Skip to end of metadata
Go to start of metadata

In Progress

This release is planned. Therefore the information presented here is incomplete and inaccurate.
For information regarding the latest stable release please see Release 3.5

TODO

Release 3.6 is a TODO midPoint release code-named TODO. The 3.6 release brings ....

Planned release date: Spring 2017

TODO

Albert Einstein (1879 - 1955) was a .....

 

Credits

Majority of the work on the Einstein release was done by the Evolveum team. However, this release would not be possible without the help of our partners, customers, contributors, friends and families. We would like to express a great gratitude to all the people that contributed to the midPoint project.

Special thanks: TODO

TODO

We would also like to thank:

  • TODO

Features

midPoint 3.5 provides following features:

Changes with respect to version 3.5

  • Role exclusion: pruning of conflicting roles which can be used to implement Radio Button Roles
  • Specification of mapping domain and range
  • Custom forms
  • GUI improvements
    • Multiple browser windows supported
    • Easy customization of basic look and feel (color, icon, system name)
    • Shopping cart improvements
      • Ability to request roles for a different user
      • Ability to specify free-form comment on the request
      • Warning about conflicting role assignments
    • Quasi-full-text search
    • Control over the user dashboard widgets
  • CredSSP support in Active Directory connector
  • Ad-hoc delegation of approvals ("Delegate" button)
  • Partial execution of IDM model computation that allow ability for lighter recompute tasks
  • Check expression in Password Policy
  • RunAs configuration for expressions

Java 7 environment is no longer supported.
XPath2 scripting is no longer supported.
CSVFile Connector (deprecated) is deprecated.

Quality

Release 3.6 (TODO) is intended for full production use in enterprise environments. All features are stable and well tested.

Limitations

  • MidPoint 3.6 comes with a bundled LDAP-based eDirectory connector. This connector is stable, however it is not included in the normal midPoint support. Support for this connector has to be purchased separately.

Platforms

MidPoint is known to work well in the following deployment environment. The following list is list of tested platforms, i.e. platforms that midPoint team or reliable partners personally tested this release. The version numbers in parentheses are the actual version numbers used for the tests. However it is very likely that midPoint will also work in similar environments. Also note that this list is not closed. MidPoint can be supported in almost any reasonably recent platform (please contact Evolveum for more details).

Java

  • OpenJDK 8 (1.8.0_91, 1.8.0_111)
  • Sun/Oracle Java SE Runtime Environment 8 (1.8.0_45, 1.8.0_65, 1.8.0_74)

 

Java 8 only

MidPoint 3.6 is supported only on Java 8 platforms. MidPoint supported both Java 7 and Java 8 for several years. The support for Java 7 was deprecated in midPoint 3.4.1 and it was removed in midPoint 3.5. It is finally the time to abandon obsolete technology and to move on.

Web Containers

  • Apache Tomcat 8 (8.0.14, 8.0.20, 8.0.28, 8.0.30, 8.0.33, 8.5.4)
  • Apache Tomcat 7 (7.0.29, 7.0.30, 7.0.32, 7.0.47, 7.0.50, 7.0.69)
  • Sun/Oracle Glassfish 3 (3.1)
  • BEA/Oracle WebLogic (12c)

Databases

  • H2 (embedded, only recommended for demo deployments)
  • PostgreSQL (8.4.14, 9.1, 9.2, 9.3, 9.4, 9.4.5, 9.5, 9.5.1)
  • MariaDB (10.0.28)
  • MySQL (5.6.26, 5.7)
    Supported MySQL version is 5.6.10 and above (with MySQL JDBC ConnectorJ 5.1.23 and above).
    MySQL in previous versions didn't support dates/timestamps with more accurate than second fraction precision.
  • Oracle 11g (11.2.0.2.0)
  • Microsoft SQL Server (2008, 2008 R2, 2012, 2014)

Unsupported Platforms

Following list contains platforms that midPoint is known not to work due to various issues. As these platforms are obsolete and/or marginal we have no plans to support midPoint for these platforms.

  • Java 6
  • Java 7
  • Sun/Oracle GlassFish 2
  • Apache Tomcat 6

Download and Install

Upgrade

Upgrade from midPoint 3.0, 3.1, 3.1.1, 3.2, 3.3, 3.3.1, 3.4 and 3.4.1

Upgrade path from MidPoint 3.0 goes through midPoint 3.1, 3.1.1, 3.2, 3.3, 3.4.1 and 3.5.1. Upgrade to midPoint 3.1 first (refer to the midPoint 3.1 release notes). Then upgrade from midPoint 3.1 to 3.1.1, from 3.1.1 to 3.2 then to 3.3, then to 3.4.1, 3.5.1 and finally to 3.6.

Upgrade from midPoint 3.5 and 3.5.1

MidPoint 3.6 data model is essentially backwards compatible with both midPoint 3.5 and midPoint 3.5.1. However as the data model was extended in 3.6 the database schema needs to be upgraded using the usual mechanism.

MidPoint 3.6 is a release that fixes some issues of previous versions. Therefore there are some changes that are not strictly backward compatible.

  • Java 7 environment is no longer supported. Please upgrade to Java 8 before upgrading midPoint.
  • XPath2 scripting is no longer supported. Please migrate your XPath2 scripts to Groovy, JavaScript or Python.
  • Version numbers of some bundled connectors have changed. Therefore connector references from the resource definitions that are using the bundled connectors need to be updated.

Changes in initial objects since 3.5 and 3.5.1

MidPoint has a built-in set of "initial objects" that it will automatically create in the database if they are not present. This includes vital objects for the system to be configured (e.g. role superuser and user administrator). These objects may change in some midPoint releases. But to be conservative and to avoid configuration overwrite midPoint does not overwrite existing objects when they are already in the database. This may result in upgrade problems if the existing object contains configuration that is no longer supported in a new version. Therefore the following list contains a summary of changes to the initial objects in this midPoint release. The complete new set of initial objects is in the config/initial-objects directory in both the source and binary distributions. Although any problems caused by the change in initial objects is unlikely to occur, the implementors are advised to review the following list and assess the impact on case-by-case basis:

  • TODO
     
  • 040-role-enduser.xml: fixed permissions
  • 043-role-delegator.xml: new file, role for delegators (deputy support)
  • 100-report-reconciliation.xml: fixed report
  • 110-report-user-list.xml: report fix for CSV output
  • 200-lookup-languages.xml: new supported languages
  • 210-lookup-locales.xml: new supported locales
  • 230-lookup-lifecycle-state.xml: new file, lookup for lifecycle states

Bundled connector changes since 3.5 and 3.5.1

  • TODO
  • The CSVFile Connector (deprecated) is deprecated. It is still fully supported and it is still bundled with midPoint. However, it is technologically obsolete and it will be replaced by a new CSV Connector in midPoint 3.6. Therefore please consider using the new CSV Connector in new projects even with midPoint 3.5. The CSV Connector was not entirely finished at the time of midPoint 3.5 release - and that was the reason why midPoint 3.5 is still using the old connector. However it is expected that the new connector will be finished and stabilized in early 2017.
  • The LDAP connector was upgraded to the latest available version.

Behavior changes since 3.5 and 3.5.1

  • Approval requests for which are no approvers defined (at a particular approval schema level) are now rejected by default. Original behavior was so that they were approved. Now the behavior is configurable using outcomeIfNoApprovers property of an approval schema level.
  • Work item notifications have changed. The workItemEvent category is abstract now; it was replaced with workItemLifecycleEvent, workItemAllocationEvent, workItemCompletionEvent, workItemDelegationEvent, workItemCustomEvent (TODO).
  • The focus object lifecycle state influences assignment lifecycle. If the object is inactive due to the lifecycle state then also the assignment will be considered inactive.
  • Deprecated password policy references in system configuration and orgs cannot be used together with security policy definitions. Please use password policy settings in the security policy.
  • Midpoint 3.5.1 and earlier assumed default value of 1 for minOccurs in the password policy. However, if no password policy was specified then the midOccurs defaulted to 0. This was unintuitive and inconsistent. The root cause of the problem was that the default value of midOccurs was never specified. Therefore the default value was consistently set to 0 in midPoint 3.6 and later.
    WARNING: this means that the password policy in midPoint 3.6 will allow entry of empty password unless minOccurs=1 is explicitly specified in the password policy.
  • Password history is stored in hashed form by default. The default storage form was encryption before midPoint 3.6. Old password history entries will remain in the form in which they were originally stored. New password history entries will be stored according to new setting.

Public interface changes since 3.5 and 3.5.1

  • ModelService.recompute() method has a new version that accepts model execute options as parameters. There is a change in the default setting (reconciliation flag is now false by default). The old version is left as deprecated and has compatible behavior.
     
  • TODO

Important internal changes since 3.5 and 3.5.1

These changes should not influence anyone using the midPoint. These changes should also not influence the XML-based customizations or scripting expressions that rely just on the provided library classes. These changes will influence midPoint forks and deployments that are heavily customized using the Java components.

  • TODO

Known Issues and Limitations

There is a support to set up storage of credentials in either encrypted or hashed form. There is also unsupported and undocumented option to turn off credential storage. This option partially works, but there may be side effects and interactions. This option is not fully supported yet. Do not use it or use it only on your own risk. It is not included in any midPoint support agreement.

TODO

As all real-world software midPoint 3.5 has some known issues. Full list of the issues is maintained in jira. As far as we know at the time of the release there was no known critical or security issue.

There is currently no plan to fix the known issues of midPoint 3.5 en masse. These issues will be fixed in future maintenance versions of midPoint only if the fix is requested by midPoint subscriber. No other issues will be fixed - except for severe security issues that may be found in the future.

The known issues of midPoint 3.5 may or may not be fixed in midPoint 3.6. This depends on the available time, issue severity and many variables that are currently difficult to predict. The only reliable way how to make sure that an issue is fixed is to purchase midPoint subscription. Or you can fix the bug yourself. MidPoint is always open to contributions.

This may seem a little bit harsh at a first sight. But there are very good reasons for this policy. And in fact it is no worse than what you get with most commercial software. We are just saying that with plain language instead of scrambling it into a legal mumbo-jumbo.

See Also

  • No labels