Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning
titleIn Progress

This release is planned. Therefore the information presented here is incomplete and inaccurate.
For information regarding the latest stable release please see Release 4.1

Maxwell

Release 4.2 is a thirty-third midPoint release code-named Maxwell. The 4.2 release brings new reporting mechanism, updates to auditing implementation, continued improvement for authentication and handful of other interesting improvements . Most importantly, midPoint 4.2 brings experimental updates to the very foundations of midPoint.

...

Panel
titleJames Clerk Maxwell

James Clerk Maxwell (1831 - 1879) was a Scottish scientist in the field of mathematical physics. He is best known for Maxwell equations that form a foundation of classical electromagnetism, classical optics and electric circuits. The equations are part of a theory of electromagnetic radiation, bringing together for the first time theories of electricity, magnetism and light. Maxwell's work was theoretical, but it has profound effect on both theoretical and practical parts of science and engineering. Maxwell has described the path that we follow up to this day.

Similarly to Maxwell's theories, midPoint 4.2 lays down theoretical foundations with significant potential for the future. Most of them are results of midPrivacy initiative. Axiom is a new modeling language that works on conceptual levels to provide support for metadata schemas. Axiom was used to implement data provenance functionality deep in midPoint core data layers. The insights that originated from the provenance effort inspired fundamental improvements in processing of midPoint mappings. Overall, the work on midPoint 4.2 provided a lot of inspiration and theoretical foundations for the future. MidPoint code is almost a decade old. The Maxwell release builds up essential theories that would allow midPoint to flourish for decades to come.


Table of Contents

Credits

Majority of the work on the Pasteur release was done by the Evolveum team. However, this release would not be possible without the help of our partners, customers, contributors, friends and families. We would like to express our thanks to all the people that contributed to the midPoint project both by providing financial support, their own time or those that maintain a pleasant and creative environment for midPoint team. However, midPoint project would not exist without proper funding. Therefore we would like to express our deepest gratitude to all midPoint subscribers that made midPoint project possible.

Features

There are too many features in midPoint 4.2 to list them in details. The Features page lists the features of most recent midPoint release.

Changes with respect to version 4.1

New Features and Improvements

Deprecation, Feature Removal And Incompatible Changes

  • Support for all SOAP services was removed. Please use RESTful interface instead. It is still possible to create custom SOAP services in overlay projects. However, midPoint no longer includes SOAP infrastructure (Apache CXF SOAP components). Overlay authors are responsible for specifying appropriate dependencies and maintenance of their compatibility with current and future midPoint versions.
  • Use of HQL query language for audit log queries and dashboard widgets is deprecated. Please use midPoint query language instead.
  • .NET remote connector server is no longer supported.
  • Apache Tomcat 8.5 is no longer supported.
  • Use of Jasper-based reports in midPoint is deprecated in favor of the new "native" reports. Preliminary plan is to keep Jasper-based reports supported for several releases, but it is recommended to migrate the reports as soon as possible.
  • Support for Microsoft Internet Explorer is deprecated.
  • Support for MySQL and MariaDB is deprecated. Those databases will be supported for some time (possibly long time), but support for them will be eventually removed. It is strongly recommended to use PostgreSQL instead.
  • Explicit deployment to an external web container is deprecated since midPoint 4.1.
  • MidPoint plug-in for Eclipse IDE was never officially supported and it will not be developed any more. This plugin is abandoned in favor of IntelliJ IDEA environment (MidPoint Studio).
  • Unofficial option to use Spring Security modules is no longer available. It was replaced by flexible authentication mechanisms.
  • Unofficial JasperSoft Studio plugin for midPoint is no longer available. There is no plan to make it available again.

Releases Of Other Components

  • ConnId framework was released as Evolveum release 1.5.0.17. This adds support for "is null" or "not present" filters.
  • New versions of LDAP Connector, Active Directory Connector and DatabaseTable Connector were released during the course of midPoint 4.2 development.
  • Release of Java REST client is planned shortly after midPoint 4.2 release.
  • TODO: Overlay projects and other associated artifacts were released together with midPoint 4.2.
  • MidPoint Studio plugin for IntelliJ IDEA will be released in beta quality around the same time as midPoint 4.2 release.

Purpose and Quality

Release 4.2 (Maxwell) is intended for full production use. It is a feature release, supported only for a reduced time period. Therefore it is intended for users that prefer new features over long-term stability.

All features are stable and well tested - except the features that are explicitly marked as experimental or partially implemented. Those features are supported only with special subscription contract.

Limitations

Following list provides summary of limitation of this midPoint release.

...

This list is just an overview and it may not be complete. Please see the documentation regarding detailed limitations of individual features.

Platforms

MidPoint is known to work well in the following deployment environment. The following list is list of tested platforms, i.e. platforms that midPoint team or reliable partners personally tested with this release. The version numbers in parentheses are the actual version numbers used for the tests.

...

Support for some platforms is marked as "deprecated". Support for such deprecated versions can be removed in any midPoint release. Please migrate from deprecated platforms as soon as possible.

Java

  • OpenJDK 11 (11.0.8). This is a recommended platform.

...

Support for Oracle builds of JDK is provided only for the period in which Oracle provides public support (free updates) for their builds. As far as we are aware, free updates for Oracle JDK 11 are no longer available. Which means that Oracle JDK 11 is not supported for MidPoint any more. MidPoint is an open source project, and as such it relies on open source components. We cannot provide support for platform that do not have public updates as we would not have access to those updates and therefore we cannot reproduce and fix issues. Use of open source OpenJDK builds with public support is recommended instead of proprietary builds.

Web Containers

MidPoint is bundled with an embedded web container. This is the default and recommended deployment option. See Stand-Alone Deployment for more details.

...

Warning
titleExplicit deployment to web container is DEPRECATED

Explicit deployment to an external web container was supported since the beginning of midPoint. That was the usual practice at the time when midPoint started. But that was some time ago and the world is a different place now. MidPoint supports stand-alone deployment model for several years. It is now the default and recommended deployment model. It works very well and it simplifies a lot of things. Therefore in order to simplify midPoint maintenance and support we are deprecating the explicit deployment model. Support for explicit deployment will be removed soon. Stand-alone deployment will be the only supported option in the future.

Databases

MidPoint supports several databases. However, performance characteristics and even some implementation details can change from database to database. Since midPoint 4.0, PostgreSQL is the recommended database for midPoint deployments.

...

Only a direct connection from midPoint to the database engine is supported. Database and/or SQL proxies, database load balancers or any other devices (e.g. firewalls) that alter the communication are not supported.

Supported Browsers

  • Firefox
  • Safari
  • Chrome
  • Edge
  • Opera
  • Microsoft Internet Explorer (DEPRECATED)

...

Microsoft Internet Explorer compatibility mode is not supported.

Important Bundled Components

ComponentVersionDescription
Tomcat9.0.37Web container
ConnId1.5.0.17ConnId Connector Framework
LDAP connector bundle3.1LDAP, Active Directory and eDirectory connector
CSV connector2.4Connector for CSV files
DatabaseTable connector1.4.4.0Connector for simple database tables

Download And Install


Upgrade

MidPoint is software that is designed for easy upgradeability. We do our best to maintain strong backward compatibility of midPoint data model, configuration and system behavior. However, midPoint is also very flexible and comprehensive software system with a very rich data model. It is not humanly possible to test all the potential upgrade paths and scenarios. Also some changes in midPoint behavior are inevitable to maintain midPoint development pace. Therefore we can assure reliable midPoint upgrades only for midPoint subscribers. This section provides overall overview of the changes and upgrade procedures. Although we try to our best it is not possible to foresee all possible uses of midPoint. Therefore the information provided in this section are for information purposes only without any guarantees of completeness. In case of any doubts about upgrade or behavior changes please use services associated with midPoint subscription or purchase professional services.

Upgrade From MidPoint 4.1.x

MidPoint 4.2 data model is not completely backwards compatible with previous midPoint versions. However, vast majority of data items is compatible. Therefore the usual upgrade mechanism can be used. There are some important changes to keep in mind:

  • Database schema needs to be upgraded using the usual mechanism.
  • Version numbers of some bundled connectors have changed. Therefore connector references from the resource definitions that are using the bundled connectors need to be updated.
  • Channel namespaces (and hence qualified names and URIs) were unified. This affects configurations where channel URIs are used, most notably flexible authentication configuration. Channel names need to be updated during the upgrade, otherwise the authentication may not work at all. When in doubt, it is recommended to disable flexible authentication (remove the configuration) before upgrade, conduct an upgrade with default authentication configuration, and re-enable the flexible authentication after upgrade (with new channel names). Channel name changes are documented below.

Upgrade From MidPoint 4.0.x Or Older

Upgrade from midPoint 4.0.x or older is not supported directly. Please upgrade to midPoint 4.1.x first.

Changes In Initial Objects Since 4.1

MidPoint has a built-in set of "initial objects" that it will automatically create in the database if they are not present. This includes vital objects for the system to be configured (e.g. role Superuser and user administrator). These objects may change in some midPoint releases. But to be conservative and to avoid configuration overwrite midPoint does not overwrite existing objects when they are already in the database. This may result in upgrade problems if the existing object contains configuration that is no longer supported in a new version. Therefore the following list contains a summary of changes to the initial objects in this midPoint release. The complete new set of initial objects is in the config/initial-objects directory in both the source and binary distributions. Although any problems caused by the change in initial objects is unlikely to occur, the implementors are advised to review the changes and assess the impact on case-by-case basis.

There were numerour changes to initial objects in this release. Please review source code history for list of changes.

Bundled Connector Changes Since 4.1

  • ConnId connector framework was upgraded to version 1.5.0.17. This version is backwards compatible with previous versions.
  • LDAP ad AD connectors were upgraded to the latest available version 3.1.
  • DatabaseTable connector was upgraded to the latest available version 1.4.4.0.

Behavior Changes Since 4.1

  • Flexible authentication implementation was extended to cover REST service. If you already have configuration for flexible authentication, then you have to add appropriate section for REST service. In case that you are not using flexible authentication, REST service authentication will work in the same way as in midPoint 4.1.
  • Mapping processing was improved and cleanup, mostly as a side effect of midPrivacy: Data Provenance Prototype
    • Experimental "push changes" option: Since midPoint 4.2 the phantom changes, i.e. changes that do not modify focus object state, are filtered out. A typical example is disabling user that is already disabled. Before 4.2, such operation would result in propagating the disabled state to projections, assuming that appropriate mappings are in place. Starting with midPoint 4.2, such a change is not propagated by default. In order to do that, "push changes" option has to be set.
    • Processing of strong mapping was changed in some edge cases: Before 4.2, if a item value was deleted (by primary or secondary delta) but the same value also mandated by a strong mapping, a PolicyViolationException was thrown. This behavior has changed: such a situation is still considered non-standard (because in some point of view a strong mapping represents a kind of policy that is to be held) but instead of exception, only a warning is issued. Of course, the value mandated by the mapping is not deleted. It is kept in the item.
    • Evaluation of normal mappings was changed, when in presence of related secondary delta: Originally, any delta on target item suppressed evaluation of normal mappings for that target. This is understandable for primary deltas but not so clear for secondary deltas. So, for secondary deltas the behavior is changed now: normal mappings targeted to items that have been changed previously (by secondary delta) are evaluated.
    • New afterProjections template mapping evaluation phase was added. Some mappings (e.g. those that need to "see" hasLinkedAccount function transition) should be executed after projection activation is computed, but before projector results are committed. For such cases we have created experimental afterProjections evaluation phase.
    • Representation of secondary deltas in model context was changed slightly. Please see Deltas in Projector and Clockwork for more information.
  • Following expression variables are still deprecated: user, account, shadow. These variables will be removed soon. Please change your script to use focus and projection variables instead.
  • Property subtype is still deprecated. It will be removed soon. Please change your configuration to use archetypes instead.
  • Channel namespaces (and hence qualified names and URIs) were unified. All built-in channels have http://midpoint.evolveum.com/xml/ns/public/common/channels-3 namespace now.. Please update channel names and URIs in your configuration according to the following table:
Old channel namespace (4.1 and earlier)New channel namespace (4.2 and later)
http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#liveSynchttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#liveSync
http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#asyncUpdatehttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#asyncUpdate
http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#reconciliationhttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#reconciliation
http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#recomputehttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#recompute
http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#discoveryhttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#discovery
http://midpoint.evolveum.com/xml/ns/public/provisioning/channels-3#importhttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#import
http://midpoint.evolveum.com/xml/ns/public/model/channels-3#webServicehttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#webService
http://midpoint.evolveum.com/xml/ns/public/model/channels-3#objectImporthttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#objectImport
http://midpoint.evolveum.com/xml/ns/public/model/channels-3#resthttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest
http://midpoint.evolveum.com/xml/ns/public/model/channels-3#actuatorhttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator
http://midpoint.evolveum.com/xml/ns/public/model/channels-3#remediationhttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#remediation
http://midpoint.evolveum.com/xml/ns/public/model/channels-3#userhttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#user
http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#inithttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#init
http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#selfRegistrationhttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#selfRegistration
http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#resetPasswordhttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#resetPassword
http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#userhttp://midpoint.evolveum.com/xml/ns/public/common/channels-3#user

Channel URI migration

In order to facilitate migration of channel URIs, some of them are migrated automatically (see MID-6547):

...

We assume that channel information under points 2-4 above is not used for any automated processing. If you need to migrate these, you can write e.g. your own bulk action that will do so.

Public Interface Changes Since 4.1

  • Prism API was changes in several places. However, this is not yet stable public interface therefore the changes are are not tracked in details.
  • There were changes to the IDM Model Interface (Java). Please see source code history for details.
  • IDM Model Web Service Interface (SOAP) was removed.

Important Internal Changes Since 4.1

These changes should not influence people that use midPoint "as is". These changes should also not influence the XML/JSON/YAML-based customizations or scripting expressions that rely just on the provided library classes. These changes will influence midPoint forks and deployments that are heavily customized using the Java components.

  • There were changes in internal code structure, most notably changes in Prism and GUI. Most changes were related to the midPrivacy effort and Axiom prototype. Heavy customizations of midPoint 4.1.x may break in midPoint 4.2.

Known Issues and Limitations

As all real-world software midPoint 4.2 has some known issues. Full list of the issues is maintained in jira. As far as we know at the time of the release there was no known critical or security issue.

...

  • There is a support to set up storage of credentials in either encrypted or hashed form. There is also unsupported and undocumented option to turn off credential storage. This option partially works, but there may be side effects and interactions. This option is not fully supported yet. Do not use it or use it only at your own risk. It is not included in any midPoint support agreement.
  • Native attribute with the name of 'id' cannot be currently used in midPoint (
    Jira
    serverEvolveum Jira
    serverId701b45f2-090c-3276-8ac9-f45eedf731bc
    keyMID-3872
    ). If the attribute name in the resource cannot be changed then the workaround is to force the use of legacy schema. In that case midPoint will use the legacy ConnId attribute names (icfs:name and icfs:uid).
  • We have seen issues upgrading H2 instances to a new version. Generally speaking H2 is not supported for any particular use. We try to make H2 work and we try to make it survive an upgrade, but there are occasional issues with H2 use and upgrade. Make sure that you backup your data in a generic format (XML/JSON/YAML) in regular intervals to avoid losing them. It is particularly important to backup your data before upgrades and when working with development version of midPoint.

Disclaimer

Planned release dates are just that: they are planned. We do not promise or guarantee release dates. Software development is a creative activity that includes a lot of inherent risk. We are trying really hard to provide the best estimates. We are not able to provide precise dates for releases or deliveries. Do not rely on midPoint release dates. Plan your project properly to address the risk of delayed midPoint releases.

...

We do not make any claims that midPoint is perfect. Quite the contrary. MidPoint is a practical software, developed by living and breathing developers and deployed in a real world. There are both known and unknown issues in midPoint. Also, midPoint is not feature-complete. New features are introduced in midPoint all the time. But not all of them are completed. There are always some limitations. As the license states, midPoint is provided "AS IS". Please do not rely on midPoint functionality that you have not tested to make sure that it works. MidPoint support and subscription programs are a way how to handle those issues. But even with support service, do not rely on functionality that is not documented. If you plan to use undocumented or non-existing functionality, platform subscription is the right service for you.

See Also