-01-19 07:54:31 host:10.0.2.2 accountuid:dude method:Efecte Password clientid:TestOauth2App-dbdb6000-efc3-4603-83c0-c05911fa658a

Improvements

EIM-11062 Upgrade bcprov-jdk18on-172.jar and bcpkix-jdk18on-172.jar
The Bouncy Castle Crypto packages were updated to bcprov-jdk18on-1.77.jar and bcpkix-jdk18on-1.77.jar.

EIM-11087 Stricter sanitization for base64 message
Base64 forget password message has now stricter sanitization. The received base64 message is validated to contain only allowed url-encoded character set.

EIM-11088 Change when showing “Your account is locked.” message
Local account locked status is checked after entering the credentials successfully, only then the message “Your account is locked.” is shown. In other cases such as entering wrong password, the message is “Login failed. Please check your username and password. Username may also have expired.”.

EIM-11104 Upgrade lodash
Lodash javascript library updated to version 4.17.21.

EIM-11145 Upgrade client.min.js
Client.min.js updated to version 0.2.1.

EIM-11215 Upgrade Apache commons-codec to version 1.16
Updated the Apache commons-codec library from version 1.10 to version 1.16.

Bug fixes

EIM-11075 REST API agent custom attributes uses igm.rm5api.customattributes.properties
Agent custom attributes can be renamed in igm.rm5api.customattributes.properties. This caused an issue with REST API Find agent query, the renamed custom attributes were not available in the response. This has been fixed so that REST API queries with customVO=true parameter will return a correct dataset.
Note that Java API and Webservices API still obey the igm.rm5api.customattributes.properties definitions.

EIM-11137 XML configured wizard checkbox issue
Change in EIM 2023.4 'EIM-8291 Mass modify fails to select agents often' caused some XML configured wizards to fail handling checkboxes.
Problem occurs in any XML configured wizard that has a search step with select="multiple". This has been fixed.

End of life notices

EIM-11074 End of life for multiple old database and application server versions
EIM version 2024.1 does not support/was not anymore tested with following database/application server versions:
Database:
MySQL
Application server:
JBOSS EAP 7.4.6
Documentation has been updated accordingly. However, there might still be some references to MySQL.