Upgrade Considerations
-
In IdentityIQ versions 8.0 Patch 5 and later, the following class names must be changed in any configured rules:
Original Class Name
New Class Name
sailpoint.connector.webservices
sailpoint.connectorDependencies
sailpoint.connector.webservices.WebServicesClient
sailpoint.connectorDependencies.WebServicesClient
sailpoint.connector.webservices.EndPoint
sailpoint.connectorDependencies.EndPoint
sailpoint.connector.webservices.WebServiceConnectorUtil
sailpoint.connectorDependencies.WebServiceConnectorUtil
sailpoint.connector.webservices.WebServicesConstant
sailpoint.connectorDependencies.WebServicesConstants
sailpoint.connector.webservices.RestRequestExecutor
sailpoint.connectorDependencies.RestRequestExecutor
-
All connector classes and third-party-required .jar files are packaged as "fat jar" files and kept in the
WEB-INF/lib-connectors
directory. These .jar files are found in the default system classpath. The connector classloader loads them at runtime. -
After upgrading IdentityIQ from version 7.2 Patch 3 or prior to version 8.0 Patch 5 or later:
-
If you use OAuth 2 authentication and your Grant Type is JWT, add the following parameters to the application XML in the Debug page:
-
oAuthJwtHeader
-
oAuthJwtPayload
For more information, refer to Additional Configuration Parameters.
-
-
Add the following entry key into the application XML in the Debug page of the existing application:
<entry key="encrypted" value="accesstoken,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec"/>
-
To support Pass-through authentication, add the
isGetObjectRequiredForPTA
attribute to the application Debug page.For more information, refer to Additional Configuration Parameters.
-
-
Add the following attribute to the featureString in the application Debug page:
AUTHENTICATE
For more information, refer to Keywords.
-
To enable the unlock feature, add the following feature value to the featuresString in application Debug page:
featuresString="UNLOCK"
-
All existing applications would work seamlessly. However, the multiple independent endpoints for aggregation and get object operations would only be supported for new applications.
-
Endpoints must have unique names, not null values.
-
Use of quotes is not applicable. For applications created before IdentityIQ version 8.0 Patch 5 and require use of quotes, contact SailPoint Customer Support.
-
Starting with IdentityIQ version 8.0 Patch 5, to use Partitioning on existing or new applications you must add static mappings to get partition objects or configure dynamic / Get Partition endpoints. To aggregate accounts using partitions, you must configure a Partitioned Account Aggregation endpoint.
For more information, refer to Partitioning.
Note
Partitioning is not supported for the applications created prior IdentityIQ version 8.0 Patch 5.