- Flexible authentication implementation was extended to cover REST service. If you already have configuration for flexible authentication, then you have to add appropriate section for REST service. In case that you are not using flexible authentication, REST service authentication will work in the same way as in midPoint 4.1.
- Mapping processing was improved and cleanup, mostly as a side effect of midPrivacy: Data Provenance Prototype
- Experimental "push changes" option: Since midPoint 4.2 the phantom changes, i.e. changes that do not modify focus object state, are filtered out. A typical example is disabling user that is already disabled. Before 4.2, such operation would result in propagating the disabled state to projections, assuming that appropriate mappings are in place. Starting with midPoint 4.2, such a change is not propagated by default. In order to do that, "push changes" option has to be set.
- Processing of strong mapping was changed in some edge cases: Before 4.2, if a item value was deleted (by primary or secondary delta) but the same value also mandated by a strong mapping, a
PolicyViolationExceptionwas thrown. This behavior has changed: such a situation is still considered non-standard (because in some point of view a strong mapping represents a kind of policy that is to be held) but instead of exception, only a warning is issued. Of course, the value mandated by the mapping is not deleted. It is kept in the item.
- Evaluation of normal mappings was changed, when in presence of related secondary delta: Originally, any delta on target item suppressed evaluation of normal mappings for that target. This is understandable for primary deltas but not so clear for secondary deltas. So, for secondary deltas the behavior is changed now: normal mappings targeted to items that have been changed previously (by secondary delta) are evaluated.
afterProjectionstemplate mapping evaluation phase was added. Some mappings (e.g. those that need to "see"
hasLinkedAccountfunction transition) should be executed after projection activation is computed, but before projector results are committed. For such cases we have created experimental
- Representation of secondary deltas in model context was changed slightly. Please see Deltas in Projector and Clockwork for more information.
- Following expression variables are still deprecated:
shadow. These variables will be removed soon. Please change your script to use
subtypeis still deprecated. It will be removed soon. Please change your configuration to use archetypes instead.
- Channel namespaces (and hence qualified names and URIs) were unified. All built-in channels have
namespace now.. Please update channel names and URIs in your configuration according to the following table:
|Old channel namespace (4.1 and earlier)||New channel namespace (4.2 and later)|
Channel URI migration
In order to facilitate migration of channel URIs, some of them are migrated automatically (see MID-6547):