Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 43 Next »

In Progress

This release is planned. Therefore the information presented here is incomplete and inaccurate.
For information regarding the latest stable release please see Release 4.0

Pasteur

Release 4.1 is a thirty-second midPoint release code-named Pasteur. The 4.1 release brings major authentication improvements, user interface improvements, improved archetype functionality and a number of smaller improvements.

Planned release date: Spring 2020
Release type: Feature release
End of support: Spring 2021

Louis Pasteur

Louis Pasteur (1822 - 1895) was French biologist, microbiologist and chemist. He is remembered for his remarkable breakthroughs in the causes and prevention of diseases, and his discoveries have saved many lives ever since. He is best known for process called pasteurization used to preserve our food and drinks.

The processes that Pasteur developed made our world a safer place. Similarly to Pasteur's work, the ambition of midPoint 4.1 is to make identity management safer and better. New flexible authentication mechanism can be used to safeguard entry to midPoint user interface by using several authentication options. User interface improvements and code cleanups make midPoint more "sanitized" and cleaner. MidPoint 4.1 another small, but very important step in midPoint 4.x  development track.


Credits

Majority of the work on the Pasteur release was done by the Evolveum team. However, this release would not be possible without the help of our partners, customers, contributors, friends and families. We would like to express our thanks to all the people that contributed to the midPoint project both by providing financial support, their own time or those that maintain a pleasant and creative environment for midPoint team. However, midPoint project would not exist without proper funding. Therefore we would like to express our deepest gratitude to all midPoint subscribers that made midPoint project possible.

Features

There are too many features in midPoint 4.1 to list them in details. The Features page lists the features of most recent midPoint release.

Changes with respect to version 4.0

New Features and Improvements

  • Major features
    • Flexible Authentication
    • Service authentication: service objects can log into midpoint similarly to users
    • Reworked server tasks  pages, added several new features
  • User interface improvements
    • Audit log viewer improvements
    • Support for archetype changes
    • Archetypes can hide items in the schema
    • UI support for simple conditions in assignment/inducement
    • Several archetype-related UI improvements
    • Improvements for recompute members  tasks
    • Save in background
    • Misc minor improvements in case management UI
    • Language picker is always visible
    • Configurable columns for accounts table
    • Triggers tab in object details page
    • Improvements for display of indirect assignments
  • Provisioning and Synchronization
    • Conditions for synchronization reactions
    • Diagnostic improvements (e.g. last availability status)
    • Miscellaneous synchronization task improvements, mostly diagnostic and robustness
    • Active Directory Connector (LDAP) and PowerShell Connector are separated (see below)
    • Connector read+write mode (experimental)
  • Miscellaneous improvements
    • Asynchronous update task improvements
    • Configurable strictness for reference integrity
    • Improvements to mapping chaining (focusMappings)
    • Support for documentation properties for midScribe documentation generator (prototype, experimental)
    • Support for PostgreSQL 12
  • Internals and Development
    • Build process speedup
    • Major test cleanup

Deprecation, Feature Removal And Incompatible Changes

  • Java 8 is no longer supported
  • PostgreSQL 9.5 (9.5, 9.5.1) is no longer supported.

  • Microsoft SQL Server 2014 is no longer supported

  • Support for MySQL and MariaDB is deprecated. Those databases will be supported for some time (possibly long time), but support for them will be eventually removed. It is strongly recommended to use PostgreSQL instead.

  • Microsoft Active Directory 2008R2 is no longer supported.
  • Microsoft Windows Server 2008R2 is no longer supported.
  • Support for .NET remote connector server is deprecated.
  • SOAP-based IDM Model Web Service Interface is deprecated and it will be removed in midPoint 4.2. Please use RESTful interface instead.
  • Support for Apache Tomcat 8.5 is deprecated.
  • Explicit deployment to an external web container is deprecated.
  • MidPoint plug-in for Eclipse IDE was never officially supported. Despite that, it now has a deprecated status. The plan is to replace Eclipse with IntelliJ IDEA environment eventually.
  • Unofficial option to use Spring Security modules is no longer available. It was replaced by flexible authentication mechanisms.
  • Unofficial JasperSoft Studio plugin for midPoint is no longer available. There is no plan to make it available again.
  • Public API things - copy from https://github.com/Evolveum/midpoint/commit/882a2ceb03294affbf589f077102a9f519bbcea8 (select relevant methods).

Releases Of Other Components

  • New versions of LDAP Connector and Active Directory Connector were released during the course of midPoint 4.1 development. There were major improvements and fixes in those connectors, namely separation of PowerShell Connector from the AD connector. See the connector pages for the details. MidPoint 4.1 contains most recent versions of those connectors.
  • Official release of Java REST client is planned shortly after midPoint 4.1 release.
  • Overlay projects and other associated artifacts were released together with midPoint 4.1.

Quality

Release 4.1 (Pasteur) is intended for full production use All features are stable and well tested - except the features that are explicitly marked as experimental or partially implemented. Those features are supported only with special subscription contract.

Limitations

Following list provides summary of limitation of this midPoint release.

  • Functionality that is marked as EXPERIMENTAL is not supported for general use (yet). Such features are not covered by midPoint support. They are supported only for those subscribers that funded the development of this feature by the means of platform subscription or for those that explicitly negotiated such support in their support contracts.
  • MidPoint comes with bundled LDAP Connector. Support for LDAP connector is included in standard midPoint support service, but there are limitations. This "bundled" support only includes operations of LDAP connector that 100% compliant with LDAP standards. Any non-standard functionality is explicitly excluded from the bundled support. We strongly recommend to explicitly negotiate support for a specific LDAP server in your midPoint support contract. Otherwise only standard LDAP functionality is covered by the support. See LDAP Connector page for more details.
  • MidPoint comes with bundled Active Directory Connector (LDAP). Support for AD connector is included in standard midPoint support service, but there are limitations. Only some versions of Active Directory deployments are supported. Basic AD operations are supported, but advanced operations may not be supported at all. The connector does not claim to be feature-complete. See Active Directory Connector (LDAP) page for more details.
  • MidPoint user interface has flexible (fluid) design and it is able to adapt to various screen sizes, including screen sizes used by some mobile devices. However, midPoint administration interface is also quite complex and it would be very difficult to correctly support all midPoint functionality on very small screens. Therefore midPoint often works well on larger mobile devices (tablets) it is very likely to be problematic on small screens (mobile phones). Even though midPoint may work well on mobile devices, the support for small screens is not included in standard midPoint subscription. Partial support for small screens (e.g. only for self-service purposes) may be provided, but it has to be explicitly negotiated in a subscription contract.
  • There are several add-ons and extensions for midPoint that are not explicitly distributed with midPoint. This includes Java client library, various samples, scripts, connectors and other non-bundled items. Support for these non-bundled items is limited. Generally speaking those non-bundled items are supported only for platform subscribers and those that explicitly negotiated the support in their contract. For other cases there is only community support available. For those that are interested in official support for IDE add-ons there is a possibility to use subscription to help us develop midPoint studio ( MID-4701 - Getting issue details... STATUS ).
  • MidPoint contains a basic case management user interface. This part of midPoint user interface is not finished. The only supported part of this user interface is the part that is used to process requests and approvals. Other parts of case management user interface are considered to be experimental, especially the parts dealing with manual provisioning cases.
  • Multi-node task distribution had a limited amount of testing, due to inherent complexity of the feature. It is likely that there may be problems using this feature. We recommend not to use this feature unless it is absolutely necessary.

This list is just an overview and it may not be complete. Please see the documentation regarding detailed limitations of individual features.

Platforms

MidPoint is known to work well in the following deployment environment. The following list is list of tested platforms, i.e. platforms that midPoint team or reliable partners personally tested with this release. The version numbers in parentheses are the actual version numbers used for the tests.

It is very likely that midPoint will also work in similar environments. But only the versions specified below are supported as part of midPoint subscription and support programs - unless a different version is explicitly agreed in the contract.

Support for some platforms is marked as "deprecated". Support for such deprecated versions can be removed in any midPoint release. Please migrate from deprecated platforms as soon as possible.

Java

  • OpenJDK 11 (11.0.6). This is a recommended platform.

OpenJDK 11 is a recommended Java platform to run midPoint.

Support for Oracle builds of JDK is provided only for the period in which Oracle provides public support (free updates) for their builds. As far as we are aware, free updates for Oracle JDK 11 are no longer available. Which means that Oracle JDK 11 is not supported for MidPoint any more. MidPoint is an open source project, and as such it relies on open source components. We cannot provide support for platform that do not have public updates as we would not have access to those updates and therefore we cannot reproduce and fix issues. Use of open source OpenJDK builds with public support is recommended instead of proprietary builds.

Web Containers

MidPoint is bundled with an embedded web container. This is the default and recommended deployment option. See Stand-Alone Deployment for more details.

Apache Tomcat is supported as the only web container for midPoint. Support for no other web container is planned. Following Apache Tomcat versions are supported:

  • Apache Tomcat 8.5 (8.5.31) - DEPRECATED
  • Apache Tomcat 9.0 (9.0.24)

Apache Tomcat 8.0.x is no longer supported as its support life is over (EOL).

Explicit deployment to web container is DEPRECATED

Explicit deployment to an external web container was supported since the beginning of midPoint. That was the usual practice at the time when midPoint started. But that was some time ago and the world is a different place now. MidPoint supports stand-alone deployment model for several years. It is now the default and recommended deployment model. It works very well and it simplifies a lot of things. Therefore in order to simplify midPoint maintenance and support we are deprecating the explicit deployment model. Support for explicit deployment will be removed soon. Stand-alone deployment will be the only supported option in the future.

Databases

MidPoint supports several databases. However, performance characteristics and even some implementation details can change from database to database. Since midPoint 4.0, PostgreSQL is the recommended database for midPoint deployments.

  • H2 (embedded). Supported only in embedded mode. Not supported for production deployments. Only the version specifically bundled with midPoint is supported.
    H2 is intended only for development, demo and similar use cases. It is not supported for any production use. Also, upgrade of deployments based on H2 database are not supported.
  • PostgreSQL 12, 11 and 10. PostgreSQL 12 is strongly recommended option.
  • MariaDB (10.0.28) - DEPRECATED
  • MySQL 5.7 (5.7) - DEPRECATED
  • Oracle 12c
  • Microsoft SQL Server 2016 SP1

Our strategy is to officially support the latest stable version of PostgreSQL database (to the practically possible extent). PostgreSQL database is the only database with clear long-term support plan in midPoint. We make no commitments for future support of any other database engines. See Repository Database Support page for the details.

Only a direct connection from midPoint to the database engine is supported. Database and/or SQL proxies, database load balancers or any other devices (e.g. firewalls) that alter the communication are not supported.

Supported Browsers

  • Firefox (any recent version)
  • Safari (any recent version)
  • Chrome (any recent version)
  • Opera (any recent version)
  • Microsoft Internet Explorer (any recent version)

Recent version of browser as mentioned above means any stable stock version of the browser released in the last two years. We formally support only stock, non-customized versions of the browsers without any extensions or other add-ons. According to the experience most extensions should work fine with midPoint. However, it is not possible to test midPoint with all of them and support all of them. Therefore, if you chose to use extensions or customize the browser in any non-standard way you are doing that on your own risk. We reserve the right not to support customized web browsers.

Microsoft Internet Explorer compatibility mode is not supported.

Important Bundled Components

ComponentVersionDescription
Tomcat9.0.24Web container
ConnId1.5.0.10ConnId Connector Framework
LDAP connector bundle3.0LDAP, Active Directory and eDirectory connector
CSV connector2.4Connector for CSV files
DatabaseTable connector1.4.3.0Connector for simple database tables

Download And Install


Upgrade

MidPoint is software that is designed for easy upgradeability. We do our best to maintain strong backward compatibility of midPoint data model, configuration and system behavior. However, midPoint is also very flexible and comprehensive software system with a very rich data model. It is not humanly possible to test all the potential upgrade paths and scenarios. Also some changes in midPoint behavior are inevitable to maintain midPoint development pace. Therefore we can assure reliable midPoint upgrades only for midPoint subscribers. This section provides overall overview of the changes and upgrade procedures. Although we try to our best it is not possible to foresee all possible uses of midPoint. Therefore the information provided in this section are for information purposes only without any guarantees of completeness. In case of any doubts about upgrade or behavior changes please use services associated with midPoint subscription or purchase professional services.

Upgrade From MidPoint 4.0.x

MidPoint 4.1 data model is not completely backwards compatible with previous midPoint versions. However, vast majority of data items is compatible. Therefore the usual upgrade mechanism can be used. There are some important changes to keep in mind:

  • Version numbers of some bundled connectors have changed. Therefore connector references from the resource definitions that are using the bundled connectors need to be updated.
  • Archetypes were applied to server tasks. Archetype definitions will be imported automatically from initial objects. However, existing tasks will not be re-imported and therefore these archetypes will not be applied to tasks. Archetypes need to be applied to existing tasks manually. Archetypes does not affect core functionality of the task, therefore the tasks should still work even without the archetypes. However, archetypes are needed to utilize midPoint GUI to its full potential, therefore applying archetypes to tasks is strongly recommended.
  • Although the database schema was not changed, a minor change occurred by introducing the "incomplete" flag. You need to reindex objects that contain data that are not returned from search by default (such as jpegPhoto). It is not strictly necessary, but reindex operation is recommended to fix several issues that were present in midPoint 4.0.

Upgrade From MidPoint 3.9.x Or Older

Upgrade from midPoint 3.9.x or older is not supported directly. Please upgrade to midPoint 4.0.x first.

Changes In Initial Objects Since 4.0

MidPoint has a built-in set of "initial objects" that it will automatically create in the database if they are not present. This includes vital objects for the system to be configured (e.g. role superuser and user administrator). These objects may change in some midPoint releases. But to be conservative and to avoid configuration overwrite midPoint does not overwrite existing objects when they are already in the database. This may result in upgrade problems if the existing object contains configuration that is no longer supported in a new version. Therefore the following list contains a summary of changes to the initial objects in this midPoint release. The complete new set of initial objects is in the config/initial-objects directory in both the source and binary distributions. Although any problems caused by the change in initial objects is unlikely to occur, the implementors are advised to review the following list and assess the impact on case-by-case basis: 

  • TODO
  • 000-system-configuration.xml: Case and workitem views, expression profile, misc logging/tracing changes
  • 010-value-policy.xml, 015-security-policy.xml: Removing deprecated elements
  • 040-role-enduser.xml, 041-role-approver.xml: updates requires for new approval mechanisms
  • 020-archetype-system-user.xml, 021-archetype-system-role.xml, 022-archetype-business-role.xml, 023-archetype-manual-provisioning-case.xml, 024-archetype-operation-request.xml, 025-archetype-approval-case.xml, 026-archetype-trace.xml: default archetype definitions
  • 070-task-validity.xml: Update to current (non-deprecated) schema
  • 090-report-audit.xml, 100-report-reconciliation.xml, 110-report-user-list.xml, 130-report-certification-definitions.xml, 140-report-certification-campaigns.xml, 150-report-certification-cases.xml, 160-report-certification-decisions.xml: Corrected encoding of Jasper report definition (it was base64-encoded twice), updating the definition to current schema (non-deprecated elements), updated report definition to reflect changes in Prism API
  • 250-object-collection-resource-all.xml, 260-object-collection-task-all.xml, 270-object-collection-task-active.xml, 280-object-collection-resource-up.xml, 290-object-collection-audit-errors.xml, 300-object-collection-audit-modifications.xml, 330-object-collection-my-cases.xml: default object collections
  • 310-dashboard-admin.xml: default system administration dashboard (experimental)

Bundled connector changes since 4.0

  • LDAP ad AD connectors were upgraded to the latest available version 3.0. This is a major connector release and it brings some non-compatible changes.
    • Powershell scripting is no longer a part of AD connector. Use of Powershell is still possible by combining AD connector and Powershell connector. See Active Directory connector page for details.
    • Configuration property baseContextsToSynchronize was renamed to baseContextToSynchronize.
  • CSV connector was upgraded to the latest version.

Behavior Changes Since 4.0

  • Property publicHttpUrlPattern is used in System Configuration Object to create links in notifications. Property defaultHostname was used for this purpose before.
  • Changes in mapping evaluation ( MID-5953 - Getting issue details... STATUS , MID-6040 - Getting issue details... STATUS ).
  • Change in Users in Midpoint report. Re-import of report definition is needed ( MID-5908 - Getting issue details... STATUS ).
  • Following expression variables are still deprecated: user, account, shadow. These variables will be removed soon. Please change your script to use focus a projection variables instead.
  • Property subtype is still deprecated. It will be removed soon. Please change your configuration to use archetypes instead.

Public Interface Changes Since 4.0

  • Prism API was changes in several places. However, this is not yet stable public interface therefore the changes are are not tracked in details.
  • There were changes to the IDM Model Interface (Java). Please see source code history for details.
  • IDM Model Web Service Interface (SOAP) is deprecated. SOAP will be removed soon.

Important Internal Changes Since 4.0

These changes should not influence people that use midPoint "as is". These changes should also not influence the XML/JSON/YAML-based customizations or scripting expressions that rely just on the provided library classes. These changes will influence midPoint forks and deployments that are heavily customized using the Java components.

  • There were changes in internal code structure, most notably changes in Prism and GUI. Heavy customizations of midPoint 4.0.x may break in midPoint 4.1.

Known Issues and Limitations

As all real-world software midPoint 4.1 has some known issues. Full list of the issues is maintained in jira. As far as we know at the time of the release there was no known critical or security issue.

There is currently no plan to fix the known issues of midPoint 4.1 en masse. These issues will be fixed in future maintenance versions of midPoint only if the fix is covered by a support agreement or subscription. No other issues will be fixed - except for severe security issues that may be found in the future.

The known issues of midPoint 4.1 may or may not be fixed in following maintenance releases or in midPoint 4.2. This depends on the available time, issue severity and many variables that are currently difficult to predict. The only reliable way how to make sure that an issue is fixed is to purchase midPoint support. Or you can fix the bug yourself. MidPoint is always open to contributions.

This may seem a little bit harsh at a first sight. But there are very good reasons for this policy. And in fact it is no worse than what you get with most commercial software. We are just saying that with plain language instead of scrambling it into a legal mumbo-jumbo.

Some of the known issues are listed below:

  • There is a support to set up storage of credentials in either encrypted or hashed form. There is also unsupported and undocumented option to turn off credential storage. This option partially works, but there may be side effects and interactions. This option is not fully supported yet. Do not use it or use it only at your own risk. It is not included in any midPoint support agreement.
  • Native attribute with the name of 'id' cannot be currently used in midPoint ( MID-3872 - Getting issue details... STATUS ). If the attribute name in the resource cannot be changed then the workaround is to force the use of legacy schema. In that case midPoint will use the legacy ConnId attribute names (icfs:name and icfs:uid).

Disclaimer

Planned release dates are just that: they are planned. We do not promise or guarantee release dates. Software development is a creative activity that includes a lot of inherent risk. We are trying really hard to provide the best estimates. We are not able to provide precise dates for releases or deliveries. Do not rely on midPoint release dates. Plan your project properly to address the risk of delayed midPoint releases.

Planned scope of midPoint releases is also an estimate. MidPoint development process always includes the balancing of the iron triangle. Therefore planned release scope may change at any time. There is a method to make sure that midPoint releases will work well for your project and that method is platform subscription.

We do not make any claims that midPoint is perfect. Quite the contrary. MidPoint is a practical software, developed by living and breathing developers and deployed in a real world. There are both known and unknown issues in midPoint. Also, midPoint is not feature-complete. New features are introduced in midPoint all the time. But not all of them are completed. There are always some limitations. As the license states, midPoint is provided "AS IS". Please do not rely on midPoint functionality that you have not tested to make sure that it works. MidPoint support and subscription programs are a way how to handle those issues. But even with support service, do not rely on functionality that is not documented. If you plan to use undocumented or non-existing functionality, platform subscription is the right service for you.

See Also

  • No labels