Release 3.7 is a twenty third midPoint release code-named Darwin. The 3.7 release brings new deployment model and numerous gradual improvements. There are improvements of identity governance features, improvements of user interface and internal improvements.
Release date: 18th December 2017
Charles Darwin (1809 - 1882) was English naturalist, geologist and biologist, best known for the theory of evolution. Darwin's famous book On the Origin of Species described theory of evolution, mechanism of natural selection that explains the diversity of life. His voyage on HMS Beagle established him as an eminent geologist and made him famous as a popular author. Darwin has been described as one of the most influential figures in human history.
Darwin's theory of evolution is the unifying theory of the life sciences. The theory describes the process how species evolve and adapt over successive generations. MidPoint 3.7 is such an evolutionary step in midPoint development. This midPoint release brings gradual improvements in many diverse areas. Identity governance features are improved, both in capabilities of the engine and the user interface. MidPoint expressions have gained more power and ease of use. There are notable improvements in user interface, security, task management and many smaller improvements in various areas. The scope of almost the entire release was guided by midPoint subscribers and sponsors - which provided the perfect environment for this step in midPoint evolution.
Majority of the work on the Darwin release was done by the Evolveum team. However, this release would not be possible without the help of our partners, customers, contributors, friends and families. We would like to express our thanks to all the people that contributed to the midPoint project both by providing financial support, their own time or those that maintain a pleasant and creative environment for midPoint team. However, midPoint project would not exist without proper funding. Therefore we would like to express our deepest gratitude to all midPoint subscribers that made midPoint project possible.
midPoint 3.7 provides following features:
Java 7 environment is no longer supported.
XPath2 scripting is no longer supported.
Old CSVFile Connector is deprecated and it is no longer bundled with midPoint.
Support for PostgreSQL 8.4 is deprecated. The support will be dropped in the future.
Oracle database 11g support is deprecated in midPoint 3.7. This will be replaced for Oracle 12c database support in midPoint 3.8.
Support for Microsoft SQL Server 2008 and 2008 R2 is deprecated. The support will be dropped in the future.
Release 3.7 (Darwin) is intended for full production use in enterprise environments. All features are stable and well tested - except the features that are explicitly marked as experimental or partially implemented. Those features are supported only with special subscription and/or professional services contract.
MidPoint is known to work well in the following deployment environment. The following list is list of tested platforms, i.e. platforms that midPoint team or reliable partners personally tested with this release. The version numbers in parentheses are the actual version numbers used for the tests. However it is very likely that midPoint will also work in similar environments. Also note that this list is not closed. MidPoint can be supported in almost any reasonably recent platform (please contact Evolveum for more details).
Currently there are no plans to remove support for deployed midPoint installation using a WAR file. However, it is possible that this deployment form will get phased out eventually unless there are active subscribers preferring this deployment method. MidPoint subscription is strongly recommended if you plan to use this method in the future.
Recent version of browser as mentioned above means any stable stock version of the browser released in the last two years. We formally support only stock, non-customized versions of the browsers without any extensions or other add-ons. According to the experience most extensions should work fine with midPoint. However, it is not possible to test midPoint with all of them and support all of them. Therefore, if you chose to use extensions or customize the browser in any non-standard way you are doing that on your own risk. We reserve the right not to support customized web browsers.
Microsoft Internet Explorer compatibility mode is not supported.
|ConnId||126.96.36.199||ConnId Connector Framework|
|LDAP connector bundle||1.5.1||LDAP, Active Directory and eDirectory connector|
|CSV connector||2.1||Connector for CSV files|
|DatabaseTable connector||188.8.131.52||Connector for simple database tables|
MidPoint 3.7 deployment method has changed. Stand-alone deployment is now the default deployment method. MidPoint default configuration, scripts and almost everything else was adapted for this method.
|Installing midPoint v3.7|
MidPoint is software that is designed for easy upgradeability. We do our best to maintain strong backward compatibility of midPoint data model, configuration and system behavior. However, midPoint is also very flexible and comprehensive software system with a very rich data model. It is not humanly possible to test all the potential upgrade paths and scenarios. Also some changes in midPoint behavior are inevitable to maintain midPoint development pace. Therefore we can assure reliable midPoint upgrades only for midPoint subscribers. This section provides overall overview of the changes and upgrade procedures. Although we try to our best it is not possible to foresee all possible uses of midPoint. Therefore the information provided in this section are for information purposes only without any guarantees of completeness. In case of any doubts about upgrade or behavior changes please use services associated with midPoint subscription or purchase professional services.
Upgrade path from MidPoint 3.0 goes through midPoint 3.1, 3.1.1, 3.2, 3.3, 3.4.1, 3.5.1 and 3.6.1. Upgrade to midPoint 3.1 first (refer to the midPoint 3.1 release notes). Then upgrade from midPoint 3.1 to 3.1.1, from 3.1.1 to 3.2 then to 3.3, then to 3.4.1, 3.5.1, 3.6.1 and finally to 3.7.
MidPoint 3.7 data model is essentially backwards compatible with both midPoint 3.6 and midPoint 3.6.1. However as the data model was extended in 3.7 the database schema needs to be upgraded using the usual mechanism. There are a few points to highlight that are related to database structure upgrade:
/config/sql/_all/directory (along with changes in midPoint own tables).
taskIdentifieritem has now a uniqueness constraint: it is possible (although quite unlike) that database migration script would fail when it tries to introduce the constraint. In such cases it is necessary to delete conflicting tasks and then continue with updating the database.
MidPoint 3.7 is a release that fixes some issues of previous versions. Therefore there are some changes that are not strictly backward compatible.
varsubdirectory of the installation directory.
midpointpath prefix is dropped. Therefore URL that used to be
is now just
logsubdirectory of midPoint home directory. The default log file was changed from
midpoint.log. However, please note that if you have existing logging configuration in system configuration object, that configuration will be still used after upgrade. Upgrade process does not change that automatically. It needs to be updated manually.
EvaluatedPolicyRuleTriggerType) is now deprecated and partially replaced by
assignment.triggeritem was automatically computed and took a considerable amount of storage space. So, in 3.7, after each model operation on a focal object, the
assignment.triggeris automatically erased. Therefore these values will be gradually removed. If you want to remove them at once, you can either execute e.g. recomputation of all affected objects or write a custom bulk action to remove the values.
MidPoint has a built-in set of "initial objects" that it will automatically create in the database if they are not present. This includes vital objects for the system to be configured (e.g. role
superuser and user
administrator). These objects may change in some midPoint releases. But to be conservative and to avoid configuration overwrite midPoint does not overwrite existing objects when they are already in the database. This may result in upgrade problems if the existing object contains configuration that is no longer supported in a new version. Therefore the following list contains a summary of changes to the initial objects in this midPoint release. The complete new set of initial objects is in the
config/initial-objects directory in both the source and binary distributions. Although any problems caused by the change in initial objects is unlikely to occur, the implementors are advised to review the following list and assess the impact on case-by-case basis:
org.springframework.context.support.ResourceBundleMessageSourcelogger to error level. This solution has been applied to midPoint initial objects. However older midPoint deployment may need to set this logger manually.
midpoint.getChannel()to obtain the channel for the original request. It is not present when evaluating approval process preview (). Use new
task/executionConstraints/groupTaskLimitwas changed from
disallowedNodeare now deprecated (and ignored with warning). They are replaced by
node/taskExecutionLimitationsitem. See Node-sticky tasks HOWTO.
recordpolicy action for this.
is no longer available. If you used it in situation constraints, replace it by #assigned
#modified. But note that the new situation is triggered for both assignments and objects; therefore if you need to specify rules for assignments only please use
repo-ninjatool for emergency operations over midPoint repository. That tool was replaced with next-generation version of the tool called just
ninja. Development of this new tool is still work in progress, however, it is capable of an equivalent emergency operations as the old tool. Brief documentation is available at Ninja page.
thisObjectvariable is deprecated. The variable was too simplistic for use in complex use cases. Now the entire assignment path is exposed for use in the expressions. It is recommended to use assignment path instead of
These changes should not influence people that use midPoint "as is". These changes should also not influence the XML/JSON/YAML-based customizations or scripting expressions that rely just on the provided library classes. These changes will influence midPoint forks and deployments that are heavily customized using the Java components.
MappingTypedata type has been changed from property to container. Code that is changing mappings (e.g. deltas) needs to be updates.
There is a support to set up storage of credentials in either encrypted or hashed form. There is also unsupported and undocumented option to turn off credential storage. This option partially works, but there may be side effects and interactions. This option is not fully supported yet. Do not use it or use it only at your own risk. It is not included in any midPoint support agreement.
Native attribute with the name of 'id' cannot be currently used in midPoint (). If the attribute name in the resource cannot be changed then the workaround is to force the use of legacy schema. In that case midPoint will use the legacy ConnId attribute names (icfs:name and icfs:uid).
JavaDoc is temporarily not available due to the issue in Java platform. This issue is fixed in Java 9 platform, but backport of this fix to Java 8 is (quite surprisingly) not planned.
As all real-world software midPoint 3.7 has some known issues. Full list of the issues is maintained in jira. As far as we know at the time of the release there was no known critical or security issue.
There is currently no plan to fix the known issues of midPoint 3.7 en masse. These issues will be fixed in future maintenance versions of midPoint only if the fix is requested by midPoint subscriber. No other issues will be fixed - except for severe security issues that may be found in the future.
The known issues of midPoint 3.7 may or may not be fixed in midPoint 3.8. This depends on the available time, issue severity and many variables that are currently difficult to predict. The only reliable way how to make sure that an issue is fixed is to purchase midPoint subscription. Or you can fix the bug yourself. MidPoint is always open to contributions.
This may seem a little bit harsh at a first sight. But there are very good reasons for this policy. And in fact it is no worse than what you get with most commercial software. We are just saying that with plain language instead of scrambling it into a legal mumbo-jumbo.