Upgrade Considerations

  • In IdentityIQ versions 8.0 Patch 5 and later, the following class names must be changed in any configured rules:

    Original Class Name

    New Class Name

    sailpoint.connector.webservices

    sailpoint.connectorDependencies

    sailpoint.connector.webservices.WebServicesClient

    sailpoint.connectorDependencies.WebServicesClient

    sailpoint.connector.webservices.EndPoint

    sailpoint.connectorDependencies.EndPoint

    sailpoint.connector.webservices.WebServiceConnectorUtil

    sailpoint.connectorDependencies.WebServiceConnectorUtil

    sailpoint.connector.webservices.WebServicesConstant

    sailpoint.connectorDependencies.WebServicesConstants

    sailpoint.connector.webservices.RestRequestExecutor

    sailpoint.connectorDependencies.RestRequestExecutor

  • All connector classes and third-party-required .jar files are packaged as "fat jar" files and kept in the WEB-INF/lib-connectors directory. These .jar files are found in the default system classpath. The connector classloader loads them at runtime.

  • After upgrading IdentityIQ from version 7.2 Patch 3 or prior to version 8.0 Patch 5 or later:

    • If you use OAuth 2 authentication and your Grant Type is JWT, add the following parameters to the application XML in the Debug page:

      • oAuthJwtHeader

      • oAuthJwtPayload

      For more information, refer to Additional Configuration Parameters.

    • Add the following entry key into the application XML in the Debug page of the existing application:

      <entry key="encrypted" value="accesstoken,refresh_token,oauth_token_info,client_secret,private_key,private_key_password,clientCertificate,clientKeySpec"/>

    • To support Pass-through authentication, add the isGetObjectRequiredForPTA attribute to the application Debug page.

      For more information, refer to Additional Configuration Parameters.

  • Add the following attribute to the featureString in the application Debug page:

    AUTHENTICATE

    For more information, refer to Keywords.

  • To enable the unlock feature, add the following feature value to the featuresString in application Debug page:

    featuresString="UNLOCK"

  • All existing applications would work seamlessly. However, the multiple independent endpoints for aggregation and get object operations would only be supported for new applications.

  • Endpoints must have unique names, not null values.

  • Use of quotes is not applicable. For applications created before IdentityIQ version 8.0 Patch 5 and require use of quotes, contact SailPoint Customer Support.

  • Starting with IdentityIQ version 8.0 Patch 5, to use Partitioning on existing or new applications you must add static mappings to get partition objects or configure dynamic / Get Partition endpoints. To aggregate accounts using partitions, you must configure a Partitioned Account Aggregation endpoint.

    For more information, refer to Partitioning.

    Note
    Partitioning is not supported for the applications created prior IdentityIQ version 8.0 Patch 5.