IdStory Identity Manager: Issueshttps://redmine.czechidm.com/https://redmine.czechidm.com/themes/purplemine2/favicon/favicon.ico?16339658642023-11-13T20:21:00ZIdStory Identity Manager
Redmine IdStory HUB - Task #3477 (New): HUB config and migrationshttps://redmine.czechidm.com/issues/34772023-11-13T20:21:00ZBoris PolákIdStory Identity Manager - Task #3476 (New): Upgrade FE - Material UIhttps://redmine.czechidm.com/issues/34762023-11-13T09:19:04ZBoris Polák
<p>migrate material ui to latest version (mui)</p> IdStory Identity Manager - Task #3475 (New): Upgrade FE - Rich text editorhttps://redmine.czechidm.com/issues/34752023-11-13T09:18:01ZBoris Polák
<p>draft-js is not maintained and has a lot of vulnerable/deprecated deps. Possible alternative is facebook's lexical</p> Reports (reports) - Task #3474 (Needs feedback): IdentityComplexReportExecutor fails when exporti...https://redmine.czechidm.com/issues/34742023-11-07T15:53:20ZAlena Peterováalena.peterova@bcvsolutions.eu
<p>Version 4.0.0<br />The report Identities with complex combination with contracts attributes (identity-complex-report) fails when you try to export an EAV of type Boolean.</p>
<pre>
Caused by: java.lang.ClassCastException: class java.lang.Boolean cannot be cast to class java.lang.String (java.lang.Boolean and java.lang.String are in module java.base of loader 'bootstrap')
at eu.bcvsolutions.idm.reports.utils.impl.DefaultReportsExecutorUtils.lambda$getIdentityFormValues$0(DefaultReportsExecutorUtils.java:249)
at java.base/java.util.ArrayList.forEach(ArrayList.java:1541)
at java.base/java.util.Collections$UnmodifiableCollection.forEach(Collections.java:1085)
at eu.bcvsolutions.idm.reports.utils.impl.DefaultReportsExecutorUtils.getIdentityFormValues(DefaultReportsExecutorUtils.java:236)
at eu.bcvsolutions.idm.reports.identity.IdentityComplexReportExecutor.generateData(IdentityComplexReportExecutor.java:221)
at eu.bcvsolutions.idm.rpt.api.executor.AbstractReportExecutor.generate(AbstractReportExecutor.java:92)
</pre> IdStory Identity Manager - Defect #3473 (New): Error when two processes save the same IdmConceptR...https://redmine.czechidm.com/issues/34732023-11-03T13:51:51ZVladimír Kotýnekvladimir.kotynek@bcvsolutions.eu
<p>When approval process and provisioning-operation-retry-bulk-action process try to update the same role request a deadlock can ocure.<br /><pre>
Caused by: org.postgresql.util.PSQLException: ERROR: deadlock detected
Detail: Process 26254 waits for ShareLock on transaction 904970719; blocked by process 29145.
Process 29145 waits for ShareLock on transaction 904970824; blocked by process 26254.
Hint: See server log for query details.
Where: while updating tuple (540994,2) in relation "idm_concept_role_request"
</pre> <br />Both processes were commiting their changes to DB blocked each other (this bellow is during/after application restart).<br /><pre><code class="sql syntaxhl"><span class="n">postgres</span><span class="o">=#</span> <span class="k">select</span> <span class="o">*</span> <span class="k">from</span> <span class="n">pg_stat_activity</span> <span class="k">where</span> <span class="n">pid</span> <span class="o">=</span> <span class="mi">29145</span><span class="p">;</span>
<span class="n">datid</span> <span class="o">|</span> <span class="n">datname</span> <span class="o">|</span> <span class="n">pid</span> <span class="o">|</span> <span class="n">usesysid</span> <span class="o">|</span> <span class="n">usename</span> <span class="o">|</span> <span class="n">application_name</span> <span class="o">|</span> <span class="n">client_addr</span> <span class="o">|</span> <span class="n">client_hostname</span> <span class="o">|</span> <span class="n">client_port</span> <span class="o">|</span> <span class="n">backend_start</span> <span class="o">|</span> <span class="n">xact_start</span> <span class="o">|</span> <span class="n">query_start</span> <span class="o">|</span>
<span class="n">state_change</span> <span class="o">|</span> <span class="n">wait_event_type</span> <span class="o">|</span> <span class="n">wait_event</span> <span class="o">|</span> <span class="k">state</span> <span class="o">|</span> <span class="n">backend_xid</span> <span class="o">|</span> <span class="n">backend_xmin</span> <span class="o">|</span> <span class="n">query</span> <span class="o">|</span> <span class="n">backend_type</span>
<span class="c1">-------+----------+-------+----------+----------+------------------------+--------------+-----------------+-------------+-------------------------------+------------+-------------------------------+------</span>
<span class="c1">-------------------------+-----------------+------------+-------+-------------+--------------+--------+----------------</span>
<span class="mi">16401</span> <span class="o">|</span> <span class="n">czechidm</span> <span class="o">|</span> <span class="mi">29145</span> <span class="o">|</span> <span class="mi">16384</span> <span class="o">|</span> <span class="n">czechidm</span> <span class="o">|</span> <span class="n">PostgreSQL</span> <span class="n">JDBC</span> <span class="n">Driver</span> <span class="o">|</span> <span class="mi">10</span><span class="p">.</span><span class="mi">14</span><span class="p">.</span><span class="mi">144</span><span class="p">.</span><span class="mi">79</span> <span class="o">|</span> <span class="o">|</span> <span class="mi">47158</span> <span class="o">|</span> <span class="mi">2023</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">03</span> <span class="mi">10</span><span class="p">:</span><span class="mi">04</span><span class="p">:</span><span class="mi">58</span><span class="p">.</span><span class="mi">224087</span><span class="o">+</span><span class="mi">01</span> <span class="o">|</span> <span class="o">|</span> <span class="mi">2023</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">03</span> <span class="mi">10</span><span class="p">:</span><span class="mi">32</span><span class="p">:</span><span class="mi">41</span><span class="p">.</span><span class="mi">401508</span><span class="o">+</span><span class="mi">01</span> <span class="o">|</span> <span class="mi">2023</span><span class="o">-</span>
<span class="mi">11</span><span class="o">-</span><span class="mi">03</span> <span class="mi">10</span><span class="p">:</span><span class="mi">32</span><span class="p">:</span><span class="mi">41</span><span class="p">.</span><span class="mi">401549</span><span class="o">+</span><span class="mi">01</span> <span class="o">|</span> <span class="n">Client</span> <span class="o">|</span> <span class="n">ClientRead</span> <span class="o">|</span> <span class="n">idle</span> <span class="o">|</span> <span class="o">|</span> <span class="o">|</span> <span class="k">COMMIT</span> <span class="o">|</span> <span class="n">client</span> <span class="n">backend</span>
<span class="p">(</span><span class="mi">1</span> <span class="k">row</span><span class="p">)</span>
<span class="n">postgres</span><span class="o">=#</span> <span class="k">select</span> <span class="o">*</span> <span class="k">from</span> <span class="n">pg_stat_activity</span> <span class="k">where</span> <span class="n">pid</span> <span class="o">=</span> <span class="mi">26254</span><span class="p">;</span>
<span class="n">datid</span> <span class="o">|</span> <span class="n">datname</span> <span class="o">|</span> <span class="n">pid</span> <span class="o">|</span> <span class="n">usesysid</span> <span class="o">|</span> <span class="n">usename</span> <span class="o">|</span> <span class="n">application_name</span> <span class="o">|</span> <span class="n">client_addr</span> <span class="o">|</span> <span class="n">client_hostname</span> <span class="o">|</span> <span class="n">client_port</span> <span class="o">|</span> <span class="n">backend_start</span> <span class="o">|</span> <span class="n">xact_start</span> <span class="o">|</span> <span class="n">query_start</span> <span class="o">|</span>
<span class="n">state_change</span> <span class="o">|</span> <span class="n">wait_event_type</span> <span class="o">|</span> <span class="n">wait_event</span> <span class="o">|</span> <span class="k">state</span> <span class="o">|</span> <span class="n">backend_xid</span> <span class="o">|</span> <span class="n">backend_xmin</span> <span class="o">|</span> <span class="n">query</span> <span class="o">|</span> <span class="n">backend_type</span>
<span class="c1">-------+----------+-------+----------+----------+------------------------+--------------+-----------------+-------------+-------------------------------+------------+-------------------------------+------</span>
<span class="c1">-------------------------+-----------------+------------+-------+-------------+--------------+--------+----------------</span>
<span class="mi">16401</span> <span class="o">|</span> <span class="n">czechidm</span> <span class="o">|</span> <span class="mi">26254</span> <span class="o">|</span> <span class="mi">16384</span> <span class="o">|</span> <span class="n">czechidm</span> <span class="o">|</span> <span class="n">PostgreSQL</span> <span class="n">JDBC</span> <span class="n">Driver</span> <span class="o">|</span> <span class="mi">10</span><span class="p">.</span><span class="mi">14</span><span class="p">.</span><span class="mi">144</span><span class="p">.</span><span class="mi">79</span> <span class="o">|</span> <span class="o">|</span> <span class="mi">45892</span> <span class="o">|</span> <span class="mi">2023</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">03</span> <span class="mi">09</span><span class="p">:</span><span class="mi">58</span><span class="p">:</span><span class="mi">17</span><span class="p">.</span><span class="mi">807327</span><span class="o">+</span><span class="mi">01</span> <span class="o">|</span> <span class="o">|</span> <span class="mi">2023</span><span class="o">-</span><span class="mi">11</span><span class="o">-</span><span class="mi">03</span> <span class="mi">10</span><span class="p">:</span><span class="mi">26</span><span class="p">:</span><span class="mi">58</span><span class="p">.</span><span class="mi">046104</span><span class="o">+</span><span class="mi">01</span> <span class="o">|</span> <span class="mi">2023</span><span class="o">-</span>
<span class="mi">11</span><span class="o">-</span><span class="mi">03</span> <span class="mi">10</span><span class="p">:</span><span class="mi">26</span><span class="p">:</span><span class="mi">58</span><span class="p">.</span><span class="mi">046144</span><span class="o">+</span><span class="mi">01</span> <span class="o">|</span> <span class="n">Client</span> <span class="o">|</span> <span class="n">ClientRead</span> <span class="o">|</span> <span class="n">idle</span> <span class="o">|</span> <span class="o">|</span> <span class="o">|</span> <span class="k">COMMIT</span> <span class="o">|</span> <span class="n">client</span> <span class="n">backend</span>
<span class="p">(</span><span class="mi">1</span> <span class="k">row</span><span class="p">)</span>
</code></pre></p> IdStory Identity Manager - Defect #3472 (New): Wizard fails with Illegal Argument Exception in st...https://redmine.czechidm.com/issues/34722023-11-02T14:15:12ZVladimír Kotýnekvladimir.kotynek@bcvsolutions.eu
<p>Tested with CSV wizard and Virtual system wizard.<br />When I go from step 2 to step 2 Type of object is pre-selected with "Identity". When I click "Next" I get IllegalArgumentException. The same happens when I go from step 4 back to step 3 and then click "Next". When I explicitly select "Identity" from the select box It works properly.<br />Stacktrace of the exception is:<br /><pre>
2023-11-02 15:07:52.272 ERROR 77577180 --- [ajp-nio-127.0.0.1-8009-exec-5] eu.bcvsolutions.idm.core.exception.ExceptionControllerAdvice.log : [core:INTERNAL_SERVER_ERROR:455f3450-13bc-4169-921c-1445b7b61c
e6] Entity type cannot be null! ({})
java.lang.IllegalArgumentException: Entity type cannot be null!
at org.springframework.util.Assert.hasText(Assert.java:286)
at eu.bcvsolutions.idm.acc.connector.AbstractConnectorType.executeMappingStep(AbstractConnectorType.java:308)
at eu.bcvsolutions.idm.acc.connector.AbstractConnectorType.execute(AbstractConnectorType.java:112)
at eu.bcvsolutions.idm.acc.connector.CsvConnectorType.execute(CsvConnectorType.java:131)
at eu.bcvsolutions.idm.acc.connector.CsvConnectorType.execute(CsvConnectorType.java:50)
at eu.bcvsolutions.idm.acc.connector.CsvConnectorType$$FastClassBySpringCGLIB$$a85f5896.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:752)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691)
at eu.bcvsolutions.idm.acc.connector.CsvConnectorType$$EnhancerBySpringCGLIB$$b0e18648.execute(<generated>)
at eu.bcvsolutions.idm.acc.connector.DefaultConnectorManager.execute(DefaultConnectorManager.java:133)
at eu.bcvsolutions.idm.acc.connector.DefaultConnectorManager.execute(DefaultConnectorManager.java:50)
at eu.bcvsolutions.idm.acc.connector.DefaultConnectorManager$$FastClassBySpringCGLIB$$998ef98c.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:752)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:295)
at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:98)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:691)
at eu.bcvsolutions.idm.acc.connector.DefaultConnectorManager$$EnhancerBySpringCGLIB$$46a9b2ea.execute(<generated>)
at eu.bcvsolutions.idm.acc.rest.impl.SysSystemController.executeWizardType(SysSystemController.java:1125)
at eu.bcvsolutions.idm.acc.rest.impl.SysSystemController$$FastClassBySpringCGLIB$$b2478f50.invoke(<generated>)
</pre></p> IdStory Identity Manager - Task #3471 (Needs feedback): Change Data type in Attribute details to ...https://redmine.czechidm.com/issues/34712023-11-01T15:00:36ZMartin Kolombo
<p>Data type field in attribute details tab of system details is a text field that permits errors, even though only a few values are possible and those are known.<br />Change it to a dropdown.</p>
<p><img src="https://redmine.czechidm.com/attachments/download/1305/clipboard-202311011600-bdzav.png" alt="" /></p> IdStory HUB - Task #3470 (New): Active users filterhttps://redmine.czechidm.com/issues/34702023-11-01T08:38:54ZBoris Polák
<p>Show only active users, allow to show all users</p> IdStory HUB - Task #3469 (New): Password resethttps://redmine.czechidm.com/issues/34692023-11-01T08:35:46ZBoris Polák
<p>Allow to reset user's password</p> IdStory HUB - Task #3468 (New): Allow multiple form projectionshttps://redmine.czechidm.com/issues/34682023-11-01T08:33:46ZBoris Polák
<p>Let user select form projection to use and render fields based on it</p> IdStory HUB - Task #3467 (New): Delete userhttps://redmine.czechidm.com/issues/34672023-11-01T08:32:39ZBoris Polák
<p>Show somewhere safe action to delete user</p> IdStory Identity Manager - Defect #3465 (New): Attribute with validation in projection is always ...https://redmine.czechidm.com/issues/34652023-10-30T16:02:08ZVladimír Kotýnekvladimir.kotynek@bcvsolutions.eu
How to reproduce:
<ol>
<li>create new projection</li>
<li>add identity EAV attribute to projection</li>
<li>add validation to this EAV attribute</li>
<li>save projection</li>
<li>create new user with this projection</li>
<li>create new role with permissions:
<ul>
<li>IdmFormAttribute autocomplete BasePermissionEvaluator</li>
<li>IdmFormDefinition autocomplete BasePermissionEvaluator</li>
<li>IdmIdentityContractFormValue read,count,autocomplete IdentityContractFormValueEvaluator for default definition</li>
<li>IdmIdentityFormValue read,count,autocomplete IdentityFormValueEvaluator for default definition</li>
<li>IdmIdentity read,count,autocomplete IdentityByFormProjectionEvaluator for this new projection</li>
<li>IdmIdentityContract read,count,autocomplete IdentityContractByIdentityEvaluator COUNT,READ,AUTOCOMPLETE</li>
<li>IdmTreeNode autocomplete BasePermissionEvaluator</li>
<li>IdmTreeType autocomplete BasePermissionEvaluator</li>
</ul>
</li>
<li>add this role to some user with no other permissions in IdM besides userRole</li>
<li>log in IdM and open projection form of a user with this new projection
<ul>
<li>the EAV attribute is editable</li>
<li>no save button is available</li>
</ul>
</li>
<li>go to full detail of this user and EAV tab "More information"
<ul>
<li>the EAV attribute is editable</li>
<li>save button is present</li>
</ul>
</li>
<li>click on save button</li>
<li>error message appears due to insufficient rights.</li>
</ol>
<p>In this situation the user has to rights to edit anything on user with this projection so I would expect the field with the EAV to by disabled/not editable. When the EAV has no validation set and are present in the projection form, they are disabled.</p> IdStory Identity Manager - Task #3464 (In Progress): Messaging - notification aggregationhttps://redmine.czechidm.com/issues/34642023-10-30T14:03:38ZPeter Štruncpeter.strunc@bcvsolutions.eu
<p><strong>Goal:</strong></p>
<p>To enhance user experience and system performance, implement a notification aggregation feature.</p>
<p><strong>Details:</strong></p>
<p>Currently, users receive individual notifications instantly. This can be overwhelming and may cause unnecessary interruptions, especially during high-activity periods.</p>
<p>The proposed change aims to aggregate these notifications over a predetermined time interval, then dispatch them in bulk to the user.</p>
<p><strong>Requirements:</strong></p>
<ul>
<li>Introduce a configurable time interval for notification aggregation.</li>
<li>During this interval, collect and group notifications for each user.</li>
<li>After the interval has elapsed, send the aggregated notifications in a single batch to the respective users.</li>
<li>Ensure that crucial or priority notifications (if any) are excluded from this aggregation and are delivered immediately.</li>
</ul>
<p><strong>Expected Outcome:</strong></p>
<p>Users will receive fewer, more meaningful notifications, reducing potential distractions and improving the overall user experience.</p> IdStory Identity Manager - Task #3463 (New): Messaging - retry mechanism for notificationshttps://redmine.czechidm.com/issues/34632023-10-30T13:56:24ZPeter Štruncpeter.strunc@bcvsolutions.eu
<p>Retry sending notification in case sending failed.</p> IdStory Identity Manager - Task #3462 (Needs feedback): Automatic logon after password change doe...https://redmine.czechidm.com/issues/34622023-10-30T13:37:44ZPeter Štruncpeter.strunc@bcvsolutions.eu
<p>When user changes their password via either public password change page or passsword reset page, they should be automatically logged in. This however does not work in combination with CAS or other external authentication.</p>
<p>We propose two possible solutions:</p>
<p>- Remove automatic login and make user login with the new password<br />- Wait for login to succeed (wait for a password to propagate to the end systems)</p>