Release note

nevisIDM 2.75.18.??? LTS - 15.11.2023

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.18.5783757299	2.75.0	3.x

General changes and new features

General/Core

• NEW: Added ch.nevis.idm.restException and ch.nevis.idm.soapException logs to log all exceptions on REST and SOAP interfaces. (NEVISIDM-9014)

nevisIDM 2.75.17.5783757299 LTS - 16.08.2023

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.17.5783757299	2.75.0	3.x

General changes and new features

• UPDATED: We upgraded Guava to 32.0.1.(NEVISIDM-8982)
• UPDATED: We upgraded netty to 4.1.94.Final.(NEVISIDM-8982)

General/Core

Upgrading from nevisIDM 2.75.15.x

Step 1: Installation

Install the packages of nevisIDM 2.75.17.5783757299 on the server.

Step 2: Configuration files

No changes.

Step 3: Database

No changes.

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.16.4720698322 LTS - 17.05.2023

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.16.4720698322	2.75.0	3.x

General changes and new features

• UPDATED: We updated Spring to 5.2.24.RELEASE. (NEVISIDM-8850)

General/Core

Upgrading from nevisIDM 2.75.15.x

Step 1: Installation

Install the packages of nevisIDM 2.75.16.4720698322 on the server.

Step 2: Configuration files

No changes.

Step 3: Database

No changes.

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.15.3993822233 LTS - 15.02.2023

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.15.x	2.75.0	3.x

General changes and new features

General/Core

• UPGRADED: We upgraded netty to 4.1.86.Final. (NEVISIDM-8588)
• UPGRADED: We upgraded Azure Servicebus to 7.13.0. (NEVISIDM-8596)

Upgrading from nevisIDM 2.75.14.x

Step 1: Installation

Install the packages of nevisIDM 2.75.15.? on the server.

Step 2: Configuration files

No changes.

Step 3: Database

No changes.

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmclpackage on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.14.3347558647 LTS - 16.11.2022

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.14.3347558647	2.75.0	3.x

General changes and new features

General/Core

• UPGRADED: We upgraded Woodstox to 6.4.0. (NEVISIDM-8483)
• UPGRADED: We upgraded Apache CXF to 3.5.5. (NEVISIDM-8589)
• UPGRADED: We upgraded Apache Commons Text to 1.10.0. (NEVISIDM-8457)
• REMOVED: We removed the com.microsoft.azure:azure-servicebus library. (NEVISIDM-8121)
• NEW: We added the com.azure:azure-messaging-servicebus library with version 7.10.1. (NEVISIDM-8121)

Upgrading from nevisIDM 2.75.13.x

Step 1: Installation

Install the packages of nevisIDM 2.75.14.? on the server.

Step 2: Configuration files

No changes.

Step 3: Database

No changes.

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmclpackage on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.13.2780202234 LTS - 17.08.2022

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.13.2780202234	2.75.0	3.x

General changes and new features

General/Core

• UPGRADED: jetty is upgraded to 9.4.48.v20220622. (NEVISIDM-8219)
• UPGRADED: The Apache commons-configuration2 dependency is upgraded to 2.8.0.
• UPGRADED: The transitive dependency gson is upgraded to 2.8.9. (NEVISIDM-8230)
• REMOVED: The unused transitive dependency Xalan is removed. (NEVISIDM-8259)

Upgrading from nevisIDM 2.75.12.x

Step 1: Installation

Install the packages of nevisIDM 2.75.13.2780202234 on the server.

Step 2: Configuration files

No changes.

Step 3: Database

No changes.

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.12.2270117194 LTS - 18.05.2022

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.12.2270117194 LTS	2.75.0	3.x

General changes and new features

General/Core

• UPGRADED: The jdom dependency is upgraded to jdom2. (NEVISIDM-8022)
• UPGRADED: The nevisAuth dependency is upgraded to 4.35.0.1. (NEVISIDM-8022)
• UPGRADED: The CXF dependency is upgraded to 3.5.1 (NEVISIDM-8023)
• UPGRADED: The Artemis dependency is upgraded to 2.19.1. (NEVISIDM-8024)
• UPGRADED: The netty dependency is upgraded to 4.1.74.Final. (NEVISIDM-8020)
• UPGRADED: The xmlbeans dependency is upgraded to 3.1.0. (NEVISIDM-7413)
• UPGRADED: The xmlsec dependency is upgraded to 2.3.0. (NEVISIDM-7413)
• UPGRADED: The Spring dependency is upgraded to 5.2.21.RELEASE. (NEVISIDM-8095)
• UPGRADED: The transient jgroups dependency is now excluded from the Artemis dependency. (NEVISIDM-8018)

Upgrading from nevisIDM 2.75.12.2270117194

Step 1: Installation

Install the packages of nevisIDM 2.75.12.2270117194 LTS on the server.

Step 2: Configuration files

No changes

Step 3: Database

No Changes

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.11.1717866455 LTS - 16.02.2022

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.11.1717866455	2.75.0	3.x

General changes and new features

General/Core

• UPGRADED: Log4j version is upgraded to 1.2.17. (NEVISIDM-7922)
• REMOVED: The supplied log4j version 1.2.17 is patched to remove vulnerable classes org/apache/log4j/net/JMSAppender.class and org/apache/log4j/net/SocketServer.class. (NEVISIDM-7922)

Upgrading from nevisIDM 2.75.10.x

Step 1: Installation

Install the packages of nevisIDM 2.75.11.1717866455 on the server.

Step 2: Configuration files

No changes.

Step 3: Database

No changes.

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server, and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.10.1443938736 LTS - 17.11.2021

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.10.1443938736	2.75.0	3.x

Breaking changes

• CHANGED: If you use nevisAdmin 4, you have upgrade the Standard Patterns. (NEVISADMV4-7752)

General changes and new features

General/Core

• UPGRADED: OWASP CSRFGuard is upgraded to 4.0.0. If you face problem clear browser cache. (NEVISIDM-7626)

Upgrading from nevisIDM 2.75.9.x

Step 1: Installation

Install the packages of nevisIDM 2.75.10.1443938736 on the server.

Step 2: Configuration files

No changes.

Step 3: Database

No Changes.

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server, and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.9.1079055471 LTS - 18.08.2021

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.9.1079055471	2.75.0	3.x

General changes and new features

General/Core

• FIXED: The IdmGetPropertiesState did not fetch the profile indicated by its property chooseProfileFromSession in all cases. This bug is now fixed. (NEVISIDM-7501)
• FIXED: The transaction timeout was sometimes logged in the log file as 30 seconds (the default value), even though you had set the timeout differently (for example, to 60 seconds). This bug is fixed. From now on, the configured timeout appears in the log file. (NEVISIDM-7574)
• FIXED: Property value changes were not audited correctly. This bug is now fixed. (NEVISIDM-7533)

Configuration

• NEW: The nevisidm-prod.properties configuration file contains the new property application.cache.permission.unit. You can use this property to define whether the unitIds are cached during user session creation. If the property is set to "false", the unitIds are not cached during session creation, but fetched each time they are needed. (NEVISIDM-7518)
• CHANGED: The properties login.service.connection and admin.service.connection must be configured for all nevisIDM AuthStates. You can use the propertyRef feature to refer to an existing configuration. For more information, see the chapter "Properties shared among all nevisIDM authentication plug-ins" in the nevisIDM reference guide. (NEVISIDM-7498)

Upgrading from nevisIDM 2.75.8.x

Step 1: Installation

Install the packages of nevisIDM 2.75.9.1079055471 on the server.

Step 2: Configuration files

No changes.

Step 3: Database

No changes.

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

1. Remove the software packages of the old nevisIDM release from the server.
2. Restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.8.774415490 LTS - 19.05.2021

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.8.820524052	2.75.0	3.x

General changes and new features

General/Core

• NEW: The following languages are now available: Bihari languages, Hebrew, Indonesian, Yiddish. Use the language code iw for Hebrew, in for Indonesian, and ji for Yiddish. (NEVISIDM-7452)
• CHANGED: Connection pooling between nevisAuth and nevisIDM is improved. (NEVISIDM-7457)
• FIXED: The bug is fixed where the SMS template did not resolve user-related placeholders. (NEVISIDM-7430)
• FIXED: The bug is fixed where the properties of type enum were not indexed for the query service. (NEVISIDM-7479)
• FIXED: The bug is fixed where the fingerprint of certificates was not checked properly. (NEVISIDM-7497)

Web GUI

• FIXED: A bug is fixed that caused wrong sorting of available Property values. (NEVISIDM-7445)
• FIXED: A bug is fixed that caused wrong sorting of the Gender and Technical userselection on the User search screen for French and Italian GUI versions. (NEVISIDM-7453)
• FIXED: A bug is fixed that caused wrong sorting of the Assigned token selection on the Vasco administration screen for French and Italian GUI versions. (NEVISIDM-7453)

Upgrading from nevisIDM 2.75.7.x

Step 1: Installation

Install the packages of nevisIDM 2.75.8.820524052 on the server.

Step 2: Configuration files

No changes.

Step 3: Database

No changes.

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

1. Remove the software packages of the old nevisIDM release from the server.
2. Restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances connected the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.7.537519197 LTS - 17.02.2021

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.7.537519197	2.75.0	3.x

Breaking changes

• CHANGED: The login ID generator can now generate the loginId during user creation on the REST interface, if no ID value is provided and the generator is enabled. If the caller wants to override the generated loginId,by providing a value for it in the request, the caller needs the right AccessControl.LoginIdOverride. (NEVISIDM-7374)

General changes and new features

General/Core

• CHANGED: Provisioning messages are now paged to disk, when the size of all messages in the memory for a specific address exceeds the maximum size. (NEVISIDM-7355)
• CHANGED: The country list is updated. (NEVISIDM-7350)
• CHANGED: URL tickets can no longer end with dots. (NEVISIDM-7307)
• KNOWN BUG: There is a bug in the underlying OpenOffice used by adnooprint 1.1.0.0, which causes a memory leak. As a workaround it is recommended restarting adnooprint periodically with a cron job. (NEVISIDM-5525)

More Information

For more information on the underlying bug, see Issue 41675 - memory leak while converting](https://bz.apache.org/ooo/show_bug.cgi?id=41675)".

Web GUI

• FIXED: The bug where URL parameters could not be parsed due to an exception in the language resolution logic. (NEVISIDM-7335)
• FIXED: The issue with the ordering of drop-down menus. Now, the elements of a drop-down menu are sorted alphabetically (instead of randomly). (NEVISIDM-6675)

Configuration

• NEW: Thenevisidm-prod.properties file contains the new configuration parameter security.web.hsts.enabled. This new parameter adds the Strict-Transport-Security response header to requests. Its default value is "true". (NEVISIDM-7295)

More Information

For more information on the new parameter, see the chapter Configuration Files]".

Upgrading from nevisIDM 2.75.6.x

Step 1: Installation

Install the packages of nevisIDM 2.75.7.537519197 on the server.

Step 2: Configuration files

No changes

Step 3: Database

No changes

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.6.347577359 LTS - 18.11.2020

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.6.347577359	2.75.0	3.x

General changes and new features

General/Core

• NEW: The separate nevisIDM Integration Guide now includes documentation and example source code on how to write external batch jobs. (NEVISIDM-6636)
• CHANGED: From now on, nevisIDM only restores event queues at startup if the configuration parameter application.modules.event.autostartup.enabled is set to "true". (NEVISIDM-7267)
• FIXED: The bug where the wrong authentication type was indicated in the log message in case of an unsuccessful login. (NEVISIDM-7162)
• FIXED: The bug that prevented authentication with SAML assertions. (NEVISIDM-7183)
• FIXED: The bug where transaction timeout did not work in some cases. (NEVISIDM-7220)
• FIXED: The bug in the single-client inconsistency check. From now on, the check no longer considers authorizations of the special nevisIDM roles SelfAdmin and TechUser. (NEVISIDM-7243)
• REMOVED: The nevisIDM command reinit batchhas been removed. From now on, nevisIDM automatically refreshes the batch context when modifying the configuration file. (NEVISIDM-7166)

Web GUI

• FIXED: The bug where Ecuador was not displayed correctly in the country drop-down menu. (NEVISIDM-7257)
• FIXED: The bug where the user history page showed a huge amount of data. (NEVISIDM-7252)
• FIXED: The bug concerning the custom property validation in case of blank values. (NEVISIDM-7224)

Configuration

• NEW: There is a new configuration parameter server.auth.ninja.log-debug, which enables the debugging of the Ninja login module. (NEVISIDM-7176)
• NEW: It is now possible to configure the transaction timeout, with the new configuration parameter database.transaction.timeout. (NEVISIDM-7220)
• CHANGED: The location of the default temporary directory has been changed from /tmp to /var/opt/nevisidm/{instance_name}/tmp. (NEVISIDM-7168)
• REMOVED: The configuration property application.feature.envers.enabled has been removed. As the feature behind it (Envers) has also been removed, the property has become useless. (NEVISIDM-7169)

Upgrading from nevisIDM 2.75.5.x

Step 1: Installation

Install the packages of nevisIDM 2.75.6.347577359 on the server.

Step 2: Configuration files

No changes

Step 3: Database

No changes

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.5.205151960 LTS - 19.08.2020

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.5.205151960	2.75.0	3.x

General changes and new features

General/Core

• FIXED: The bug where the nowLocked transition of the IdmPasswordVerifyState was not triggered correctly has been fixed. The IdmPasswordVerifyState now returns a nowLocked transition if the credential was locked in the current authentication attempt (only if the nowLocked transition is configured in the state, otherwise it returns locked). (NEVISIDM-6865)
• FIXED: The bug where the nevisidm status command erroneously required sudo. (NEVISIDM-6952)
• FIXED: The bug where the expiration and dead letter messaging queues were not configured for standalone deployment. (NEVISIDM-6991)

Web GUI

• FIXED: The bug regarding the sorting of users and policies in the Admin GUI. (NEVISIDM-7059)
• FIXED: The bug where the drop-down selection got lost when you selected a unit during user creation. (NEVISIDM-6676)
• FIXED: The bug where the unit search in the classic mode did not work correctly from the second page onwards. (NEVISIDM-7134)

Database

• FIXED: The bug that caused the procedure DELETE_CREDENTIAL_HISTORY to not work correctly. The procedure is now adapted to the latest database schema. See the upgrading section below for further information. (NEVISIDM-6997)

Web services

• CHANGED: Violated password policies are now included in the error messages. (NEVISIDM-6774)

Configuration

• NEW: It is now possible to configure the size of the request and response headers, via the new server.max-http-header-size property (nevisidm-prod.properties configuration file). (NEVISIDM-6966)

Upgrading from nevisIDM 2.75.4.x

Step 1: Installation

Install the packages of nevisIDM 2.75.5.205151960 on the server.

Step 2: Configuration files

No changes

Step 3: Database

If the procedure DELETE_CREDENTIAL_HISTORY is used, you need to recreate the procedure to match the current database schema.

Oracle

Connect to the database as DBOWNER (defaults to UIDM01) with sqlplus. Execute the following SQL script:

SQL> @/opt/nevisidm/sql/oracle/nevisidm_delete_client_history_oracle.sql

MySQL

Connect to the database as DBOWNER (defaults to UIDM01). Execute the following SQL script:

$> mysql -uUIDM01 -p<db owner password> UIDM01 nevisidm < /opt/nevisidm/sql/oracle/nevisidm_delete_client_history_oracle.sql

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.4.18 LTS - 20.05.2020

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.4.18	2.75.0	3.x

General changes and new features

General/Core

• KNOWN BUG: No dead letter address and no expiry queue is currently configured in the messaging. The corresponding warnings AMQ222165 and AMQ222166 may occur in the application log. (NEVISIDM-6874)
• CHANGED: From now on, the IdmCreateUserState loads the client external ID (clientExtId) and the client name (clientName) in the user DTO of the session, if the loadUser flag is set to "true". (NEVISIDM-6852)
• FIXED: The bug with the blocking messaging queue when the default maximum disk usage of 90% was reached. From now on, writing to the messaging queue will fail when the maximum disk usage threshold of 99% is reached. In case of any failure with the provisioning, the system will write an error message in the application.log file. (NEVISIDM-6813)

Web GUI

• FIXED: The bug where the GUI did not show all fields with fine-grained permissions. (NEVISIDM-6714)

Database

• FIXED: The bug where the database patch with version 2.70 erroneously modified the history tables of authorizations and enterprise authorizations. (NEVISIDM-6820)

Web Services

• FIXED: The bug concerning the nevisidm-ws-client.jar file, which contained duplicated WSDL files. (NEVISIDM-6728)
• FIXED: The bug where the web services did not accept unknown SOAPAction headers. From now on, nevisIDM no longer evaluates the SOAPAction header and ignores its value. (NEVISIDM-6710)

Upgrading from nevisIDM 2.75.3.x

Step 1: Installation

Install the packages of nevisIDM 2.75.4.18 on the server.

Step 2: Configuration filesNo changes

Step 3: DatabaseNo Changes

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.3.6 LTS - 19.02.2020

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.3.6	2.75.0	3.x

General changes and new features

General/Core

• FIXED: The issue where device password credentials were not properly locked after reaching the maximum attempt counter. (NEVISIDM-6261)
• FIXED: The issue with the initialization vector randomness. Now the initialization vector is chosen at random for every new encryption. This deprecates the property security.properties.iv.(NEVISIDM-5916).
• DEPRECATED: The support for custom batch jobs has been deprecated. As a replacement, you could use an external job scheduler (for example, Cron), which accesses nevisIDM via the official nevisIDM API's. Another option is to extract the required JAR files from the nevisIDM package to compile existing custom batch jobs.

Web GUI

• FIXED: The issue where the Event queue manager screen did not load because of too many events. (NEVISIDM-5633)
• FIXED: The issue where the Unit Search Tree was not loaded on the first request. (NEVISIDM-6236)
• FIXED: The issue where the application drop-down list was larger than the Assign clients to application screen when the display name of one of the applications was too long. (NEVISIDM-5919)
• FIXED: The issue with the incorrectly encoded reference data. (NEVISIDM-6408).
• FIXED: The issue where Internet Explorer used older versions in compatibility mode, which broke the layout. The system now enforces version 11+ in compatibility mode. (NEVISIDM-6411)

Rest API

• NEW: New REST services for enterprise roles and enterprise roles authorizations are now available. For more details, see the separate REST API documentation. (NEVISIDM-6275)
• NEW: The Roles endpoint of the Profiles REST service now also returns roles assigned over enterprise roles. (NEVISIDM-6176)

Database

• FIXED: The issue where the creation of VIDMH_UNIT_UNIQUE was skipped at migration when you used Oracle. (NEVISIDM-6281)

Known bugs

Web GUI

• KNOWN BUG: The Status servlet does not return the database version when the database is already patched to version 3.1. (NEVISIDM-6358)

Database

• KNOWN BUG: In case of a MariaDB database, the column INSTALL_END_DAT of the table TIDMA_DB_VERSION_LOG is not written by the command nevisidmdb patch**.This has no further functional impact. (NEVISIDM-6224)

Upgrading from nevisIDM 2.75.1.x

Step 1: Installation

Install the packages of nevisIDM 2.75.3.6 on the server.

Step 2: Configuration files

No changes.

Step 3: Database

No changes.

Execution: Restart the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.

nevisIDM 2.75.1.34 LTS - 20.11.2019

Initial Long Term Support Release

Highlights

We are pleased to present nevisIDM 2.75.

• Read the upgrade notes for important information about this release.
• See the full list of resolved issues below.

Terms and Conditions

A new concept for terms and conditions management has been introduced. nevisIDM is able to administrate information about terms and conditions. In addition user consent information regarding accepted terms and conditions, including the version and acceptance date, is kept track of. For further information see the chapters [Terms and conditions].

Database schema requirement

Application version	Minimal required database schema version	Maximal supported database schema version
2.75.1.34	2.75.0	3.x

Breaking changes

• NEW: New web service with version 44 has been introduced where the default client dataroom is not automatically added to authorizations of nevisIDM roles. (NEVISIDM-5819)
• For MariaDB installations: The file idm_call_reset_autoincrement.sql is not needed anymore. The init-file parameter must be removed from the MariaDB configuration.
• For Oracle installations: The root database password will require an upgrade. Make sure a logon trigger is created before updating the application or the database schema. For further information refer to the [upgrade chapter].

General changes and new features

General/Core

• DEPRECATED: Adnwildfly has been deprecated. Support will be removed in release 2.76.
• CHANGED: The password credential of the bootstrap user expires on 2020-01-01. The database patch extends the validity from 2020-01-01 to 2030-01-01. (NEVISIDM-5955)
• CHANGED: Top level domain list was updated to version 2019090400. (NEVISIDM-6043)
• CHANGED: Generated URL tickets no longer contain dashes (-). This provides out-of-the-box ModSecurity Paranoia Level II compatibility. (NEVISIDM-5918)
• FIXED: The bug where nevisidmdb with MariaDB required sudo or root rights. (NEVISIDM-5804)
• FIXED: The performance issue with the dataroom check in single client mode. (NEVISIDM-5947)
• FIXED: The bug where the Lucene index regarding dict entries was not updated properly when an entity containing dict entries (client, application, or unit) was created. (NEVISIDM-5417)
• FIXED: The bug where the batch job SingleClientDataConsistencyJobincorrectly added default client datarooms. The batch job now only adds the default client dataroom to authorizations of nevisIDM roles which have no global client dataroom. (NEVISIDM-6099)
• FIXED: The bug where the deletion of OATH, SAML federation and FIDO UAF credentials was not audited correctly. (NEVISIDM-6011).
• FIXED: The bug where an invalid init.d folder was added to the nevisidm instance folder. The invalid template directory init.d has now been removed from the nevisidm instance folder. (NEVISIDM-5855).

Web services

• NEW: Web service versions can now be selectively enabled with the configuration webservice.versions to speed up the deployment start-up time of nevisIDM. For newly created standalone instances, only the latest and previous web service versions will be enabled by default. For further information refer to the reference guide. (NEVISIDM-6004)
• CHANGED: The userUpdate SOAP call no longer copies the user state to the profile states. (NEVISIDM-5802)

Rest API

• NEW: New REST services for administering terms and conditions have been released. See the separately available REST API documentation for more details. (NEVISIDM-6104)
• NEW: Added REST request logging to the Wildfly standalone.xml template. (NEVISIDM-5899)
• CHANGED: Null and empty values (including nested objects) are now excluded in all REST responses. (NEVISIDM-5853)
• FIXED: The bug regarding default profile creation. Now, the first profile created for a user will automatically become the default profile. (NEVISIDM-5949)

Database

• NEW: nevisIDM now also supports Oracle database version 19c. (NEVISIDM-5979)
• NEW: Reference data for Nevis Mobile Authentication is now available. (NEVISIDM-5899)
• CHANGED: For Oracle databases: All synonyms have been dropped and replaced with a logon trigger. For further information refer to the upgrade chapter. (NEVISIDM-5956)
• REMOVED: The file idm_call_reset_autoincrement.sql is not needed anymore. Make sure to remove the init-file parameter from the MariaDB configuration. (NEVISIDM-5957)
• REMOVED: The tables TIDMR_COUNTRY and TIDMR_STATE have been removed. (NEVISIDM-6009)
• REMOVED: The technical attributes from the TIDMA_PERSIST_QUEUE table have been removed. (NEVISIDM-6158)

Upgrading from nevisIDM 2.74.0.x

Step 1: Installation

Install the packages of nevisIDM 2.75.0.510 on the server.

Step 2: Configuration files

No changes

Step 3: Database

Preparation: Stop the nevisIDM instance. Execution: Patch the DB of nevisIDM 2.74.x.x to 2.75.0.510. Therefore, perform the following steps: Oracle

1. Create a logon trigger. The logon trigger is required to set the current schema of the user to the database owner when connecting to the database.

• Connect to the database with system user:

$> nevisidmdb sqlplus <system>

Execute the following SQL statement by replacing the database owner and user name accordingly. Note that the db owner name defaults to UIDM01 and the db user name defaults to UIDM02:

SQL> CREATE OR REPLACE TRIGGER <db user name>.after_logon_trg AFTER LOGON ON <db user name>.SCHEMA
BEGIN
 EXECUTE IMMEDIATE 'ALTER SESSION SET CURRENT_SCHEMA = <db owner name>';
END;
/

1. On the server's terminal, execute the command below. Note that the db owner name defaults to UIDM01 and the db user name defaults to UIDM02.

$> nevisidmdb patch 2.74.0 2.75.0 <db owner name> <db owner password> <db user name> <db user password>

3. Recommendation: Refresh the DB statistics and flush the shared pool with the old query plans. Thus, the Oracle DB creates new query plans that are optimized for the upgraded nevisIDM data model.

4. Optional: Check for invalid DB objects. Proceed as follows:

• Connect to the database as DBOWNER (defaults to UIDM01) with sqlplus.
• Search for invalid DB objects (such as db_user or db_owner):

SQL> select OBJECT_NAME, OBJECT_TYPE from user_objects where status = 'INVALID';

• Generate a script to recompile invalid objects:

SQL> Select decode( object_type, 'PACKAGE BODY', 'ALTER PACKAGE ' || OBJECT_NAME ||
' COMPILE BODY;','ALTER ' || OBJECT_TYPE || ' ' || OBJECT_NAME || ' compile;' )
from user_objects where status = 'INVALID' order by object_type;

• Execute the generated script.

The nevisIDMpatchdbscripts are tested for invalid objects. If everything is correct, no invalid objects should be created.*Some invalid objects are *automatically recompiled when you first access them. So in terms of corruption, they are not really invalid.

MariaDB

1. On the server's terminal, execute the command below. Note that the db owner name defaults to UIDM01:

$> nevisidmdb patch 2.74.0 2.75.0 <db owner name> <db owner password>

2. Remove the init-file parameter for idm_call_reset_autoincrement.sql from the MariaDb configuration.

Post-processing: Start the nevisIDM instance.

Step 4: Cleanup

Remove the software packages of the old nevisIDM release from the server and restart the affected nevisIDM instances.

Step 5: nevisAuth configuration

1. Install the new nevisidmcl package on all nevisAuth instances that connect to the upgraded nevisIDM instance.
2. Restart the affected nevisAuth instances.