Release notes - IBM® Security
Identity Governance and Administration Data Integrator 7.0.2.3
IBM
Security Identity Governance and Administration Data Integrator 7.0.2.3 is
available. Compatibility, installation, and other getting-started issues are
addressed.
Contents
Installation,
Configuration and Operation Notes
Installing this fix pack to Data Integrator v7.0.2
The following abbreviations are used in this document.
ISIGADI: IBM Security Identity Governance and Administration Data Integrator.
ITIM: IBM Tivoli Identity Manager. From the version 6.0, the product name is changed to IBM Security Identity Manager.
ISIM: IBM Security Identity Manager.
ISIG: IBM Security Identity Governance.
TDI: IBM Tivoli Directory Integrator.
The defects fixed in this fix pack are listed in Closed
Issues section.
|
Component |
Version |
|
Release Date |
April 29th, 2016 |
|
Version |
7.0.2.3 |
|
Installation Guide |
The installation procedures are described in the following TECH NOTE. See
Installing
this fix pack to ISIGADI v7.0.2 section to apply this fix pack to
ISIGADI v7.0.2, v7.0.2.1, or v7.0.2.2. |
|
Enhancement # (RFE) |
Description |
|
ISIGADI
v7.0.2.3 |
|
|
|
None |
|
ISIGADI
v7.0.2.2 |
|
|
|
None |
|
ISIGADI
v7.0.2.1 |
|
|
|
None |
|
ISIGADI
v7.0.2 |
|
|
IBM
Tivoli Identity Manager 5.1 is supported. |
|
|
ISIGADI
v7.0.1.1 |
|
|
ISIG
5.1.1 is supported. |
|
|
ISIGADI
v7.0.1 |
|
|
Entitlement
change fulfillment from ISIG to ISIM is supported. |
|
|
|
Script
files to start and stop TDI server and assembly line are provided. |
|
ISIGADI
v7.0 |
|
|
Data
synchronization from ISIM to ISIG is supported. |
|
|
PMR# |
APAR# |
PMR# / Description |
|
ISIGADI
v7.0.2.3 |
||
|
70220,004,000 |
IV81046 |
The OutOfMemoryError
happened after the Delta is running for several days. |
|
53799,004,000 |
IV81125 |
ISIGtoISIM should not fulfill the
entitlement changes that are generated by Data Integrator. |
|
42727,004,000 |
IV79332 |
Delta
assembly line removes ISIG role from a user on ISIG. |
|
|
|
|
|
ISIGADI v7.0.2.2 |
||
|
81572,004,000 |
IV77143 |
Verify fails when ISIG admin user password is
changed other than admin. |
|
83901,004,000 |
IV77473 |
IBM Tivoli Directory Integrator Dashboard does not
work. |
|
42457,004,000 |
IV79217 |
[ISIGtoISIM.WritePermissionToISIM/ISIM - Group – Lookup]
assembly line fails because the multiple entries found. |
|
internal |
|
ISIGtoISIM assembly line results in success, but request
is still pending on ISIM side |
|
ISIGADI
v7.0.2.1 |
||
|
73009,004,000 |
IV76337 |
The
StackOverflowError is thrown from System.getProperties() method while Delta assembly line is running. |
|
|
IV76091 |
The ISIG User password is not
set when ISIM person is synchronized to ISIG.
The user id is set as the password. |
|
ISIGADI
v7.0.2 |
||
|
None |
|
|
|
ISIGADI
v7.0.1.1 |
||
|
None |
|
|
|
ISIGADI v7.0.1 |
||
|
10274,004,000 |
IV69098 |
Delta load fails after an ISIM schema change |
|
30341,004,000 |
IV69555 |
Person load fails if the erroles
attribute contains empty string |
|
Internal# |
APAR# |
PMR#
/ Description |
|
122333 |
|
Warning message counts as error in summary
statistics report |
|
123331 |
|
Assigning
an ISIM system group to a user in ISIG is not synchronized to ISIM. This is
due to the defect on ISIM side. This
defect is fixed in ISIM 6 fix pack 10 and ISIM VA 7.0.1. |
|
123332 |
|
If
a user is already a member of a role and this role is assigned with new
permission or assigned with other roles with new permission, if the user does
not have account for the Application associated with the permission, then the
new assigned permission is not fulfilled since new account request is not
initiated in ISIG. This defect is being investigated. |
|
125775 |
|
When
the password synchronization is not enabled on ISIM, the accounts being
created or restored from ISIG does not fulfilled to ISIM. This defect is being investigated. |
|
Internal# |
APAR# |
PMR#
/ Description |
|
1 |
|
Support for synchronization of
Role-Permission mapping and role hierarchy in Identity Manager is not
available with this release. |
|
2 |
|
Service groups in Identity Manager are
mapped to permissions in Identity Governance.
Support for permissions that are not represented as service groups in
Identity Manager is not available in this release. |
|
3 |
|
Support for mapping one Identity
Manager service to multiple applications is not available in this release. |
|
4 |
|
Support for multiple group types for
each Identity Manager service is not available in this release. For example,
POSIX AIX service supports AIX groups and AIX Role, in this release, it only
supports user permissions mapping in Identity Governance for one of them but
not both. |
|
5 |
|
Support for multiple accounts of a
person on same Identity Manager service is not available in this release. |
|
6 |
|
Support for synchronization of access
catalog information in Identity Manager is not available in this release. |
|
7 |
|
Support for permissions that map to
hosted service groups in Identity Manager is not available in this release. |
|
8 |
|
Support for password synchronization
for ISIG accounts is not available in this release. |
|
9 |
|
Support for define subset of Identity
Manager entities for synchronization is not available in this release. |
|
51 |
|
Consolidation
of user permission change as result of role assignment change is not
available in this release. When a role is assigned to a user in ISIG, role assignment is
updated in ISIM if the role exists in ISIM. If the role is associated
with list of permissions for targets managed by ISIM, the permissions are
also assigned to user in ISIM. If Delta load is running, the user-permission
changes will be synchronized into ISIG as direct user-permission association
even though these assignments are already implied by the user-role assignment
in ISIG. |
|
52 |
|
Mapping ISIM role to ISIG external
role is not available in this release. As a result of this limitation, when an ISIM
Role is assigned as child of another role in ISIG, if a user is assigned
to the parent role, the assignment to the ISIM role (child role) is not
fulfilled in ISIM. |
|
|
|
When the account has required
attributes, create account event is not fulfilled from ISIG to ISIM since
ISIG does not know about these information.
Work-around: The account default
value for the service should be set on ISIM side. |
If you are installing
this fix pack version on the existing ISIGADI v7.0.2 or v7.0.2.x, then follow
the instruction in the next section.
For all other
installation cases, see the "Integration between
IBM Security Identity Manager and IBM Security Identity Governance" TECH NOTE for detailed instructions.
To install this fix pack to the existing ISIGADI v7.0.2.x, follow the instruction below.
The IBM Security Identity Governance and Administration Data Integrator
was built and tested on the following product versions.
Installation Platform
The
IBM Security Identity Governance and Administration Data Integrator installs
into Tivoli Directory Integrator (TDI) and may be installed on the following platforms:
·
Red Hat Enterprise Linux 6.5
·
Windows 7
Required
TDI version:
· Tivoli Directory Integrator v7.1.1 with Fix Pack 4 or higher
· Interim fix, 7.1.1-TIV-TDI-LA0022 is
required in addition to fix pack 4. This
interim fix upgrades TDI JRE to v1.7. (Only required for ISIG 5.1.1)
The IBM Security
Identity Governance and Administration Data Integrator requires a database to
store information about entity mappings between integrated products. The database can be
created on the same DB2 instance as Identity Manager or on a different DB2
instance.
Supported database includes:
·
IBM DB2 Universal
Database™ Enterprise Server Edition v10.1
·
IBM DB2 Universal
Database™ Enterprise Server Edition v10.5 with Fix Pack 3
or higher.
The
IBM Security Identity Governance and Administration Data integrator supports
the following product versions:
ISIM
Versions
· IBM Tivoli Identity Manager version 5.1 with
WebSphere Application Server version 7.0.
·
IBM Security Identity
Manager version 6.0.0.4.
· IBM Security Identity Manager version 7.0 VA.
ISIG
Versions
· IBM Security Identity Governance version 5.1 VA
with Oracle database.
· IBM Security Identity Governance version 5.1.1
VA with DB2 or Oracle database.
This
information was developed for products and services
offered in the U.S.A. IBM may not offer the products, services, or features discussed
in this document in other countries. Consult your local IBM representative for
information on the products and services currently available in your area. Any
reference to an IBM product, program, or service is not intended to state or
imply that only that IBM product, program, or service may be used. Any
functionally equivalent product, program, or service that does not infringe any
IBM intellectual property right may be used instead. However, it is the user’s
responsibility to evaluate and verify the operation of any non-IBM product,
program, or service.
IBM
may have patents or pending patent applications covering subject matter
described in this document. The furnishing of this document does not give you
any license to these patents. You can send license inquiries, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785 U.S.A.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or
registered trademarks of International Business Machines Corp., registered in
many jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM trademarks is
available on the Web at "Copyright and trademark information" at
www.ibm.com/legal/copytrade.shtml.
End of Release Notes