Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Flexible authentication implementation was extended to cover REST service. If you already have configuration for flexible authentication, then you have to add appropriate section for REST service. In case that you are not using flexible authentication, REST service authentication will work in the same way as in midPoint 4.1.
  • Mapping processing was improved and cleanup, mostly as a side effect of midPrivacy: Data Provenance Prototype
    • Experimental "push changes" option: Since midPoint 4.2 the phantom changes, i.e. changes that do not modify focus object state, are filtered out. A typical example is disabling user that is already disabled. Before 4.2, such operation would result in propagating the disabled state to projections, assuming that appropriate mappings are in place. Starting with midPoint 4.2, such a change is not propagated by default. In order to do that, "push changes" option has to be set.
    • Processing of strong mapping was changed in some edge cases: Before 4.2, if a item value was deleted (by primary or secondary delta) but the same value also mandated by a strong mapping, a PolicyViolationException was thrown. This behavior has changed: such a situation is still considered non-standard (because in some point of view a strong mapping represents a kind of policy that is to be held) but instead of exception, only a warning is issued. Of course, the value mandated by the mapping is not deleted. It is kept in the item.
    • Evaluation of normal mappings was changed, when in presence of related secondary delta: Originally, any delta on target item suppressed evaluation of normal mappings for that target. This is understandable for primary deltas but not so clear for secondary deltas. So, for secondary deltas the behavior is changed now: normal mappings targeted to items that have been changed previously (by secondary delta) are evaluated.
    • New afterProjections template mapping evaluation phase was added. Some mappings (e.g. those that need to "see" hasLinkedAccount function transition) should be executed after projection activation is computed, but before projector results are committed. For such cases we have created experimental afterProjections evaluation phase.
    • Representation of secondary deltas in model context was changed slightly. Please see Deltas in Projector and Clockwork for more information.
  • Following expression variables are still deprecated: user, account, shadow. These variables will be removed soon. Please change your script to use focus and projection variables instead.
  • Property subtype is still deprecated. It will be removed soon. Please change your configuration to use archetypes instead.
  • Channel namespaces (and hence qualified names and URIs) were unified. All built-in channels have namespace now.. Please update channel names and URIs in your configuration according to the following table:
Old channel namespace (4.1 and earlier)New channel namespace (4.2 and later)

Channel URI migration

In order to facilitate migration of channel URIs, some of them are migrated automatically (see MID-6547):