This document is intended for users of OIM BUNDLE PATCH 12.2.1.4.240705. It contains the following sections:
Note:
For issues documented after the release of OIM BUNDLE PATCH 12.2.1.4.240705, see My Oracle Support Document 2602696.1 at https://support.oracle.com/.
1.1 Understanding Bundle Patches
This section describes Bundle Patches and explains differences between Stack Patch Bundles, Bundle Patches, interim patches (also known as one-offs) and Patch Sets.
1.1.1 Stack Patch Bundle
Stack Patch Bundle deploys the IDM product and dependent FMW patches using a tool. For more information about these patches, see Quarterly Stack Patch Bundles (Doc ID 2657920.1) at https://support.oracle.com.
1.1.2 Bundle Patch
A Bundle Patch is an official Oracle patch for an Oracle product. In a Bundle Patch release string, the fifth digit indicated the Bundle Patch number. Effective November 2015, the version numbering format has changed. The new format replaces the numeric fifth digit of the bundle version with a release date in the "YYMMDD" format where:
-
YY is the last 2 digits of the year
-
MM is the numeric month (2 digits)
-
DD is the numeric day of the month (2 digits)
Each Bundle Patch includes the libraries and files that have been rebuilt to implement one or more fixes. All the fixes in the Bundle Patch have been tested and are certified to work with one another. Regression testing has also been performed to ensure backward compatibility with all components in the Bundle Patch.
Each Bundle Patch is cumulative: the latest Bundle Patch includes all fixes in earlier Bundle Patches for the same release and platform. Fixes delivered in Bundle Patches are rolled into the next release.
1.1.3 Interim Patch
In contrast to a Bundle Patch, an interim patch addresses only one issue for a single component. Although each interim patch is an official Oracle patch, it is not a complete product distribution and does not include packages for every component. An interim patch includes only the libraries and files that have been rebuilt to implement a specific fix for a specific component.
Interim patch is also known as, security one-off, exception release, x-fix, PSE, MLR, or hotfix.
1.1.4 Patch Set
A Patch Set is a mechanism for delivering fully tested and integrated product fixes that can be applied to installed components of the same release. Patch Sets include all fixes available in previous Bundle Patches for the release. A Patch Set can also include new functionality. Each Patch Set includes the libraries and files that have been rebuilt to implement bug fixes (and new functions, if any). However, a patch set might not be a complete software distribution and might not include packages for every component on every platform.
All fixes in the Patch Set have been tested and are certified to work with one another on the specified platforms.
1.2 Recommendations
Oracle has certified the dependent Middleware component patches for Identity Management products and recommends that you apply these certified patches. For more information about these patches, see Certification of Underlying or Shared Component Patches for Identity Management Products (Doc ID 2627261.1) at https://support.oracle.com.
1.3 Bundle Patch Requirements
You must satisfy the following requirements before applying this Bundle Patch:
-
Verify that you are applying this Bundle Patch to an Oracle Identity Governance 12.2.1.4.0 installation.
Note:
When installing OPatch, you might find that interim or one-off patches have already been installed. -
Download the latest version of OPatch. Oracle recommends using the latest version of OPatch to all customers. To learn more about OPatch and how to download the latest version, see Using OUI NextGen OPatch 13 for Oracle Fusion Middleware 12c (Doc ID 1587524.1) at https://support.oracle.com.
You can access My Oracle Support at https://support.oracle.com.
-
Verify the Oracle Universal Installer (OUI) Inventory. To apply patches, OPatch requires access to a valid OUI Inventory. To verify the OUI Inventory, ensure that ORACLE_HOME/OPatch path appears in your system PATH. For example:
export PATH=$ORACLE_HOME/OPatch:$PATH
Then run the following command in OPatch inventory:
opatch lsinventory
If the command returns an error or you cannot verify the OUI Inventory, contact Oracle Support. You must confirm the OUI Inventory is valid before applying this Bundle Patch.
-
Confirm the opatch and unzip executables exist and appear in your system PATH, as both are needed to apply this Bundle Patch. Execute the following commands:
which opatch which unzip
Both executables must appear in the environment variable PATH before applying this Bundle Patch.
-
Ensure that there are no pending JMS messages in Oracle Identity Governance server. You can monitor JMS messages with WebLogic console.
1.4 Prerequisites of Applying the Bundle Patch
Before applying the Bundle Patch, perform the following prerequisites:
-
This patch process makes changes to Oracle Identity Governance database schema (such as adding/modifying data), Oracle Identity Governance Meta Data Store (MDS) database schema (such as adding/modifying data), domain configuration changes, and other binary changes in the file system under ORACLE_HOME on which Oracle Identity Governance is installed. It is mandatory to create a backup of the following:
-
Oracle Identity Governance, MDS, and Service-Oriented Architecture (SOA) database schemas. For example, the database schema can be DEV_OIM, DEV_MDS schemas used by Oracle Identity Governance. Simple export of the schemas is sufficient.
-
The ORACLE_HOME directory on which Oracle Identity Governance is installed, for example, /u01/Oracle/Middleware.
-
Oracle Identity Governance WebLogic Domain location, for example, /u01/Oracle/Middleware/user_projects/domains/IAMGovernanceDomain/.
-
The UNIX user applying the Bundle Patch must have read, write, and execute permissions on both ORACLE_HOME as well as WebLogic DOMAIN_HOME.
-
-
If you have customized the event handler file metadata/iam-features-configservice/event-definition/EventHandlers.xml in your setup, then perform the following steps to ensure that the upgrade does not override any customization done to this file:
-
Export the metadata/iam-features-configservice/event-definition/EventHandlers.xml file from MDS, and create a backup of this file.
-
After upgrading and running all the post install steps, export the new metadata/iam-features-configservice/event-definition/EventHandlers.xml file, merge your customization to this new file, and import it back to MDS.
Note:
For more information on MDS Utilities, see MDS Utilities and User Modifiable Metadata Files.
-
1.5 Applying the Bundle Patch to an Existing Instance
Applying OIM BUNDLE PATCH 12.2.1.4.240705 is done in the following stages:
Note:
Before performing the steps to apply the bundle patch, create a backup of the database, as stated in Prerequisites of Applying the Bundle Patch which will help you roll back to the previous release.
1.5.1 Understanding the Process Sequence With an Example
1.5.2 Stage 1: Patching the Oracle Binaries (OPatch Stage)
This section describes the process of applying the binary changes by copying files to the ORACLE_HOME directory, on which Oracle Identity Governance is installed. This step must be executed for each ORACLE_HOME in the installation topology nodes irrespective of whether Oracle Identity Governance server is being run in the node or not.
Perform the following steps to apply the bundle patch to an existing Oracle Identity Governance instance:
1.5.3 Stage 2: Filling in the patch_oim_wls.profile File
Using a text editor, edit the file patch_oim_wls.profile
located in the ORACLE_HOME/idm/server/bin/ directory and change the values in the file to match your environment. The patch_oim_wls.profile
file contains sample values.
Note:
For clustered and multinode installation of Oracle Identity Governance, perform the step described in this topic on the ORACLE_HOME_A directory on which Oracle Identity Governance is installed. This is because you need to run the patch_oim_wls
script from the node with WebLogic Admin Server, oim_server1, and soa_server1 installed. In the patch_oim_wls.profile
file, mention the host and port of the Oracle Identity Governance server and SOA server running on the first node. When you run the script, only WebLogic Admin Server, oim_server1, and soa_server1 should be running, and the rest of the servers can be down.
Table 1-1 lists the information to be entered for the patch_oim_wls.profile
file. This file is used in next stage of the bundle patch process.
Table 1-1 Parameters of the patch_oim_wls.profile File
Parameter | Description | Sample Value |
---|---|---|
ant_home |
Location of the ANT installation. It is usually under MW_HOME. |
For Linux: $MW_HOME/oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5/ For Windows: %MW_HOME%\oracle_common\modules\thirdparty\org.apache.ant\1.10.5.0.0\apache-ant-1.10.5\ |
java_home |
Location of the JDK/JRE installation that is being used to run the Oracle Identity Governance domain. |
For Linux: <JAVA_HOME_PATH> consumed by $MW_HOME For Windows: <JAVA_HOME_PATH> consumed by %MW_HOME% |
mw_home |
Location of the Middleware home on which Oracle Identity Governance is installed. |
For Linux: /u01/Oracle/Middleware For Windows: C:\Oracle\MW_HOME\ |
oim_oracle_home |
Location of the Oracle Identity Governance installation. |
For Linux: $MW_HOME/idm For Windows: %MW_HOME%\idm |
soa_home |
Location of the SOA installation. |
For Linux: $MW_HOME/soa For Windows: %MW_HOME%\soa |
weblogic.server.dir |
Directory on which WebLogic server is installed. |
For Linux: $MW_HOME/wlserver For Windows: %MW_HOME%\wlserver |
domain_home |
Location of the domain home on which Oracle Identity Governance is installed. |
For Linux: $MW_HOME/user_projects/domains/base_domain For Windows: %MW_HOME%\user_projects\domains\base_domain |
weblogic_user |
Domain administrator user name. Normally it is weblogic, but could be different as well. |
weblogic |
weblogic_password |
Domain admin user's password. If this line is commented out, then password will be prompted. |
NA |
soa_host |
Listen address of the SOA Managed Server, or the hostname on which the SOA Managed Server is listening. Note: If the SOA Managed Server is configured to use a virtual IP address, then the virtual hostname must be supplied. |
oimhost.example.com |
soa_port |
Listen port of the SOA Managed Server, or SOA Managed Server port number. |
8001 Only Non-SSL Listen port must be provided. |
operationsDB.user |
Oracle Identity Governance database schema user. |
DEV_OIM |
OIM.DBPassword |
Oracle Identity Governance database schema password. If this line is commented out, then the password will be prompted when the script is executed. |
NA |
operationsDB.host |
Hostname of the Oracle Identity Governance database. |
oimdbhost.example.com |
operationsDB.serviceName |
Database service name of the Oracle Identity Governance schema/database. This is not the hostname and it can be a different value as well. |
oimdb.example.com |
operationsDB.port |
Database listener port number for the Oracle Identity Governance database. |
1521 |
mdsDB.user |
MDS schema user |
DEV_MDS |
mdsDB.password |
MDS schema password. If this line is commented out, then password will be prompted. |
NA |
mdsDB.host |
MDS database hostname |
oimdbhost.example.com |
mdsDB.port |
MDS database/Listen port |
1521 |
mdsDB.serviceName |
MDS database service name |
oimdb.example.com |
oim_username |
Oracle Identity Governance username. |
System administrator username |
oim_password |
Oracle Identity Governance password. This is optional. If this is commented out, then you will be prompted for the password when the script is executed. |
NA |
oim_serverurl |
URL to navigate to Oracle Identity Governance. |
t3://oimhost.example.com:14000 |
wls_serverurl |
URL to navigate to WLS Console |
t3://wlshost.example.com:7001 |
opss_customizations_present=false |
Enables customizations related to authorization or custom task flow. Set this value to true to enable customization. |
true |
ATP-D |
Set the value to false if DB type is not ATP-D. Set this to true if underlying DB type is ATP-D. |
true |
TNS_ADMIN |
Set this value only if the value of ATP-D is true. Set this value to the TNS String as provided by DB Admin, for example, fmwatpdedic2_tp?TNS_ADMIN=/home/opc. Here, /home/opc is the path of the wallet zip that is downloaded. If you are using some other predefined service, then provide the path to that service. |
fmwatpdedic2_tp?TNS_ADMIN=/home/opc |
Note:
Update the parameter value as per the setup used and then execute thepatch_oim_wls.sh
file.
1.5.4 Stage 3: Patching the Oracle Identity Governance Managed Servers (patch_oim_wls Stage)
Patching the Oracle Identity Governance managed servers is the process of copying the staged files in the previous steps to the correct locations, running SQL scripts and importing event handlers and deploying SOA composite. For making MBean calls, the script automatically starts the Oracle Identity Governance Managed Server and SOA Managed Server specified in the patch_oim_wls.profile file.
This step is performed by running patch_oim_wls.sh (on UNIX) or patch_oim_wls.bat (on Microsoft Windows) script by using the inputs provided in the patch_oim_wls.profile file. As prerequisites, the WebLogic Admin Server, SOA Managed Servers, and Oracle Identity Governance Managed Server must be running.
Note:
For clustered and multinode installation of Oracle Identity Governance,
perform the steps described in this topic on the ORACLE_HOME_A directory on
which Oracle Identity Governance is installed. In other words, run the
patch_oim_wls
script from the node with WebLogic
Admin Server, oim_server1, and soa_server1 installed. When you run the
script, only WebLogic Admin Server, oim_server1, and soa_server1 should be
running, and the rest of the servers can be down.
To patch Oracle Identity Governance Managed Servers on WebLogic:
1.6 Applying the Bundle Patch to a New Instance
Perform the following steps to apply the bundle patch to a new instance:
1.6.1 Installing a New Oracle Identity Governance Instance with OIM BUNDLE PATCH 12.2.1.4.240705
You can install a new Oracle Identity Governance instance with the bundle patch in any one of the following ways:
1.6.1.1 Using the Quickstart Installer
Note:
For clustered deployments, perform the steps provided in this section on each node in the cluster.1.6.1.2 Using the Generic Installer
Note:
For clustered deployments, perform the steps provided in this section on each node in the cluster.1.6.2 Postinstallation Configuration
After installing a new Oracle Identity Governance instance with Bundle Patch 12.2.1.4.240705, perform the following post installation configuration steps:
-
Perform the following steps to seed the event handler for Application Onboarding:
-
Go to,
MW_HOME/idm/server/apps/oim.ear/APP-INF/lib/
. -
Locate
BootStrapListener.jar
. Copy theBootStrapListener.jar
file to a temporary folder, for exampletemp_AoB
. Extract the jar files and locateaob_adapters.xml
file in theBootStrapListener.jar/scripts/
folder.Note:
The jar file can be extracted using compression tool such as Zip,7–Zip or by using jar command
jar -xvf
. -
Copy the
aob_adapters.xml
file to a local folder. -
Using the Import option in Identity System Administration interface, import the
aob_adapters.xml
file into Oracle Identity Governance.For detailed steps for importing objects into Oracle Identity Governance, see Importing Deployments in Administering Oracle Identity Governance.
-
Remove the temporary folder
temp_AoB
.
-
1.6.3 Updating Oracle Identity Governance Web Applications
The procedure described in this section is applicable only when installing bundle patches for Oracle Identity Governance and not for installing patch set updates.
For updating your web applications on Oracle WebLogic Server:
- Stop Oracle Identity Governance Managed Server.
- Login to WebLogic Administrative Console.
- Click Lock & Edit.
- Go to Deployments.
- Select the oracle.iam.ui.view and oracle.iam.ui.model app, and click Update. Complete the steps of the wizard by clicking Next. Do not change anything.
- Click Apply Changes.
- Start Oracle Identity Governance Managed Server.
1.7 Removing the Bundle Patch
Note:
For clustered installations, perform steps 1 through 3 on all nodes in the cluster.Note:
- The newer CertificationProcess 2.2 version composite which is deployed as a post patch automation from this patch onwards needs to be undeployed if the patch is rolled back.
- Previous version of the CertificationProcess composite must be activated.
You must adhere to the following list to undeploy the patch:
- You can no longer configure and monitor this revision of the application.
- You can no longer process instances of this revision of the application.
- The state of currently running instances is changed to aborted and no new messages sent to this composite are processed.
- The instance state of the undeployed composite application is set to aborted. The instance state is available in the instance listing, and you can access audit trail and flow trace details.
- If you undeploy the default revision of the SOA composite application (for example, 2.0), the next active, available revision of the application is automatically designated as the new default (for example, 1.0).
- A warning message is displayed at the end of this wizard when you undeploy the default composite revision.
If no active revision is available and the default revision is undeployed, your composite may be unable to process new incoming requests. It is recommended that you have at least one active revision of this composite deployed before you undeploy the default revision.
If you undeploy this revision and no active revisions of this composite are found, a retired revision is automatically designated as the new default revision. A warning message is displayed after this wizard closes. Although all currently executing instances complete normally in retired composites, they cannot process any incoming requests. To process new incoming requests for this composite after the current default revision is undeployed, you must deploy a new revision or reactivate a previously retired revision.
For information about instance, fault, and rejected message states that are updated to aborted during undeployment, see Updating Instance, Fault, and Rejected Message States to Aborted During Undeployment or Redeployment.
Note:
If you want to undeploy and then redeploy an existing revision of this application, do not use this wizard. Instead, use the Redeploy SOA Composite wizard. The Redeploy SOA Composite wizard enables you to redeploy an existing revision of a SOA composite application and remove (overwrite) the older, currently deployed version of the revision.Note:
You can undeploy multiple SOA composite applications together if they are located in the same SOA folder. For information, refer Managing SOA Folders and Work Manager Groups.Once the current version is undeployed, previously retired composite needs to be activated. For more information, refer Managing the State of Deployed SOA Composite Applications.
1.8 Changes in Track Request Functionality
Track Request functionality will change after this Bundle Patch is applied.
When a user performs a search in Self Service tab, Track Requests page, and in the search result table, applies Show list option as For Reportees, all the requests raised by or for the logged in user and user's direct and indirect reportee are displayed.
Note:
- The Organization Name field works only with the For Reportees feature.
- While using the Organization Name search criteria, at least one direct reportee should be associated with the organization. See for the error message that is displayed when an organization name outside the reportee's organization is entered.
- Only two levels of reportees are considered, direct reportees and their immediate reportees
- The total number of direct reportees and indirect reportees must not exceed 1000. See for the error message that is displayed if the number of direct reportees and indirect reportees are more than 1000.
1.9 Access Policy Harvesting to Enable Account Data Update
As a fix for bug# 30978612 in the bundle patch, the new
XL.APHarvesting.AllowAccountDataUpdate
system property is available
to update the account data with the policy defaults for the accounts linked to the
access policies. This system property has the following details:
Name: XL.APHarvesting.AllowAccountDataUpdate
Keyword: XL.APHarvesting.AllowAccountDataUpdate
Default value: FALSE
When this system property is set to TRUE, the account data is updated with the policy defaults for the accounts linked to access policy. If set to FALSE or if the system property does not exist, the account data is not updated.
To enable updating the account data with the policy defaults for the accounts
linked to the access policies, set the values of the
XL.APHarvesting.AllowAccountDataUpdate
,
XL.AllowAPHarvesting
, XL.APHarvestRequestAccount
,
XL.APHarvestDirectProvisionAccount
, and
XL.AllowAPBasedMultipleAccountProvisioning
system properties to
TRUE
.
1.10 Bulk Load Utility for Loading Accounts
With the fix for BUG 34599029, if OIG server is running in SSL mode by using default setting, while using the bulk load utility for account load, you must modify the file oim_blkld_accounts.sh
as shown below:
Example for Linux:
Comment the line:
SSL_CONFIG_PARAMS=“$SSL_CONFIG_PARAMS -Dweblogic.security.SSL.trustedCAKeyStore=$TRUSTSTORE_LOCATION -Dweblogic.security.SSL.protocolVersion=TLSv1.2 -Dhttps.protocols=TLSv1.2 -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 -Dweblogic.ssl.JSSEEnabled=true -Dweblogic.security.SSL.enableJSSE=true -Dweblogic.security.allowCryptoJDefaultJCEVerification=true -Dweblogic.security.SSL.enforceConstraints=off -Dweblogic.security.SSL.ignoreHostnameVerification=true”
Add the following:
SSL_CONFIG_PARAMS=“-Dweblogic.security.TrustKeyStore=DemoTrust -Dweblogic.security.SSL.ignoreHostnameVerification=true -DproviderURL=t3s://<hostname>:<port>”
Example for Windows:
Comment the line:
set SSL_CONFIG_PARAMS=-Dweblogic.security.SSL.trustedCAKeyStore=$TRUSTSTORE_LOCATION -Dweblogic.security.SSL.protocolVersion=TLSv1.2 -Dhttps.protocols=TLSv1.2 -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.2 -Dweblogic.ssl.JSSEEnabled=true -Dweblogic.security.SSL.enableJSSE=true -Dweblogic.security.allowCryptoJDefaultJCEVerification=true -Dweblogic.security.SSL.enforceConstraints=off -Dweblogic.security.SSL.ignoreHostnameVerification=true
Add the below:
set SSL_CONFIG_PARAMS=“-Dweblogic.security.TrustKeyStore=DemoTrust -Dweblogic.security.SSL.ignoreHostnameVerification=true -DproviderURL= t3s://<hostname>:<port>”
With the fix for bug# 30145982 in the bundle patch, the Bulk Load Utility for loading account data asks for the following input:
Note:
In order to run the Bulk Load Utility for account data the following requirements must be met:
- Oracle Identity Governance server is running.
- The
MW_HOME
andOIM_ORACLE_HOME
paths must be accessible although they are running on different hosts.
1.11 Steps to Map the Role and employeeType Attributes
If the bundle patch is applied after the OAM-OIG integration, then for the bug fix
31162758 to work, perform the following steps to map the Role
attribute
to the employeeType
attribute:
- Login to Oracle Identity Self Service.
- Click the Manage tab, and then click the Applications box to open the Applications page.
- Search for SSOTrusted-for-SSOTargetApp and open it.
- Click the Schema tab.
- Map
Role
toemployeeType
. - Save the changes.
If the bundle patch is applied to OIG before the integration with OAM, then the manual mapping of the attributes are not required.
1.12 Copying the Oracle Identity Governance Reports ZIP Directory
- Manually copy the contents of
$PATCH_DIRECTORY/files/oracle.oim.server/12.2.1.4.0/oracle.oim.symbol/server/reports/oim_product_BIPReports_12c.zip/*
directory to the$BI_DOMAIN_HOME/bidata/components/bipublisher/repository/Reports/
directory. - Restart the BI server.
1.13 SSO Full User Reconciliation
For the bug fix 31605187 to work:
-
If the bundle patch is applied after SSO integration, then the job parameter Incremental Recon Attribute value must be provided manually for the latest token value to get updated.
-
If the bundle patch is applied before SSO integration, then manual steps are not required.
1.14 Major Enhancements in Bundle Patch 12.2.1.4.240705
The following are the major enhancements in Oracle Identity Governance 12.2.1.4.240705:
- Refer to Default System Properties in Oracle Identity Governance for the new system property added.
1.15 Major Enhancements in Bundle 12.2.1.4.231030
- The unwanted accounts that are stuck in the Provisioning status can now be purged continuously using Real-time Provisioning Status based on the options or choices that are made during configuration.
For more information refer to Using the Real-time Provisioning Status Accounts Purge in Oracle Identity Governance.
- Admin users can create membership rules by assigning members to a role using an SQL query.
For more information refer to Creating Roles.
- Refer to Default System Properties in Oracle Identity Governance for the new system properties added.
1.16 Major Enhancements in Bundle 12.2.1.4.230408
The following are the major enhancements in Oracle Identity Governance 12.2.1.4.230408:
- To enhance the user experience, the UI option Manage Notification Template option is now available under the Oracle Identity Self Service which were earlier available under the System Administration section.
For more information refer to Manage Notification Template.
-
Admin users now have the capability to add, view or modify details for proxy users from the User Details page.
For more information, see Managing Proxies.
-
The option to disable the Close As Risk Accepted action is now available for any corresponding policy violation.
For more information, see Creating Identity Audit Policies.
1.17 Major Enhancements in Bundle Patch 12.2.1.4.221004
The following are the major enhancements in Oracle Identity Governance 12.2.1.4.221004:
- To enhance the user experience, the following UI options are now available under the Oracle Identity Self Service which were earlier available under the System Administration section.
- Manage Scheduler
- Manage System Properties
For more information refer to Managing the Scheduler and Managing System Properties.
-
While configuring the Certification, you can now disable Accounts for the revoke action. For more information, see Configuring Certification Options
1.18 Major Enhancements in Bundle Patch 12.2.1.4.220413
- Active Directory (AD) now supports adding groups as a member of other groups.
For more information, see Predefined Scheduled Tasks.
- The new MEMBERSHIP TYPE column introduced in this patch appears at the end of the table for upgraded environment. To reposition the column, use the re-order column option.
1.19 Major Enhancements in Bundle Patch 12.2.1.4.211010
The following are the major enhancements in Oracle Identity Governance 12.2.1.4.211010:
- The Access Policy feature is enhanced to manage the evaluation of users in the Disabled status. See Evaluating Policies.
- The Account Chooser pop-up option is enhanced to display the Account Type along with the Account Name column while creating an Entitlement request. This helps users who access multiple accounts for the same application while requesting Entitlements.
- During certification to help reviewers for identifying the correct accounts, reviewers can use the Account Type option.
- The Resource History details of the Accounts section is enhanced to display the Entitlement Name and Request ID.
- Manual Fulfillment task, Accounts and Entitlement tabs under User Access UI are enhanced to display the Role Request ID.
- When users have entitlements provisioned outside of the Access Policies, a new option is provided which helps in keeping the account in the Active state. See Revoking or Disabling the Policy.
- The
updateRoleGrant
API of RoleManager is enhanced to start owner startDate and endDate attributes. - The Reconciliation Jobs section of the Application Instance is enhanced with separate reconciliation jobs for defining and managing of the application instance during application on boarding. See Creating Application Instances.
- The Certification feature is enhanced to support mandatory certification comments on certify and non certify operations. The certification comments can also be mined from previous certifications and request justification. This helps the reviewer by providing better context about the access during certification. See About Pre-populate Certification Comments.
1.20 Major Enhancements in Bundle Patch 12.2.1.4.210708
The following are the major enhancements in Oracle Identity Governance 12.2.1.4.210708:
-
To improve the reset password performance in Active Directory (AD) integration, a new system property is available which needs to be set to True and the certificate from the AD target needs to be imported. See the following topics:
1.21 IP Filter Related Updates
IP Filter (IPF) related updates are not part of the Oracle Identity Governance bundle patch release. For instructions on how to download and applying the IPF one-off bundle patch, see My Oracle Support document ID 2383246.1.
1.22 Internet Explorer 11 Certification
This bundle patch is certified with Microsoft Internet Explorer 11. To use Oracle Identity Governance with Internet Explorer 11, download and apply ADF patch 29620828 from My Oracle Support web site at:
For information about this patch, see Tech Note OIG 12c certification with IE11 browser (Doc ID 2556385.1) at My Oracle Support web site at:
1.23 Access Policy Harvesting for Direct Provisioned and Request Created Accounts
As a fix for bug# 27599841, you can link access policies to accounts created by request and to accounts that are provisioned directly.
To enable linking access policies to accounts created by request, set the values of
XL.APHarvestRequestAccount
, XL.AllowAPHarvesting
,
and XL.AllowAPBasedMultipleAccountProvisioning
system properties to
TRUE
.
To enable linking access policies to accounts that are provisioned directly, set the
values of XL.APHarvestDirectProvisionAccount
,
XL.AllowAPHarvesting
, and
XL.AllowAPBasedMultipleAccountProvisioning
system properties to
TRUE
.
1.24 Resolved Issues
The following section lists the issues resolved in Release 12.2.1.4.240705:
- Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.240705
- Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.240415
- Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.231215
- Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.231030
- Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.230708
- Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.230408
- Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.221215
- Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.221004
- Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.220703
- Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.220413
- Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.220115
- Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.211010
1.24.1 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.240705
Applying this bundle patch resolves the issues described in Table 1-2.
Table 1-2 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.240705
BUG | DESCRIPTION |
---|---|
35214595 | MISSING GENERATEMODELVIEWJARSONDEMAND.BAT FILE |
35503820 | THE VIOLATIONS VALIDATE API INTERMITTENTLY RETURNS WRONG OUTPUT |
35777647 | POLICY VIOLATIONS ARE NOT SHOWN CORRECTLY IN ENTITLEMENT REQUESTS |
35873867 | PROBLEM ADDING A MVA FIELD TO A FLATFILE APPLICATION INSTANCE |
36001180 | APP INSTANCE CREATION GETTING FAILED WITH JBO-27020 ERROR |
36099726 | OIG12CPS4: AOB : NEW VERSION OF SCHEMA FORM BEING CREATED EVEN NO SCHEMA CHANGES |
36126453 | OIM RECON ASSIGNING SAME ENTITLEMENT MULTIPLE TIMES IF PRESENT |
36202975 | MANUAL FULFILLMENT TASKS ARE NOT GENERATING AFTER ROLE APPROVED BY ROLE OWNER
Note: Refer to Default System Properties in Oracle Identity Governance for details on the property added. |
36256889 | PREVENT SELF CERTIFICATION DOES NOT WORK WHEN USER HAS DIFFERENT PROXY IN SOA |
36257615 | UPGRADE OF A CLONED CONNECTOR OUD FROM 11.1.1.6 TO 12.2.1.3 FAILS |
36286447 | OIG GET ROLE MEMBERS REST API - FIELDS FILTER DOES NOT WORK |
36323759 | AVAILABLE ROLES TO ORGANIZATION SHOW UP AS DUPLICATES |
36329814 | HAVE TO READ "COMMAS" IN SUBSTRING AFTER MODIFICATION OF OTHER PASSWORD PARAMS. |
36356465 | PREVENT SELF CERTIFICATION ALLOWS SELF USER (REASSIGN) TO COMPLETE CERTIFICATION |
36373407 | OIM12CPS4: HOW TO INCREASE CERTIFICATION NAME LENGTH |
36402690 | WORKFLOW ERROR SEEN UNDER COMMENTS SECTION OF PROVISIONING APP INSTANCE REQUEST APPROVALS PAGE |
36408896 | NOSUCHUSEREXCEPTION: IAM-3050021:THE USER WITH THE KEY NULL DOES NOT EXIST.:NULL |
36437207 | RELEASE TASK BUTTON IS NOT AVAILABLE AFTER CLAIMING AND RELOGIN FOR ENTITLEMENT CERTIFICATION |
36475747 | REMOVING PARENT REQUEST LINK FROM PENDING APPROVAL CHILD REQUEST |
36494434 | PROVISION ENTITLEMENT REQUEST NOT CREATED AFTER HETEROGENEOUS REQUEST AND APP INSTANCE REQUEST APPROVAL |
36543538 | Fix for Bug 36543538 |
36543716 | OIG12CPS4: SSO : HIREDATE NOT UPDATED WHEN IS THE ONLY DATE ATTRIBUTE |
36557222 | POST PASSWORD CHANGE IN OAM/OIG INTEGRATION NOT REMOVING SESSIONS |
36597034 | APRIL 2024 BP, OIM SERVER STARTUP THROWS ERROR WHILE UPGRADING QUARTZ SCHEDULER |
36627965 | ROLE DELETION IN SSO ENV DOES NOT REMOVE ENTITLEMENT ASSIGNMENT |
36642286 | AFTER APPLYING 12.2.1.4.240415, UNABLE TO CHG SCHED TYPE FROM NONE TO OTHER VALU |
36731617 | ACCESS POLICY DROPPING APPLICATIONS POST UPGRADE TO JAN 2024 SBP |
36757753 | POST DELETE APPLICATION INSTANCE JOB DOESN'T COMPLETE |
36761121 | SAME ISSUE - 35436101 OCCURING IN ENVIRONMENT PATCHED WITH APRIL BP |
1.24.2 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.240415
Applying this bundle patch resolves the issues described in Table 1-3 .
Table 1-3 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.240415
BUG | DESCRIPTION |
---|---|
36356530 | ENTITLEMENTS ARE NOT GETTING REMOVED FROM ENT_ASSIGN TABLE AGAINST 19C DB |
34973630 | SSO GROUP MEMBERSHIP INCREMENTAL RECONCILIATION DOES NOT CREATE ANY RECON EVENTS |
35523244 | RE-IMPORT OF INPUT XML WORKS EVEN IF CHILD FORM VERSION IN XML LOWER |
35590580 | SAPUM CONNECTOR CONTAINS TRANSFORMATION GROOVY SCRIPT WITH BLANK LINES |
35657318 | EVEN WITH PATCH 34973630 SSO GROUP MEMBERSHIP INCR RECON DOESN'T WORK |
35777713 | CHANGING USER ATTRIBUTE OF RULE BASED MEMBER INSERTS ROLE IN DYN_EVAL_CHANGELOG |
35852568 | PERF: ADDING ORGS TAKES MORE TIME WHILE CREATING CERTIFICATION DEFINITION |
35892278 | PERF: MEMBERSHIP RULE CREATED WITH 4LAKH+ USERS, DELETING THE RULE MEMBERS ARE NOT GETTING DELETED, SPIKE IN CPU UTILIZATION SEEN AND OIM SERVER SHUTS DOWN. |
35924263 | SOD: RHS USING COMBINATION OF PERIOD BRACKET, DOES NOT VIOLATE SOD RULE |
35932410 | POLICY VIOLATIONS NOT SHOWN IN THE TRIANGULAR BUTTON AT PRE-REQUEST STAGE |
35953877 | STATICDEF FLAG IS MISSING IN FOR THE PERSDEFVO |
35960716 | BUG 28297906 PREVENTS REVOKE OF RULE-BASED ROLES BY INSERTING DYN_EVAL_CHANGELO |
35967951 | 508 'FORGOT PASSWORD' FLOW, CHALLENGE QUESTIONS PAGE NOT COMPLIANT (REQ FIELDS) |
36006909 | EM CONSOLE SHOWS OIM VERSION AS 12.2.1.3 INSTEAD OF 12.2.1.4 |
36023997 | ADDING DIAG LOGS AROUND IDENTITYAUDIT AND POLICYENGINE FOR PREVENTIVE IDA SCAN |
36024115 | DELETE OPTION SHOULD BE GREYED OUT IF ALREADY BEEN USED. |
36037180 | ENTITLEMENTS OF CHILD APPLICATION NOT PROVISIONED BY ACCESS POLICY |
36038787 | ACCESSIBILITY (508) OIM - TOOLBAR - FOCUS STATE AND ORDER |
36103221 | CVE-2019-13990 |
36113229 | CERTIFICATION NOT TRIGGERED FROM EVENT TRIGGER TASK |
36121960 | IMPROVE DIAGNOSTICS IN ACCESS POLICY EVALUATION FLOW |
36126035 | OIG12CPS4: SSO : OOB HIREDATE ATTRIBUTE NOT PROPERLY HANDLED |
36126117 | OIG12CPS4: SSO : DATE ATTRIBUTE LOST A DAY (-1) ON RECONCILIATION |
36131204 | SORT BY ROLE NAME UNDER ORGANIZATION/AVAILABLE ROLES SHOW NO DATA UNEXPECTEDLY |
36141112 | MULTIPLE APP INSTANCES OF SAME RESOURCE WERE ADDED IN ACCESS POLICIES |
36212358 | NULLPOINTEREXCEPTION OCCURS WHILE ACCESSING A CERTIFICATION THAT HAS REVIEWER AS CERTIFIER ROLE |
36237135 | VIEWING CERT THROW ERROR JBO-25075: DEFINITION |
36267803 | OAP PORT IS BEEING USED FOR USER MODIFY OPERATIONS IN OIM-OAM 12.2.1.4 SSO |
36295073 | CREATOR/REQUESTOR OF MANUAL FULFILLMENT TASKS ARE GENERATED INCORRECTLY |
36302812 | ERROR WHILE OPENING MANUAL FULFILLMENT APPROVAL PAGE FOR DISABLE/ENABLE OPERATIO |
36340179 | DISCONNECTED APPLICATION ENTITLEMENTS REVOKED BEFORE MANUAL FULFILLMENT APPROVED |
36376218 | CVE-2023-35116 |
36392536 | PROVISIONING PURGE UPDATES ENT_ASSIGN TABLE WHICH MAKES SUNSET JOB TO REMOVE ENTITLEMENTS |
1.24.3 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.231215
Applying this bundle patch resolves the issues described in Table 1-4.
Table 1-4 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.231215
35525457 | "USERMODIFICATIONHANDLER" HANDLER FAILS DURING TRUSTED RECON FOR DISABLE USERS |
35565143 | DELETED USERS ARE VISIBLE IN ORGANIZATIONS->MEMBERS TAB |
35612967 | NEED TO EXCLUDE NON-ADMINROLES IN PROCESS DEFS / FORMS / ITRESOUR /OBJECTPERM |
35661368 | MANAGE SCHEDULER JOBS PAGE FUNCTIONALITY IS NOT WORKING IN PS4 |
35738692 | ENTITLEMENT CERTIFICATION REST API RESPONSE DOES NOT SHOW APPLICATION INFORMATIO |
35754158 | SCIM ORGANIZATIONS/.SEARCH TOTALRESULTS IS FALSE |
35760366 | PROVISIONING STUCK IN "IN PROGRESS" |
35765256 | CONNECTIONS LEAK REPORTED IN OIMOPERATIONSDB |
35789975 | EXPORTING_POLICY_WITH_REMEDIATOR_ROLE_DOES_NOT_CONTAIN_THE_ROLE |
35817122 | DELAYED DELETE USER JOB DOES NOT REVOKE ACCOUNTS IN SSO INTEGRATED ENVIRONMENTS |
35822746 | ROLE CRITERIA IN USER CERTIFICATION NOT WORKING FOR DUPLICATE ATTRIBUTES |
35842019 | CVE-2020-5421 |
35864584 | DISABLE USER REQUEST ACTIVATES THE DISABLED USER(DISABLED TO ACTIVE) IN OIG |
35867186 | USERATTRIBUTES DO NOT POPULATE TO MANUALFULLFILLMENTTASK WHEN WORKFLOW IS MAPPED |
35868917 | AFTER JULY SPB EXPORT CERTIFICATION TO EXCEL OR PDF IS NOT WORKING |
35870924 | PROXY IS NOT DELETED WHEN PROXY END DATE IS TODAY |
35871367 | START DATE AND END DATE IN USER ACCOUNT DETAILS SHOWS GMT (NOT SERVER TZ) |
35875469 | PREVENTATIVE VALIDATION DOESN'T WORK IF THE APP INSTANCE IS INVALID |
35875486 | PREVENTIVE VIOLATION PICKS UP INVALID ENT AND APPS FROM PENDING REQUESTS |
35928423 | WRONG TOTAL NUMBER OF USERS WITH UDFS IN THE CERTIFICATION TABLE |
36023389 | OIG INVOKING WRONG OAM REST API TO DELETE USER SESSION |
36087514 | PATCHAUTOMATIONIMPORTMDS#MERGETASKDEFINITIONS METHOD SETS "RETENSION PERIOD" |
1.24.4 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.231030
Applying this bundle patch resolves the issues described in Table 1-5.
Table 1-5 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.231030
BUG | DESCRIPTION |
---|---|
23600922 | CAPABILITY TO PURGE ACCOUNTS STUCK IN PROVISIONING STATUS |
25119504 | NEED TO HIDE OR REMOVE REVOKED APPLICATIONS FROM ACCOUNTS TAB OF SELF-SERVICE UI |
31827019 | SQL QUERIES ACTING AS THE RULES FOR THE MEMBERSHIP RULES MODULE |
31895578 | ORGANIZATION >> AVAILABLE ROLES TAB DOESN'T DISPLAY ALL ROLES PUBLISHED TO THE ORG |
33404712 | DESIGN CONSOLE LOGIN FAILS AFTER DISABLING REMOTE ANONYMOUS RMI T3 AND IIOP REQU |
34761033 | BENEFICIARY APPROVAL OF THEIR OWN REQUEST VIA PROXY |
34882216 | AUDIT TABLE UPA_UD_FORMS POOR PERFORMANCE |
34995051 | CUSTOM TASK FAILS WITH COLUMN 'MEMBERSHIP_TYPE' NOT FOUND |
35092650 | PERFORMANCE ISSUE IN THE NEW UI FOR NEW SCHEDULED JOB |
35108073 | USER WITH ORCLOIMCERTIFICATIONADMINISTRATOR ADMIN ROLE CAN'T DO SCHEDULER |
35212285 | APPLICATION INSTANCES STILL VISIBLE DESPITE DELETION AND APPLICATION INSTANCE PO |
35236038 | MODIFY ACCOUNT CAN'T REMOVE RECORD WITH CHILD FORM IN DISCONNECTED RES APP INST |
35246783 | FIX OF 35023263 NOT RAISING POLICY VIOLATIONS ON UI FOR CATALOG.USER DEFINED TAGS ATTRIBUTE. |
35261043 | MULTIPLE ACCESS POLICIES WITH CHILD MULTI-VALUE ATTRIBUTES NOT REVOKING PROPERLY |
35273891 | CVE-2023-1436 |
35289186 | CERTIFICATION NOT PICKING UP ENTITLEMENTS WITH IS_REQUESTABLE 0 |
35294931 | LARGE AP ELEMENTS CANNOT DELETE CHILD RECORDS DUE TO OPEN CURSOR LIMIT |
35317518 | CVE-2019-10086 |
35326933 | ERROR EDITING THE EXISTING SECOND LOOKUP IN THE CHILD FORM DURING MODIFY REQUEST |
35341638 | SETBCCEMAILIDS() ISSUE |
35354591 | THERE IS NO START/END-DATE CHECKING WHEN AN ENTITLEMENT IS UPDATED |
35411880 | POST DELETE APPLICATION INSTANCE JOB DOESN'T COMPLETE |
35421790 | NEED TO EXCLUDE NON-ADMINROLES IN PROCESS DEFS / FORMS / ITRESOURCE |
35436101 | 12C MULTIPLE PROCESS TASKS ON DISCONNECTED APP INSTANCE WITH DELETE TRIGGER TYPE |
35436503 | REST API - SELF-SERVICE, PATCH OPERATION,USR_MANAGER_KEY NOT UPDATED |
35446503 | DUPLICATE API GETADMINROLES CALLS WHEN SEARCH FOR USERS |
35456414 | SUPPORT SSL FOR OAM ENDPOINT /OAM/SERVICES/REST/ACCESS/API/V1/SESSIONS |
35458670 | EVALUATE USER POLICY JOB SEARCH FROM SCHEDULER PAGE IS TAKING LONGER TIME |
35520647 | CHANGE END DATE TASK NOT TRIGGERED ON UPDATING END DATE FOR SSO TARGET APPL |
35550752 | NLS:ESPANOL OIG 12.2.1.4.230408 -"RETRY TASK" AND "MANUALLY COMPLETE" DISABLED |
35570861 | ROLE CRITERIA IN USER CERTIFICATION NOT PROPERLY FORMATTED |
35632246 | SELF REGISTRATION REQUEST COMPLETES WITH STATUS "REQUEST COMPLETED WITH ERRORS" |
35650887 | INDIRECT MEMBER WITH SYSTEM ADMIN ROLE IS NOT ABLE TO SEE REQUESTS FOR APPROVAL |
35684263 | ORA-04025: MAXIMUM ALLOWED LIBRARY OBJECT LOCK ALLOCATED |
35687958 | USER WITH ADMIN ROLE ORCLOIMUSERHELPDESK UNABLE TO VIEW USERS IN ORG |
35708519 | WHILE ADDING PROXY USERS DELEGATE/REASSIGN OPTIONS NEED TO BE CONFIGURABLE |
35729545 | CONNECTION AND CURSORS LEAK DURING PROVISIONING |
35742374 | SUNRISE OF ACCOUNTS AND ENTITLEMENTS JOB NOT MAPPING REQUEST KEY IN SOA PAYLOAD |
35849805 | ROLE: THE NEW MEMBERSHIP RULE 'CREATE SQL MEMBERSHIP RULE' ONCE WE CREATE THIS FOR ROLE AND TRY TO DELETE THE MEMBERSHIP RULE, THE RULE IS NOT GETTING REMOVED FOR ROLE |
1.24.5 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.230708
Applying this bundle patch resolves the issues described in Table 1-6.
Table 1-6 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.230708
BUG | DESCRIPTION |
---|---|
35363934 | OAM OIG INTEGRATION MOVING FROM SIMPLE MODE TO CERT |
33913444 | ORACLE DBUM FULL RECON UPDATE EVENTS FOR SYS SYSTEM |
34362937 | Fix for Bug 34362937 |
34988170 | ADMINISTRATIVE TASK SHOWS LAST PERSON UPDATING THE COMMENT FOR ALL COMMENTS |
34988622 | OIM JOB_RESULT TABLE CAUSES PERFORMANCE PROBLEMS IN NEW SCHEDULER UI |
35067357 | OIG12CPS4: SUNSET/SUNRISE FAILING FOR ACCOUNTS AND ENTITLEMENTS DUE DATA FORMAT |
35089634 | POLICY VIOLATION IS TAKING USER TYPE AS NULL EVEN THOUGH THERE A VALUE ASSIGNED |
35091907 | START DATE UPDATED TASK GOES TO REJECTED STATE FOR FUTURE DATED USERS |
35132725 | LINE ITEMS SHOW INCORRECT WHEN "ROW DISPLAYED" IS MODIFIED TO DEFAULT VALUE(10) |
35170888 | Fix for Bug 35170888 |
35172134 | IMPORT FAILS DUE TO UNWANTED TAG OPENING ANCHOR TAGS TASKCLASS CLASS ORACLE.IAM.SCHEDULER.VO.SCHEDULEDTASK CLOSING ANCHOR TAGTASKCLASS |
35179150 | REMOVE ADDITIONAL CHILD DATA FROM MANUAL PROVISIONING REQUESTS |
35200244 | IMPORTING DDM XML FOR AN EXISTING ADMINROLE IGNORES CONTENTS OF SCOPEDORGLIST |
35219680 | ADDING DIAG LOGS AROUND OIM TCSERVERPROPERTIES AND DIRECTDB CONNECTION |
35317482 | Fix for Bug 35317482 |
35317518 | Fix for Bug 35317518 |
35317535 | Fix for Bug 35317535 |
35387946 | ORGANIZATION IS SET WRONGLY WHEN IMPORTING DDM XML FOR AN EXISTING ADMINROLE |
1.24.6 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.230408
Applying this bundle patch resolves the issues described in Table 1-7.
Table 1-7 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.230408
25478776 | NEED CHECKBOX TO THE PASSWORD POLICY - 'DISALLOW WHITE SPACE' |
30181040 | AOB SSHPUBKEY PRIVATEKEY EXPECTED TYPE CLASS GUARDEDSTRING ACTUAL TYPE CLASS STRING |
30413184 | METADATA.MAR CORRUPTS MDS UPON RESTART |
32703922 | USERS SPECIFIED USING NOTIFICATIONEVENT SETCCEMAILIDS RECEIVE NO EMAIL |
32792706 | FIX PARTIALLY WORKING FOR BUG 30013863 ON 12CPS4 AP'21 BP |
33032487 | ATTEMPTING TO MIGRATE LOOKUP UDFS THROWS JAVA.LANG.NULLPOINTEREXCEPTION |
33043978 | WHEN SEARCHING, USER DETAILS FROM MANAGER/DIRECT REPORTS ARE SHOWN INCORRECT |
33200385 | PUMA: INCORRECT VIOLATION DATA ON ENTITLEMENTS THAT ARE REMEDIATED/RE-GRANTED |
33640314 | NORWEGIAN CHARACTERS IN LOOKUPS ARE NOT LOADED CORRECTLY |
34018046 | CERTIFICATIONS TAKING TOO LONG TO RUN, QUERYING ROLES NOT SELECTED |
34282250 | CREATE USER WORKFLOW IS NOT TRIGGERED WHILE CREATING USER USING SCIM API |
34310069 | TOO MANY PARSE ERRORS FROM SQL IN DB ALERT LOG |
34413082 | ADMIN USER NOT ABLE TO VIEW/EDIT /MODIFY THE DELEGATE/PROXY INFORMATION |
34477734 | ACCESS DETAILS AND ACTION HISTORY TABLE IN SOA VIOLATION TASK MISSING SOME INFO |
34477796 | ABILITY TO CONFIGURE RISK ACCEPTED BEHAVIOR OPTIONALLY |
34501158 | IAM-3056102 THE OPERATION ON ROLEUSER RELATION FAILED POST 12.2.1.4.220413 BP |
34570273 | OIG12C: PAGINATION / SCROLLING PROBLEM IN HIERARCHY TAB OF ROLE |
34650686 | APPLICATION INSTANCE POST DELETE PROCESSING JOB IS NOT DELETING APP INSTANCES |
34684420 | ACTION COLUMN NOT UPDATED IN THE MANUAL FULFILLMENT REQUEST FOR DISCONNECTED APP |
34688859 | ADMIN ROLE DENY ATTRIBUTE DOESN'T CONSIDER SCOPE OF CONTROL |
34702434 | ACCESSPOLICYSERVICE.CREATEACCESSPOLICY() API ALLOWS CREATION OF AP WITH NULL DES |
34721942 | MODIFY ACCOUNT MANUAL FULLFILMENT NOT WORKING FOR FLAT FILE CONNECTOR |
34739248 | OIM.DBDIAGNOSTICLEVELRECON=FINEST CAUSES CHILDLESS RESOURCE RECONS TO FAIL |
34748958 | SSO GROUP RECONCILIATION DOESN'T WORK IF MEBERS HAVE ' IN THE DN |
34779933 | #{PAGEFLOWSCOPE.REQUESTFORMCONTEXT.OPERATION} ALWAYS EVALUATES TO MODIFY |
34798654 | ACTIVE DIRECTORY GROUPS LOOKUP RECONCILIATION NOT WORKING WHEN ADDING SEARCH BASE AS CUSTOM PARAMETER |
34801749 | NPEX WHEN TRYING TO SAVE AN ACCESS POLICY |
34809482 | MODIFY ACCOUNT MANUAL FULLFILMENT SHOW INCONSISTENT DATA FOR ENTITLEMENTS |
34811588 | Fix for Bug 34811588 |
34813588 | UPDATE CHILD FORM TASK IS UNABLE TO RETRIEVE CHILD PRIMARY KEY FROM CHILD TABLE |
34828086 | ENTITLEMENTS DISPLAYED ONLY WITH QUERY BY EXAMPLE FOR SOME USERS |
34869328 | ADMINISTRATIVE TASK VIEW SHOWING USER ID WHO CREATED FU |
34881105 | INVALID LOGGING IN DELETEUSERACTIONHANDLER.DODELETEACTIONBULK |
34887505 | CHANGES TO CASCADED LOOKUPS DEFINED IN APP. FORMS ARE NOT SAVED TO MDS SOMETIMES |
34911148 | NULLPOINEREXCEPTION IN IDENTITY USERSEARCH WHEN LOOKING FOR REPORTEE/MANAGER_KEY |
34928350 | REST MULTIPLE ENTITLEMENT REVOCATION FAILS WITH UI ERROR INVALID CHARACTER |
34966911 | OIM R12.2.1.4.221004 - SCHEDULER - MULTI-SELECT FEATURE |
34971283 | INDEXOUTOFBOUNDSEXCEPTION THROWN FROM REQUESTCONTEXTRESOLVERIMPL GETBENEFICIARYENITITYKEY |
34971803 | CHANGE NEEDED IN BULKLOAD SCRIPT TO SUPPORT SSL CONFIGURATION |
34979424 | REST API TO UPDATE ROLE END DATE SUCH THAT IT CREATES A REQUEST TO USER MANAGER |
34986264 | CERTIFICATION IS NOT GENERATED FOR CUSTOM ACCESS REVIEWERS WITH SPECIAL CHARACTE |
34994816 | SCHDULER EXPORT HAS WRONG NAME FOR TASKNAME |
35027637 | ERROR MESSAGE NOT PROPER WHEN ATTEMPTED TO REMEDIATE ENTITLEMENT FOR WHICH ALREADY REVOKE REQUEST EXIST |
35032549 | Fix for Bug 35032549 |
35042479 | ERROR WHILE UPGRADING ODSEE/OUD/LDAPV3 CONNECTOR UPGRADE 11.1.1.6.0 TO 12.2.1.3 |
35066195 | NEW OJET BASE NOTIFICATION UI |
35077243 | AFTER BUGFIX 34310069, NULLPOINTEREXCEPTION IN OIMDBROLEMEMBERSSEARCHRESPONSE |
35092033 | REMOVE WHITE SPACE CHARACTER SUPPORT FROM ALLOWED CHARS AND REQUIRED CHARS |
35092181 | AFTER 34946809 FIX THE IMPORT STILL NOT WORKING ALL THE TIME |
35141173 | AOB: THE REVOKE FOR DISCONNECTED APPINSTANCE IS NOT WORKING,IT IS NOT GENERATING MANUAL FULLFILLMENT TASK |
1.24.7 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.221215
Table 1-8 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.221215
Bug Number | Description |
---|---|
32306106 | 12C: SOME NEWLY INTRODUCED UI PAGES THROW ERROR IF FQDN IS NOT USED IN OIM URLS. |
33012531 | REMOVE MDS BACKUP FROM UPGRADE READINESS |
33397258 | PUMA: WITH PATCH 32739740 ONLY THE FIRST DIRECT REPORTEE WILL OPEN |
33830206 | OIM DATA PURGE JOB - DOESN'T DELETE UPA RECORDS |
34049064 | IAM-3050056:THE SPECIFIED VALUE {1} FOR ATTRIBUTE ... IS NOT ONE OF THE PREDEF |
34353519 | OIM CERTIFICATE DOWNLOAD FROM COMPLIANCE TAB |
34400138 | PROVISIONING COMPLETES ON DISABLED USER IN 12.2.1.4. |
34533542 | CHILD REQ REPORTS VIOLATION DESPITE OTHER REJECTED CHILD REQ IN IDA RULE |
34549257 | LOGS ARE FILLED WITH TOO MANY <ERROR> <ORACLE.IAM.APPLICATION.IMPL> MESSAGES |
34560252 | OIM12C PS4 ALLOWING APPINSTANCE HETEROGENOUS REQUEST FOR DISABLED USER |
34569844 | NPEX IN ACCESSPOLICYUTIL.EVALUATEPOLICIESFORUSER |
34599029 | OIM BULK LOAD UTILITY NOT WORKING |
34649115 | ONLY 301 ENTITLEMENTS GET EXPORTED TO EXCEL FILE AFTER APPLYING 34326544 FIX. |
34658420 | PROCESS PENDING ROLE GRANTS JOB FAILS FOR A DELETED USER |
34671135 | API ROLEMANAGERRESULT GETSUCCEEDEDRESULTS() GETFAILEDRESULTS() BROKEN |
34686736 | APHARVESTING DOES'NT HARVEST RECONCILED ENTITLEMENT IF ACCOUNT IS PROVISIONED AP |
34699238 | INDEX MISSING ON OSI.REQUEST_KEY |
34699795 | BULK LOAD ALLOWS ENTRY WITH LEADING/TRAILING SPACES IN ATTRIBUTE |
34727876 | INCORRECT LOG LEVEL - TRYING TO DELETE USER SESSION FOR OPERATION MODIFY |
34766479 | PERFORMANCE ISSUE WHEN OPENING THE JOBS PAGE AND THERE ARE HUNDREDS OF THEM |
34810671 | PERFORMANCE ISSUE WHEN LOADING THE NEW SCHEDULER UI |
34846921 | FIX UPGRADE READINESS SCRIPT IN PS4 TO AVOID TAKING MDS BACKUP |
34854621 | REST ENTITLEMENT REVOCATION FAILS WITH NULLPOINTEREXCEPTION STARTING IN OIG 12.2.1.4.220703.
Note: For details on the known issue, see Revoke Multiple Entitlements Using Rest API. |
1.24.8 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.221004
Table 1-9 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.221004
BUG | DESCRIPTION |
---|---|
24322033 | AUTO REFRESH OIM PAGE ACROSS ALL UIS |
29894165 | PROXY API NOT WORKING FOR REHIRED USER |
30702571 | REQUEST SSOTARGET APP ROLE FORM ATTRIBUTE MAPPING |
31353266 | SSOTARGET RECON SITUATIONS & RESPONSE HAS INCORRECT MAPPING FOR NO MATCHES FOUND |
31431709 | IN ACCESS POLICY IF WE ADD RESOURCE WITH ACCROUNT DISCRIMINATOR IN DENY, IT IS NOT ALLOWING TO CREATE ACCESSPOLICY |
32883804 | GRANT ENTITLEMENT API NOT WORKING AS PART OF TIMEBOUND ENTITLEMENT PROVISIONING |
33519449 | Fix for Bug 33519449 |
33522017 | CONFIGURELDAPCONNECTOR NEEDS TO BE RUN 3 TIMES TO CONFIGURE SSO |
33600552 | NO POLICY VIOLATION CREATED WHEN REQUESTING FOR A ROLE TO USER BELONGING TO AN ORGANIZATION |
33613649 | UI NOT FULLY TRANSLATED IN POLISH |
33741041 | OIG 12.2.1.4.210708 EMAIL NOTIFICATION CANNOT BE EDITED FROM GUI |
33747680 | BULKLOAD UTILITY (ACCOUNT LOAD) IS NOT WORKING FOR CONTAINERIZED OIG ENVIRONMENT |
33825625 | DIAG - OFFLINECONFIGMANAGER DOES NOT TRACK IT'S OUTPUT IN ANY LOG FILE |
33866184 | OIM CERTIF CLOSED LOOP REMEDIATION - SUPPORT DISABLING ACCOUNTS WHEN REVOKED |
33885210 | BULKLOAD DOES NOT SYNC OIM USERS TO THE CORRECT LDAP DN IN SSO |
33929285 | JAVA.LANG.INDEXOUTOFBOUNDSEXCEPTION: INDEX: 1, SIZE: 1 IN REQUESTDATASERVICEIMPL |
33939119 | CERTIFICATION RELEASE TASK BUTTON DISAPPEARS AFTER RE-LOGIN |
33976554 | ATTRIBUTE NOT PRESENT IN ENTITYDEFINITION OF USER :: DEPROVISIONING DATE |
33994385 | CERTIFICATION CAMPAIGN IS NOT SHOWING 100% WHEN ONE OF THE TASK IS RE-ASSIGNED |
34051711 | ENTITLEMENT CERTIFICATION LAST NAME SORT NOT WORKING |
34057045 | ADD / REMOVE ENTITLEMENT ACTION SCRIPT DO NOT PASS REQUIRED ATTRIBUTES |
34064672 | BULK LOAD: BULK LOAD IS THROWING ERROR WHILE RUNNING WITH WINDOWS SETUP |
34069171 | CAN'T DELETE "PASSWORD" FROM "SCHEMA" TAB |
34092726 | CHANGE PASSWORD BY END USER DOES NOT CREATE EMAIL NOTIFICATION |
34096398 | IAM-2050243 IAM-3058111- MOVE USER TO ADMIN GROUP AND BACK DOES NOT WORK SUCCESSFULLY |
34120986 | SAVING CHILD INSTANCES MAKES NO CHANGES TO SCHEMA/GROOVY SCRIPT AFTER SPB |
34141708 | PURGECACHE, UPLOADJARS.SH, DELETEJARS.SH BROKEN IN 12.2.1.4.220413 |
34160281 | DISABLE USER REQUEST, DISABLE DELETED USER (DELETED TO ACTIVE) |
34176856 | BUCKLOAD ORG DATA HANGS |
34182519 | USERMANAGER.GETDETAILS API IS RETURNING DELETED USER IN OIM 12C |
34229665 | OIM DISABLING USER WITH DISABLED UNTIL START DATE STATUS GETTING ACTIVE STATUS |
34240720 | FUTURE REHIRES ARE GETTING ENABLED ON THE DAY RECON EVENT IS RECEIVED |
34246374 | MANAGERS NOT ABLE TO CERTIFY/REVOKE THE CERTIFICATION REQUESTS IN CERTIFICATION DETAILS PAGE |
34267986 | POOR PERFORMANCE OF THE AUDIT ENGINE |
34284352 | BULK LOAD: ACCOUNT LOAD IS NOT CONSIDERING HTTP URL IN ENTER THE OIMURL OPTION, IT IS ONLY CONSIDERED T3 URL |
34287521 | NPE WHEN RESOURCE HISTORY IS EMPTY |
34294450 | TASK HISTORY DIFFERENCES AFTER UPGRADE |
34325459 | CERTIFICATION ENTITLEMENT REVOKE REQUEST SHOW WRONG REQUESTER. |
34326544 | FOR A GIVEN PROVISIONED USER, ONLY 28 ENTITLEMENTS ARE DISPLAYED IN THE IDENTITY CONSOLE |
34332846 | TRUSTED RECON: UNEXPECTED DISABLE TASK TRIGGERED |
34350516 | SSO ENV USER NOT CREATED IN OUD WHEN CREATED WITH USR_LOCKED = 1 USING REST API |
34357705 | CAN'T VIEW ORG VALUES. SQL ERROR. |
34363691 | CHANGE TASK SHOULD NOT TRIGGER FOR REJECTED DISCONNECTED APPLICATION |
34372274 | OIGOAMINTEGRATION.SH -ADDMISSINGOBJECTCLASSES DOES NOT ADD MISSING OBJECTCLASSES FOR OID |
34400746 | OIM12C PS4 IS ALLOWING DUPLICATE REQUEST SUBMISSION FOR PROVISIONED ENTITLEMENTS |
34404091 | OIM ALLOWS ROLE WITH WHITESPACE ON THE END - CORRUPTS ROLES IN SSO |
34411390 | OIM BULK LOAD UTILITY FAILS ON WINDOWS FOR ACCOUNT LOAD SINCE OCT 2020 BP |
34450144 | DISABLED USER STATUS BECOMES ACTIVE AFTER SSO USER RECON |
34454245 | NEW OJET BASE SCHEDULER UI |
34454254 | NEW OJET BASE SYSTEM CONFIGURATION UI |
34469432 | OIM_SP_ANONYMIZE_DATA_WRAPPER SP SEARCHES FOR USR_LOGIN INSTEAD OF USR_KEY |
34483392 | TRACK REQUEST STATUS DROP DOWN IS NOT TRANSLATED FULLY |
34498058 | CERTIFICATION TESTS RELATED TO REASSIGN FAILING IN CORE SUITE |
34541613 | BULKLOAD COMPLETES WITHOUT LOGS WHEN THERE IS A LEADING WHITESPACE IN THE CSV |
34574897 | ACC: OATB - MULTIPLE ISSUES RELATED TO ENCHANCE AOG 3.1 ZOOM AND TEXT SPACING |
34577727 | ACC: KEYBOARD- NOT ABLE TO HIGHLIGHT TOP 4 BUTTONS THROUGH KEYBOARD TAB KEY |
34583233 | ACC: KEYBOARD- MULTIPLE ISSUES WHILE USING KEYBOARD FOR BROWSING SCHEDULER |
34583250 | ACC: KEYBOARD- NOT ABLE TO CHOOSE ANY DROPDOWN ACTION USING KEYBOARD ON EDIT/VIEW JOB PAGE - JOB DETAILS |
34594117 | ACC: JAWS - MULTIPLE ISSUE APPREAR WHILE TESTING WITH JAWS |
34619346 | DESIGN CONSOLE IN WINDOWS IS NOT LAUNCHING AFTER APPLYING OCT'22 PATCH (34577841) |
34658707 | FIX NOT WORKING FOR BUG 33747680 WITH LATEST CONTAINER IMAGE |
1.24.9 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.220703
Table 1-10 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.220703
BUG NUMBER | DESCRIPTION |
---|---|
31285681 | THE ERROR POPUP "THE PASSWORD CHANGE OPERATION FAILED WHILE VALIDATING OLD PASS |
32119840 | CREATE USER WORKFLOW IS NOT TRIGGERED WHILE CREATING USER USING REST/SCIM API |
32954733 | DISCONNECTED ACCOUNT NOT PROVISIONED INTERMITTENTLY AFTER EVALUATE USER POL JOB |
33216328 | PUMA: IDA RULES VIOLATED COLUMN BLANKS OUT IN FIREFOX OR SAFARI BROWSERS |
33247694 | SCIM GROUPS/.SEARCH TOTALRESULTS IS FALSE |
33445061 | DUPLICATE ROLES APPEARING FOR SOME USERS IN USERS->ROLES |
33451463 | PUMA: EMPTY CUSTOM UDFS MARKED AS STRING "NULL" AFTER EXPORT/IMPORT |
33461779 | IAM-2050243 RAISED WHEN MODIFY USER ATTRIBUTE TRIGGERS ROLE/RULE EVALUATION |
33504630 | AFTER PATCH 29167604, CACHING OF USR_KEY FIXED IN 12.2.1.3, BUT NOT 12.2.1.4 |
33533162 | OIM SERVER GOES TO WARNING STATE DUE TO HEAP SIZE GROWTH WHEN USER HAS MANY ADMIN ROLES |
33539764 | WHEN REQUEST IN INFORMATION REQUESTED STATE, REQUESTER CANNOT BE WITHDRAWN |
33541821 | OIGOAMINTEGRATION.SH -ADDMISSINGOBJECTCLASSES DOES NOT ADD MISSING OBJECTCLASSES
Note: For more details, check Adding Missing ObjectClasses With OID for the workaround. |
33588973 | A TIME LIMITATION OF MAXIMUM 6 MONTHS SHOULD BE ADDED ON THE PERIOD OF DELEGATIO |
33656656 | GROOVY TRANSFORMATION CAUSES TWO PROCESS TASKS TO BE RUN - 1ST BAD 2ND OK |
33669502 | OIM DISABLE REQUESTS SHOWING REQUEST COMPLETED, EVEN AFTER TASK FAILED |
33790250 | ROLE MEMBERSHIP END DATE ERROR MISLEADING |
33889775 | CANNOT RE-CREATE ROLE IN OIG 12C SSO ENVIRONMENT |
33926014 | MISSING FOREIGN KEY INDEXES AFTER UPGRADE TO OIM 12.2.1.4.X |
33932731 | CHANGEACCOUNTPASSWORD() API IS NOT WORKING WITH RACF TARGET WITH SPL CHARS PWD |
33937973 | OIG- ROLE CERTIFICATION ASSIGNMENT WITH PROXY SCENARIO |
33945782 | ENABLE USER REQUEST, ENABLES DELETED USER (DELETED TO ACTIVE) |
33990557 | ISSUE WITH 12C PROXY BASED FUNCTIONALITY |
33997963 | BULK LOAD UTILITY FAILS WITH "ORA-00907: MISSING RIGHT PARENTHESIS" |
33998355 | DISC APP INSTANCE GOES TO PROVISIONED EVEN THOUGH NO LONGER IN AP |
34028543 | Fix for Bug 34028543 |
34030611 | POLICY VIOLATION REMEDIATE OPTION IS GIVING ERROR "ENTITLEMENT KEY NULL NOT EXIST FOR USER KEY 11. COMMENTS : TESTING" |
34035838 | WHEN USERID REUSE CREATELDAPACCOUNTPOSTPROCESSHANDLER SEARCHKEYNOTUNIQUEEX ERROR |
34049752 | UI ROUNDS OFF THE CERTIFICATION CAMPAIGN TO 100 % COMPLETION WHEN IT IS AT 99.5% |
34056111 | FAILED TO RUN RETRY FAILED ORCHESTRATIONS SCHEDULED JOB |
34089570 | AFTER BUGFIX 34035838 THE SSOTARGET ACCOUNT IS LINKED VIA ORC_KEY TO OLD USER |
34121706 | SLOWNESS WHEN SELECTED ADMIN ROLE IN ORAGANIZATION MEMBERS PAGE |
34130414 | NO REQUESTID IS PRESENT IN CREATE USER RESPONSE OF CREATEUSER REST API |
34150102 | ORCLOAGINTEGRATIONADMIN ADMIN ROLE IS NOT SCOPED TO ANY ORG BY DEFAULT |
34176248 | CERT_TASK_ACTION.ACTION_DATE IS NULL ON CERTIFICATION RE-ASSIGNMENT |
34181427 | NPE IS THROWN DURING THE EBS RECON JOB RUN |
34266397 | ENTITLEMENT DELETED DOES NOT MOVE ENTRY FROM ENT_LIST TO ENT_LIST_HIST |
1.24.10 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.220413
Table 1-11 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.220413
BUG NUMBER | DESCRIPTION |
---|---|
25109611 | PASSWORD CHANGE REQUEST FOR XELSYSADM SHOULD BE SYNCED WITH CSF |
30546850 | AOB: ERROR THROWN WHILE TRYING TO AUTO DISCOVER WHILE EDITING THE APPLICATION |
30757118 | DIAG: PATCH_OIM_WLS OVER-WRITES LOG FILE OF PREVIOUS BPS / ATTEMPTS |
31005588 | EVALUATE USER POLICIES JOB DELETES ENT_ASSIGN TABLE RECORDS AND RECREATES THEM ON USER EVALUATION |
31159979 | LOCK/UNLOCK USER THROWS JAVA.LANG.NULLPOINTEREXCEPTION: UICOMPONENT IS NULL |
31873080 | OIM DBUM USER DELETE RECON REVOKED TARGET ACCOUNT WITH EXPIRED & LOCKED STATUS |
32539201 | UPDATE ACTION SCRIPT DO NOT PASS THE REQUIRED ATTRIBUTES |
32666165 | ADMIN ROLE ACCESS POLICY VIEWER ALLOWS USER TO START CHANGING |
32720089 | AOB:TARGET ATTRIBUTE NAME VALUES GIVEN IN SCHEMA MAPPINGS ARE NOT GETTING SAVED |
32986671 | SELF-SERVICE CONSOLE CRASHES WITH "AN UNRESOLVABLE ERROR HAS OCCURRED. PLEASE CONTACT YOUR ADMINISTRATOR FOR MORE INFORMATION." WHEN TOGGLING THE "CHANGE PASSWORD SECTION" |
33129060 | ACCESS POLICY SHOULD NOT HONOR THE DELETED ENTITLEMENTS MAPPED TO IT FOR ROLE BASED PROVISIONING |
33171832 | PUMA: IDENTITY AUDIT VIOLATION COMPLETED BY AN ADMIN DOES NOT RESULT IN COMPLETION |
33171971 | PUMA: TARGET ACCOUNT IS EMPTY IN REMEDIATION APPROVAL TASKS |
33275507 | ACCOUNT END DATE CAN BE SET HIGHER THEN THE USER END DATE |
33279653 | ISSUE WITH THE CREATE USER APPROVAL WORKFLOW-DUPLICATE REQUEST |
33284404 | UPDATED TASKS ARE FAILING AFTER APPLYING IDM SBP |
33351565 | FLATFILE ENT RECON DISPLAY NAMES WITH SPECIAL CHARACTERS INCORRECTLY LOADED |
33399996 | OIM CLONE CONNECTOR SHOULD REPLACE ALL OCCURRENCES OF OLD NAME |
33400563 | BENEFICIARYLOGINID AND REQUESTERLOGINID IS STILL NOT CONVERTED INTO POLISH LOCAL |
33412499 | ROLE SYNC MISSING WHEN LDAPSYNC IS REPLACED WITH CONNECTORS |
33449308 | NEED A SERVICE OR API THAT CAN VALIDATE ANSWER FOR USER/LOGIN QUESTIONS |
33472511 | UPG - XELSYSADM PASSWORD IN NOT IN SYNC WITH CSF KEYSTORE |
33487303 | ATPS: BULK LOAD UTILITY IS NOT WORKING WITH ATPS SETUP |
33494174 | VIEW ANALYTICS FOR ROLE CHANGES DOES NOT WORK IN POLISH LANGUAGE |
33495897 | RESOURCE HISTORY IS NOT DISPLAYED COMPLETELY AFTER PATCH 30119475 |
33505020 | PUMA: UI REMOVING RULE BASED ROLE MEMBERSHIPS UPON INITIATION OF DELAY DELETION |
33505355 | POST OCT SPB "OBPASSWORDCHANGE" FLAG NOT GETTING RESET BUG 33393102 CONTINUES... |
33536274 | Fix for Bug 33536274 |
33537410 | PUMA: MANAGER UNABLE TO VIEW COMPLETE/EXPIRED CERTS WHEN A PROXY IS ASSIGNED |
33584027 | USERS SHOWING UP TWICE IN LOG FILE IN PROXY RELATED ERROR MESSAGE |
33586166 | REQUEST.GETAPPROVALDATA() FAILS IN 12C, SAME CODE WORKS IN 11G |
33587015 | PATCH_OIM_WLS.SH SCRIPT HANG AFTER APPLIED THE IDM_SPB_12.2.1.4.211014 |
33625845 | DISABLE/DELETE SCHEDULED JOB NOW REMOVES ROLES FROM DISABLED USERS IN 12C |
33644344 | RECONCILED ENTITLEMENTS SHOULD BE HANDLED VIA ACCESS POLICY USING APH |
33652287 | PUMA: EXPORT/IMPORT OF ACCESS POLICIES DOES NOT MIGRATE CHECK BOX VALUE |
33652306 | PUMA: SYSTEM PROPERTIES IMPORT FROM ONE ENV TO THE OTHER IS NOT WORKING |
33653708 | FORM IS CORRUPTING AFTER AOB TEMPLATE/SCHEMA CHANGES |
33655238 | GETTING NO ENUM CONSTANT ERROR FOR ORGANIZATION TYPE AFTER APPLYING OIM BUNDLE PATCH 12.2.1.4.211010 |
33673956 | APP INSTANCE CERTIFICATION PERFORMANCE ISSUE |
33676752 | ER 32288237 REPLACED SSO PASSWORD HANDLER AND INTRODUCED PROB WITH EXPIRY DATE |
33684726 | USR_PWD_CREATION_DATE NULL CREATING NEW USER W/O PASSWORD |
33692276 | USER DETAIL SHOWS EMPTY IN USER CERTIFICATION WHILE MODIFYING [ROWS DISPLAYED] |
33694284 | WRONG WORDING ON CONFIRMATION DIALOG WHEN CLAIMING OPEN CERTIFICATIONS |
33697050 | NEW PROVISIONING API TO RETURN THE LIST OF USERS PROVISIONED WITH SPECIFIED APP INSTANCE |
33711997 | AOB: AUTHORITATIVE APP ATTRIBUTE NAME VALUES GIVEN IN SCHEMA MAPPINGS ARE NOT GE |
33735241 | Fix for Bug 33735241 |
33738824 | USERMANAGER.DELETE RETURNS USERMANAGERRESULT WITH NULL STATUS |
33745642 | RECON DATA PURGE IS COMPLETED WITH ERROR(S) ORA-06502 AT OIM_SP_RECON_ARCHPURGE |
33768054 | CHILD FORM IS CORRUPTING AFTER AOB TEMPLATE/SCHEMA CHANGES |
33780050 | INDIRECT ROLES NOT POPULATED IN OIMASSERTIONLOGINMODULE AND OIMAUTHLOGINMODULE |
33791086 | ROLE NOT ADDED TO TABLE PENDING_ROLE_GRANTS WHEN END DATE SET BY APPROVER |
33793732 | BROKEN HYPERLINK IN TRACK REQUESTS PAGE : FIREFOX |
33796313 | ORG SEARCH ERROR WHEN THERE IS A LARGE AMOUNT OF ORGS |
33862402 | NO OPTION TO SELECT THE DISPLAY NAME OF THE ROLE UNDER MANAGE --> USERS -->ROLES |
33909965 | REGRESSION OF BUG 33279653 |
33934140 | NOSUCHMETHODERROR ACCOUNTHANDLERUTIL.CREATEUSER IN SEEDOIMDATAINTARGETLDAPIMPL |
33946147 | OIG-CONFIG-UTILITY.SH IS NOT RUNNING IN APRIL BP, IT IS THROWING ERRORS WHILE RUNNING THE UTILITY |
33946292 | CLASSPATH.SH IN APRIL BP IS STILL REFERING THE OLD JAR REFERENCES |
33989996 | INTEROP: WHEN WE SET PASSWORD EXPIRY DATE TO BLANK AND TRY TO RESET THE PASSWORD IT IS STILL NOT WORKING IN PS4 + APRIL BP (33929963) |
34011734 | BENEFICIARYLOGINID AND REQUESTERLOGINID IS STILL NOT CONVERTED INTO POLISH LOCAL |
34035584 | DESIGN CONSOLE FORMS NOT OPENING IN LATEST BP |
34062173 | IN WINDOWS, DESIGN CONSOLE ADAPTER FACTORY FORM IS NOT OPENING IN LATEST BP, IN LOGS IT IS THROWING ERROR '.NOCLASSDEFFOUNDERROR |
1.24.11 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.220115
Table 1-12 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.220115
Bug | Bug Abstract |
---|---|
30200580 | DIAG: ORACLE.IAM.APPLICATION.IMPL ERROR CONSUMES STACK ON TRANSFORMATION |
31155251 | REQUESTS GETS FAILED IN IDENTITY MANAGER |
31895248 | REGRESSION BUG 29750388 : SEARCH IN "REQUEST FOR OTHERS" IS NOT WORKING |
32331154 | NON REQUESTABLE ROLES DOESN'T APPEAR IN THE USER CERTIFICATION |
32390472 | OIG PRE-UPGRADE REPORTS INCORRECTLY IDENTIFIES 19C DB AS UNSUPPORTED VERSION FOR OIM 11GR2PS3 WHILE UPGRADING TO 12C |
32492120 | PROVISIONING TASKS - OPEN TASKS - EDIT FORM RENDERS DATES INCORRECTLY USING 2 DIGIT YY |
32540331 | SEARCH BUTTON NOT EASILY VISIBLE IN THE SYSADMIN LOOKUP UI |
32760053 | OIM DN GENERATION LOGIC FAILS TO GENERATE DN USING ESCAPE CHARS |
33060231 | BULK REVOKE ENTITLEMENTS REQUEST SHOWS JBO ERRORS, INCORRECT ACCOUNTS |
33066536 | OIM TRUSTERD DELETE RECON UNEXPECTED TO DELETE OIM USERS |
33086686 | EXTEND FIX OF BUG 31038511 TO ALL TYPE OF CERITIFICATIONS - SEE EH 27284033 |
33113521 | PROXY USER WRONG MESSAGE |
33171625 | CHALLENGE QUESTIONS GIVES ERROR WHEN USER DEFINED IS SELECETD IN PASSWORD POLICY |
33190066 | 12.2.1.4.0 OIM: ATPSCERT: ATP S: RCU PRE-REQ FAIL FOR OIM SCHEMA WITH ATP S DB |
33246155 | PUMA: PREVENTATIVE SCAN NOT WORKING WHEN A ROLE IS ALREADY REQUESTED |
33319198 | DELETED USER ACCOUNT CLEAN UP JOB DOESN'T WORK IF DUPLICATE ACCOUNTS EXISTS |
33350167 | ANYTIME A WORKFLOW IS ACCESSED IN THE OIG UI WE GET SERIALIZABLE ERRORS |
33379590 | CLASSCASTEXCEPTION: INTEGER TO STRING WITH INTEGER UDF WITH IN MEMBERSHIP RULE |
33404573 | 12.2.1.4.0 OIM:FMWATPS ATPSCERT HOT: Pop-ups seen in RCU log-Error creating PL/SQL Object's: OIM_SP_MANAGEENTITLEMENT,OIU_UPDATE |
33407956 | Fix for Bug 33407956 |
33417218 | OIG 12CPS4 OCT BP , ROLLBACK REAPPLY IS CHANGING THE STATUS OF CERTIFICATION TO STALE |
33419121 | MODIFY ADF CACHE SIZE CONFIGURATION FOR TABS |
33428494 | UPDATES TO USER (USR) NOT PROPAGATED TO ACCOUNTS IN 'PROVISIONING' STATUS |
33440181 | JOB DELETED USER ACCOUNT CLEAN UP JOB FAILS IF ANY UD TABLE CONTAINES ONLY PK AND FK COLUMNS |
33449049 | USER CREATION FAILS IN OIM AD SETUP WITH PATCH 33429084 |
33452123 | USER ROLE GOT REVOKED, FOR A VALID 'USER MEMBERSHIP RULE' |
33462000 | JPS-CONFIG.XML CONTAINS LEFT OVER OAM 11G INFO CAUSING ISSUES WITH 12C |
33465669 | NPE ERROR WHILE STARTING OIM AFTER UA IF ORACLE_HOME IS INVALID |
33471784 | BOOTSTRAP PROCESS FAILS DURING DEPLOYSOACOMPOSITES DUE TO CONNECTION NOT AVAILABLE |
33474286 | VALIDATION OF OPSS VERSION NEEDED IN PRE-UPGRADE REPORT |
33629042 | USER CERTIFICATION CREATION WITH OPTION "RETAIN EXPIRY DATE" GIVES NULLPOINTEREXCEPTION IN SCHEDULED JOB |
1.24.12 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.211010
Applying this bundle patch resolves the issues described in Table 1-13
Table 1-13 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.211010
Bug Number | Description |
---|---|
22780597 | UPDATEROLEGRANT DOES NOT HANDLE THE STARTDATE / ENDDATE ATTRIBUTES |
27432438 | ALL THE FIELD LENGTHS IN THE USR TABLE SHOULD MATCH WITH THE CERT_USER TABLE |
28078904 | PREVENT APPLICATION INSTANCES REVOKE WHEN ENTITLEMENTS OUTSIDE ROLE EXIST |
28545612 | ENT_ASSIGN_HIST DOESN'T SAY HOW THE USER ACCESS IS PROVISIONED |
28882181 | ARM_AUD TABLE NOT UPDATED DURING ADMIN ROLE ASSIGNMENT |
29167604 | SERVER CACHING AUTH BETWEEN SELFREGISTRATION AND CREATE USERS REST CALLS |
29950705 | ALL ACCESS POLICY ENTITLEMENT REQUEST SHOULD HAVE REQUESTER DETAILS SIMILAR TO OTHER REQUESTS |
30043034 | OIM USER FORM DATE UDF ATTRIBUTE NOT FUNCTIONING PROPERLY IN SSO ENV |
31038511 | CERTIFICATION REASSIGNED OR DELEGATED RESETS TIME SEE EH 27284033 |
31140352 | ADD FEATURE FOR ARCHIVING AND PARTITIONING ENT_ASSIGN_HIST TABLE |
31464255 | SOD VALIDATION AGAINST ENTITLEMENTS WHICH ARE REQUESTED |
31771784 | IDENTITY AUDIT RULE DESCRIPTION IS LIMITED TO 256 CHARS |
31784882 | CUSTOM TASKFLOW MESSAGE OVERWRITTEN BY DEFAULT MESSAGE |
31786287 | BULK OPS IS MASKING PASSWORD CHANGE SEE BUG 31687980) |
31934316 | MANDATORY CERTIFICATION COMMENTS FOR ALL CERT LINE ITEMS |
31940390 | PUMA: ENTS ASSIGNED OUTSIDE OF ACCESS POL ARE LEFT STRANDED AFTER ROLE REMOVAL |
31995394 | OIM 12C PS3 EXPORT/IMPORT TOOL NOT WORKING PROPERLY |
32258285 | PROVISIONING OPEN TASKS SEARCH DOES NOT GET THE TASK STATUS TRANSLATED TO POLISH |
32305321 | CLARIFICATIONS ON USAGE OF THE LOCAL TEMPLATE ADD ATTACHMENT API. |
32324514 | INTERFACE PROVISIONINGSERVICE.GETACCOUNTSPROVISIONEDTOUSER THROWS NPE |
32379310 | CERT EVENT LISTENER TRIGGERED FOR CERTIFIED USERS EVEN WHEN NO CHANGES ARE MADE WHEN CERT OPTION PREVENT SELF CERTIFICATION ENABLED |
32416424 | PUMA: DISPLAY ACCOUNT TYPE IN OIM ACCOUNT CHOOSER POPUP |
32488483 | SERVICE ACCOUNT CHECKBOX IS NOT CHECKED WHEN REQUEST MADE VIA REST API |
32523570 | ACTION COMMENTS DUPLICATED FOR REJECT,ESCALATE OPERATIONS DURING APPROVALS THROUGH REST API |
32542298 | SSOTRUSTED-FOR-SSOTARGET ORGANIZATION NAME RECON FIELD SCHEMA PROPERTY ENABLE / DISABLE NOT HONORED |
32545659 | BUG 30516224 CONTINUED -- NEED SUPPORT FOR PERIOD CHARACTER |
32567175 | REVIEWER "SEARCH FOR A ROLE" NOT WORK |
32586438 | PROCESS TRIGGER NOT FIRING FOR END DATE |
32619046 | AOB DBAT CONNECTOR LOCKING THE TARGET SYSTEM USER ACCOUNT |
32644878 | HOW TO CONFIGURE OHS FOR CERTAIN LOCATIONS NOT DOCUMENTED IN THE HA GUIDE? |
32670128 | ADDING ADDITIONAL ENTITLEMENTS TO AP DOESN'T RE-EVALUATE AND ADD TO USER |
32682939 | PUMA: MANAGER WITH ACTIVE PROXY DOES NOT GET ACTIONABLE EMAIL ABOUT APPROVAL ASSIGNMENT |
32683903 | DIAGNOSIBILITY : NOT ABLE TO EDIT IT RESOURCE |
32710101 | ISSUE AUDIT MESSAGE TASK DOES NOT PROCESS AUDIT DATA FOR FEW USERS |
32710741 | SSOTRUSTEDFORSSOTARGET RECON EVENT FAILS WITH INVALID MANAGERLOGIN ERROR |
32716632 | UNABLE TO CHANGE THE LOOKUP NAME FOR A CLONED CONNECTOR |
32717850 | DISABLED USERS SHOULD NOT BE EVALUATED BY ACCESS POLICY |
32726134 | DIAG:CERTIFICATIONCOMPLETIONUPDATERUNNABLE.RUN PRINTS "NULL" INSTEAD OF ERROR |
32739740 | CANNOT SORT OPERATIONS IN WORKFLOW AFTER APPLYING PATCH 31797847 |
32747711 | OAM / OIM AD MODIFIED USER IS RECONCILED LIKE {BASE=DISPLAYNAME} |
32764420 | NEED WORKING EXAMPLE OF SCHEDULERSERVICE.CREATESCHEDULEDTASK(ST) |
32769357 | POST PROCESS CODE IS NOT GETTING INVOKED WHEN USER UNLOCK IS DONE ON UI. |
32827236 | SCREEN PACKAGE THAT IS REQUIRED FOR OIM-OAM INTEGRATION IS DEPRECATED IN RHEL8 |
32830574 | SCRIPT UPDATE_OIM_AUTHENTICATE_PROVIDER FAILS IF THE DOMAINS FOLDER NOT PRESENT |
32843595 | ORGANIZATION TYPE/STATUS IN MANAGE - APPLICATION AREA PAGES NOT TRANSLATED TO BROWSER LOCAL |
32880383 | SUNSET JOB UNABLE TO REMOVE ACCESS IF THE ENTITLEMENT REQUEST IS APPROVED AFTER |
32902773 | IAM-2050243 FAILED WHILE DISABLING USER WHEN WORKFLOWS ENABLED IS FALSE AFTER BP |
32903652 | UNINSTALLCONNECTOR DELETE ONE RESOURCEOBJECT RESULT IN ALL ITRESOURCE OF SAME CONNECTOR TYPE REMOVED |
32939218 | NULL DATES ARE STORED AS 01-JAN-1970 (JAVA EPOCH) IN AUDIT TABLES |
32977106 | PASSWORD VALIDATION FAILS IF IT HAS LEADING/TRAILING SPACES UNDER MY INFO PAGE |
32998646 | USERMANAGER.DELETE(USER_LOGIN,TRUE) FAILS WITH INVALID NUMBER ERROR |
33000675 | DIAG: NEED DIAGNOSTIC PATCH IN ACCESSPOLICYSERVICEIMPL.UPDATEACCESSPOLICY/PROCESSWITHOUTRESULT |
33005552 | NPE IN DELAYED DELETE USER WITH JOB HISTORY JOB USERAUDITHANDLER |
33018171 | ISSUE WITH ORGANIZATION BULK LOAD WHEN SPECIAL CHARACTER / ARE PRESENT |
33066442 | DELEGATED CERTIFICATIONS NOT FILLING IN CERT_TASK_ACTION.ACTION_DATE |
33069593 | FORGOT PASSWORD RESET FAILS WITH VAGUE GUI ERROR MESSAGES |
33069995 | "COMMON NAME" NOT POPULATED DURING NON-SSO TRUSTED RECON IN 12CPS4 SSO ENV |
33088894 | REQUEST JUSTIFICATION FIELD NEEDS TO BE IN LOCAL LANGUAGE |
33091106 | ERROR ON "OFFLINE DATA PURGE FRAMEWORK" UTILITY IN OIG 12CPS4 |
33097801 | REST API FAILS TO COMPLETE CERTIFICATION WITHOUT PASSWORD IN PS4 |
33102762 | AOB: FLAT FILE TARGET RECON JOB NOT WORKING CORRECTLY WITH INSTANCE APP |
33103959 | DUPLICATE TASK DEFINITION IN TASK.XML AFTER UPGRADE FROM 12.2.1.3 TO 12.2.1.4 |
33112078 | EMAIL NOTIFICATION ATTACHED TO ASSIGNMENT TAB OF PROCESS TASK IS NOT TRIGGERING |
33119876 | NEED TO SHOW APPLICATION INSTANCE DISPLAY NAME IN THE ERROR MESSAGE SHOWN IN UI (AS PER BUG 30952309) |
33120542 | PREUPGRADEUTILITY IS FAILING WITH COMPATABLE_PARAMETER_CHECK ERROR |
33129135 | PROMPTING FOR PASSWORD UPDATE WHILE UPDATING THE BASIC INFO IN MY INFO TAB |
33137945 | TESTCASE FAILURES IN ACCESS POLICY MODULE AFTER THE FIX 31995394 |
33150481 | IN AN SSO INTEG OIM-OAM ENV, UPDATING THE USR_COMMON_NAME NULLS USR_LDAP_GUID |
33160341 | DOES NOT BEGIN WITH OPERATOR IN AUDIT RULE DOES NOT WORK FOR BLANK VALUES |
33165095 | ORGANIZATION SEARCH ERROR IN OIM 12.2.1.4.210428 |
33165837 | SUBMIT REQUESTS REST API IS ALWAYS SUBMITTING THE REQUEST FOR ASSIGN ROLE ONLY |
33174111 | UNABLE TO CLOSE RECON EVENTS AFTER RUNNING OFFLINE DATA PURGE JOB USING API |
33182890 | ORCHESTRATION OFFLINE PURGE FOR RETENTION PERIOD 365 DAYS IS NOT WORKING |
33214891 | USER CREATION FAILS IN OIM 12C WHEN REQUESTENTITY API IS USED |
33225499 | DISABLED USERS WITH PAST END DATE NOT GETTING USR_AUTOMATICALLY_DELETE_ON SET |
33243897 | AOB: SETTINGS TAB NOT DISPLAYING RECON JOBS WHILE CREATING INSTANCE APPLICATION OF AUTH APP OR EDITING AUTH APP OR ITS INSTANCE APP |
33255209 | SOA WORKFLOW IS ACCESSED WHEN WORKFLOWS ENABLED IS FALSE UNDER PATCH 32902773 |
33275455 | OIM DELETE USER OPTION IS FAILING AFTER BP 210708 WITH WORKFLOW ENABLE = FALSE |
33276969 | POST UPGRADE 12CPS4 OIM SERVERS GOING TO WARNING STATE AND AUTO-HEALED |
33279285 | THE OIG.BENEFICIARYMANAGERAPPROVALWORKFLOWS SYSTEM PROPERTY IS MISSING IN LATEST SHIPHOME |
33292833 | REST: THE OPERATION PARAMTER MUST BE OPTIONAL IN THE ROLE REQUEST |
33305314 | CUSTOM EMAIL NOTIFICATIONS GET NO PARAMETER WHEN TEMPLATE TYPE SET TO TEXT/PLAIN |
33321617 | UNABLE TO CREATE ROLE WHEN ENFORCESINGLEACCOUNTPERAPPLICATIONREQUEST IS SET TO TRUE |
33404123 | SYSTEM PROPERTY WORKFLOW ENABLE = FALSE IS PARTIALLY CASE SENSITIVE |
1.24.13 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.210708
Applying this bundle patch resolves the issues described in Table 1-14.
Table 1-14 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.210708
Bug Number | Description |
---|---|
28433832 | PROCESS TASKS ARE NOT TRIGGERED WHEN THERE ARE DUPLICATE ENTRIES IN LOOKUP |
30516224 | IDENTITY AUDIT RULES CONTAINING SPECIAL CHARS DO NOT RAISE POL. VIOLATION |
30641393 | REST USER SEARCH ON DATE ATTRIBUTE DOES NOT FILTER ON TIMEZONE |
30952309 | ENTITLEMENT REQUEST STUCK IN REQUEST AWAITING DEPENDENT REQUEST COMPLETION |
31724255 | Fix for Bug 31724255 |
31781952 | OIM_SP_CERT_ARCHPURGE STORED PROCEDURE INCORRECTLY ARCHIVING CERTS_USER ROW |
32043090 | CATALOG REQUEST PROFILES NOT DISPLAYING VALUES DURING CATALOG REQUEST |
32288237 | PERFORMANCE ISSUE WITH PASSWORD RESET IN SSO ENVIRONMENT (12C)
Note: For details, see Improving Reset Password Performance on AD Integration. |
32306365 | PUMA: ROLES ARE REMOVED WHEN USERS ARE SOFT DELETED USING DELAY DELETE |
32408854 | PUMA: TEST CONNECTION FAILS FOR DBUM INSTANCE |
32461462 | OIM API NOT EXPOSING METHOD TO DECRYPT ENCRYPTED UDF |
32635254 | OIM CN GENERATION LOGIC FAILS TO GENERATE UNIQUE CN USING SPECIAL CHARS |
32680717 | PUMA: LDAP USER SEARCH DELETE RECON BEHAVE DIFFERENTLY THAN USER |
32704620 | REVOKING ROLE VIA CERTIFICATION PROCESS IS NOT GENERATING REQUEST TO REMOVE ROLE |
32705847 | ATTRIBUTE VALUES IS NOT VISIBLE IN PENDING VIOLATION TASK VIEW |
32739454 | PRE-UPGRADE REPORTS CONTAINS UNWANTED OIM12CPS3 BP02 INFORMATION |
32742292 | ONEHOP IS THROWING NPE WHILE UPGRADING ORACLE IDENTITY MANAGER SCHEMAS USING THE UPGRADE ASSISTANT STEP |
32763040 | OUTOFMEMORY EXCEPTION WHILE ADDING MEMBERS TO ADMIN ROLE |
32806846 | MULTIPLE MANUAL REVOKE ENTITLEMENT TASKS GENERATED FOR ACCESS POLICY DISABLE |
32881765 | RESOURCE HISTORY NOT LOADING WITH LOAD BALANCER URL IN OIG 12CPS4 CLUSTER ENV |
32984575 | UNABLE TO CREATE THE APPLICATION INSTANCE FOR DBUM CONNECTOR |
1.24.14 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.210428
Applying this bundle patch resolves the issues described in Table 1-15.
Table 1-15 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.210428
Bug Number | Description |
---|---|
16755363 | IDMUPG:PS5-PS6:OIM UPGRADE SCRIPT THROWS NPE AFTER APPLYING PATCH 16609934 |
25386874 | ER: NEED CONSISTENCY IN INTEGRATED OIM AND OAM FOR LANGUAGE PREFERENCE |
28819255 | CREATION OF THOUSANDS OF UNEXPLAINED UPDATE TASKS |
29973037 | OIM 11.1.2.3.X AUDIT - UPA TABLE IS NOT RECORDING DELTA INFORMATION PROPERLY |
30013863 | CAN'T CHANGE/UPDATE ATTRIBUTES ON AOB SCHEMA |
30054791 | ADMIN ROLE ACCESS POLICY VIEWER ALLOWS USER TO START CHANGING |
30107277 | CONNECTOR UNINSTALLATION FROM AOB DELETES ADAPTERS AS WELL. |
30110645 | AOB: REMOVAL OF A CHILD FORM REMOVES TASKS FROM OTHER APPLICATIONS |
30141533 | CREATE ADMIN ROLE ERROR |
30155470 | OIG 12.2.1.3.190624 REST API REQUESTS RETURNING ERROR WITH CUSTOM COMPOSITE |
30201821 | [ROLECERT]: PROXY USER SHOULD BE CERTIFIED BY THE CERTIFIER'S MANAGER |
30265046 | OIG SUBMIT BUTTON OF IDENTITY FIRST LOGIN PAGE SHOULD BE THE LAST READING ORDER |
30272992 | FEW REQUESTS MOVED TO FAILED STATUS WITH AUTO APPROVAL WORKFLOW |
30465556 | CERTIFICATION FAILS IF CATEGORY_COUNT_OPTION IS TO 1 OR 0 |
30581388 | ADVANCED SEARCH WITH CHECKBOXES LEADS TO ERROR: JAVA.LANG.BOOLEAN CANNOT BE CAST |
30586440 | NPE ERRORS WHILE CREATE ADMIN ROLE ERROR |
30628628 | PROCESS PENDING ROLE GRANTS WHEN ROLE IS DELETED |
30674852 | ROLE CERTIFICATION FAILS USING ACCESS POLICY WITH MULTIPLE APPLICATION INSTANCES WITH THE SAME ENDPOINT |
30719311 | PASSWORD POLICY RULE "MINIMUM PASSWORD AGE (DAYS)" IS NOT HIGHLIGHTED |
30773475 | OIM ORGANIZATION GETTING DISABLED INTERMITTENTLY IN PRODUCTION . |
30844901 | PRE-POPULATING ATTRIBUTES NOT WORKING FOR USERS IMPORTED VIA BULK LOAD UTILITY |
30901352 | SCIM DOES NOT RETURN CORRECT USERS WHEN USING ENDPOINT /IAM/GOVERNANCE/SCIM/V1/U |
30908422 | ROLE CATEGORY CONSIDERED DUPLICATE IN UI |
31060268 | OIG12C: ALLOWS YOU TO UPDATE AN EXISTING AP AND ADD 2ND APP FOR SAME RO |
31342188 | USER IS NOT CREATING IN LDAP POST SOA APPROVAL |
31353225 | FILTER IN SSO FULL AND INCREMENTAL RECON JOB DOES NOT WORK. |
31397729 | DIAG:QUARTZTRIGGERLISTENER.TRIGGERMISFIRED DOES NOT DISPLAY TRIGGER NAME |
31467891 | ACCESS POLICY EVALUATION INITIATES PROCESS TASKS FOR NULL CHECKBOX VALUES |
31525878 | OIM 12C SSO USER TARGET RECON OVERWRITING "ORGANIZATION NAME" VALUE WITH "XELLERATE USERS" DEFAULT VALUE |
31576436 | EVENTFAILEDEXCEPTION AND REQUESTSERVICEEXCEPTION IS SEEN IN THE LOG AFTER THE REQUEST STATUS TASK IS EXPIRED |
31592160 | TRACK: OIM DATA PURGE JOB FAILS WHILE PURGING THE RECON DATA FROM RA TABLES |
31626677 | OIMDBPLUGIN NOT INTERPRETING ESCAPED PARENTHESIS IN GROUP NAMES IN LDAP QUERY CORRECTLY |
31634715 | OIM 12.2.1.4.0:OIG RCU SQL MODIFICATIONS REQUIRED TO SUPPORT OIG DB ON ATP-D AND ATP-S |
31656655 | MISSING REQESTER ID LEADS TO REQUEST FAIL |
31637673 | VIEW FORM OR EDIT FORM IS BLANK FROM OPEN TASKS PAGE |
31683884 | "FOR REPORTEES" OPTION IS NOT TRANSALATED TO BROSWER LANAGUGE |
31732078 | IAM-3054101 : THE LOGGED-IN USER DOES NOT HAVE VIEWSEARCHENTITY PERMISSION |
31748217 | ADF: ACCESS POLICY APPLICATION FORM FORCING TO ENTER AS FIRST VALUE THE FIELD MARKED AS ACCOUNT DISCRIMINATOR BEFORE ANY LOOKUP |
31765258 | UPDATING CERTIFICATION LINE ITEM USING REST RETURN HTTP ERROR 500 "GETSINGLERESULT() DID NOT RETRIEVE ANY ENTITIES." |
31786528 | POST PROCESS ENVENT HANDLER NOT TRIGGERING ADD ROLE TO USER TASK ON SSO TARGET |
31821244 | ADDING ENTITLEMENT TO ACCESS POLICY AND EVALUATING TRIGGERS UPDATE TO PROC FORM. |
31828240 | PASSWORD CHANGED ON AD IS NOT PROPOGATING TO OTHER TARGET USING AD PWD SYNC |
31838518 | AUTOMATICALLY UNLOCK USER SCHEDULE JOB RESETS OBLOGINTRYCOUNT BUT NOT OBLOCKEDON |
31883989 | ADD SUPPORT FOR ONE-HOP UPGRADE FROM 11GR2PS3 TO 12CPS4 |
31903352 | OIM HANDLING OF DISABLED USERS IN WORKFLOWS |
31916340 | LDAPCONTAINERRULES.XML NOT HONORING CREATE AND MODIFY OPERATIONS MOVING USER BACK TO DEFAULT OU |
31922997 | PUMA:UNABLE TO PROVISION/REVOKE ENTITLEMENT FROM FLAT FILE DISCONNECTED APP |
31928115 | SSO INCREMENTAL RECON CAUSES OBPASSWORDEXPIRYDATE TO DECREASE BY ONE DAY |
31936434 | HTTP 403 WHEN EDITING AN IT RESOURCE OR INSTALL A CONNECTOR |
31941035 | EXCEPTIONS ARE LOGGED DURING EXECUTION OF SCRIPT OIMBULKLOAD FOR AOB |
31944823 | CREATE INSTANCE FROM ACTION MENU FOR FLAT FILLE CONNECTOR CREATES APP WITH APP_INSTANCE_IS_SOFT_DELETE SET TO 1 |
31984036 | CANNOT DISABLE OBJECT INSTANCE AS IT IS ALREADY DISABLED |
31988157 | REJECTED TASK ASSIGNED DATE CHANGES IF TASK IS ASSIGNED TO USER OR GROUP |
31988511 | REQUEST ID AFTER BEING APPROVED IS CREATED AGAIN UNDER PENDING APPROVAL |
32012695 | 12C ACCOUNTS BULK LOAD FROM DB TO AOB APPINST FAILS WITH: JAVA.LANG.REFLECT.INVOCATIONTARGETEXCEPTION |
32016431 | UNABLE TO CHANGE FLAT FILE DURING FLAT FILE APPLICATION INSTANCE CREATION |
32018230 | DISAPPEARING REPORTS IN BI PUBLISHER - ONLY IDENTITY AUDIT REPORTS SHOW WHEN UI |
32065363 | PREVENT SELF CERTIFICATION IS NOT WORKING ON REASSIGNMENT OF ENT TYPE CERT |
32086855 | CERTIFICATION ROLE POLICY TAB ENTITLEMENT URL SHOW NO ENTITLEMENT DETAILS |
32119749 | BPEL TASK MAPPING GET ERASED WHEN THE COMPOSITE IS INVOKED |
32178264 | "BULK LOAD POST PROCESS" JOB SETTING DIFFERENT PWDS FOR OIM USER -VS- SSOTARGET |
32180926 | SOD CHECK NOT REQUIRED FOR OIM ROLES |
32285418 | TRACK REQUEST FOR REPORTEES NOT TRANSLATED TO POLISH |
32307183 | 12C PS4 UPG DOESN'T UPDATE OIM-CONFIG.XML OR WORKFLOWS WITH VERSION6 DEFAULT COMPOSITES |
32322591 | AUTO-LOGIN FUNCTIONALITY NOT WORKING FOR OIM OAM INTEGRATED ENVIRONMENT |
32364874 | "TEST CONNECTION" FAILS WHEN OIM UI IS LAUNCHED WITH NON .COM OR .EDU URL |
32386512 | PRE-UPGRADE REPORT SHOWS "OBSELETE" REPORTS NO LONGER REQUIRED. |
32393962 | SSOTARGET PROVISIONING TRANSFORMATION SCRIPT TRUNCATING DATE CAUSING INCONSISTENCY BETWEEN USR_PWD_EXPIRE_DATE AND OBPASSWORDEXPIRYDATE |
32400979 | CERTIFYING ACCESS POLICY ATTACHED TO ROLE VIA REST THROWS JAVA.LANG.NULLPOINTEREXCEPTION HTTP ERROR CODE 500 |
32429894 | PROB IN SAVING "ORGANIZATION NAME" AS RECONCILIATION RULE UNDER AD GROUP IN DC |
32485920 | CERTIFICATION TASK ASSIGNED ONLY TO PROXY OF MANAGER OF MANAGER DISABLED BUT NOT TO MANAGER OF MANAGER DISABLED |
32497804 | RESOURCE HISTORY - DATE ASSIGNED FIELD SHOWS IN GMT TIMEZONE |
32513700 | INCONSISTENCY DATE FORMAT BETWEEN TRACK REQUESTS AND REQUEST DETAILS FOR REQUESTED DATE FIELD |
32527571 | WRONG KEY WHEN FETCH THE ERROR MESSAGE TRIGGERS MISSINGRESOURCEEXCEPTION |
32534109 | CAN'T CHANGE/UPDATE ATTRIBUTES ON AOB SCHEMA |
32535086 | ORGANIZATION SEARCH IS NOT WORKING FOR END USER OTHER THAN XELSYSADM |
32549885 | BUG IN ACCESSPOLICYSERVICE API, FUNCTION GETACCESSPOLICY LIMIT TO 1024 |
32582603 | ROLE CERTIFICATION COMPLETION THROWS EXCEPTION WHEN USING ACCESS POLICY WITH MULTIPLE APP INSTANCES WITH THE SAME ENDPOINT |
32631765 | DATE ASSIGNED COLUMN ONLY THE DATE IS DISPLAYED, TIMESTAMP MISSING |
1.24.15 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.210112
Applying the bundle patch resolves the issues described in Table 1-16.
Table 1-16 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.210112
Bug Number | Description |
---|---|
25790911 | JAVA SCHEDULERSERVICE:GETLASTHISTORYOFJOB API CAUSING OUT OF SEQUENCE ISSUES WITH RAC DB |
27511207 | ACCOUNT END-DATE IS NOT CLEARED POST ENABLING THE ACCOUNT |
28025965 | LIBRARIES (.JAR)FOR MANAGED BEANS AND TASK FLOWS ARE MISSING IN 12C |
28361656 | EMPEMPLOYMENT.STARTDATE INVALIDDATAFORMATEXCEPTION |
28374155 | 12C SCIM API RETURNS ITEMSPERPAGE INSTEAD OF TOTALRESULTS |
30446841 | IDENTITY AUDIT RULES CONTAINING SPECIAL CHARACTERS DO NOT RAISE POLICY VIOLATION |
30484714 | REFRESHROW ISSUE WITH OJDBC8 |
30587375 | DEADLOCK CAUSING STUCK THREADS |
30517242 | OIMADMINPASSWD_WLS.SH FAILS ON IBM AIX WITH IBM JAVA JRE |
30808736 | RECONCILIATION OF A USER STATUS FROM ACTIVE DIRECTORY DOES NOT SET OBUSERACCOUNTCONTROL IN LDAP |
30835811 | APPROVAL CHILD TASKS STATUS DOES NOT SHOW WITH BROWSER IN ITALIAN LANGUAGE |
30883086 | UNSUPPORTEDOPERATIONEXCEPTION ON MODIFYING USER WHEN USING UDF NUMBER IN ROLE MEMBERSHIP RULE |
30932205 | OIM REQUEST FAILED WITH MESSAGE IAM-2050126 : INVALID OUTCOME COM.ORACLE.BPEL.CLIENT.BPELFAULT |
30992823 | Fix for Bug 30992823 |
31161987 | PASSWORD RESET IN MYINFORMATION SUBMIT BUTTON |
31373822 | NEED SPECIAL HANDLING OF INT ON FORM WHEN NO VALUE PASSED |
31420786 | ACCESS POLICY DOES NOT REMOVE ENTITLEMENT WHEN 2 CHILDFORMS ARE UPDATED TOGETHER |
31530459 | IPV6: PURGECACHE UTILITY IS NOT WORKING WITH IPV6 ENABLED SETUP |
31645106 | HARVESTED ENTS INCLUDED WHEN ENTITLEMENTS PROVISIONED BY AP UNCHECKED |
31622015 | WRONG NUMBER OF ROWS DISPLAYED ON THE CERTIFICATION TABLE |
31641120 | CONFIG UPGRADE FAILING IF SCHEMA SUFFIX OTHER THAN _OIM USED |
31668539 | EVALUATE USER ACCESS POLICY JOB STUCK AND CAUSING OIM SERVER TO GO INTO WARNING |
31678727 | OAM OIM 12CPS3 USER IS SHOWING STATUS AS UNLOCKED IN OIM CONSOLE EVEN IT IS LOCKED |
31723765 | DISABLEPOWEREDBYHEADER, SOAPRESTART BOOTSTARP FAILED WITH LOCALSVCTBLDATASOURCE DS ERROR |
31956134 | ATTEMPT TO PACK THE DOMAIN AFTER 12.2.1.3 UPGRADE FAILS DUE TO COMPONENT VERSION MISMATCHES |
31969309 | FIX FAIL BUG 31180365 ON 12CPS4 BP |
31979466 | PUMA: ACCOUNT CHOOSER POPUP DURING CHECKOUT KEEPS EXPANDING TILL REACH THE WINDOW LENGTH |
32085862 | FAILED TO REGISTER LIBRARY EXTENSION-NAME: ORACLE.IDM.IDS.CONFIG.UI: MUST PROVIDE SPECIFICATION-VERSION FOR LIBRARY |
32254565 | WHEN USER HAS NO ACCOUNT, CALL MADE TO INVOKE TRIGGERPOSTPROCESSHANDLER FAILS |
32102761 | PRE UPGARDE REPORT FAILS IF STAGING-MODE IS EMPTY |
32103803 | UPGRADE WITH REMOVED ITR PASSWORDS LEAD TO POST CREATE EVENT HANDLER KEEPS TRIGGERING |
1.24.16 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.201011
Applying this bundle patch resolves the issues described in Table 1-17.
Table 1-17 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.201011
Bug Number | Description |
---|---|
26308544 | DELETED ENTITLEMENTS IN ACCESS POLICY ARE NOT REMOVED IN TARGET APPLICATION |
29404814 | CERTIFYING 20K USERS WITH 20K ACCOUNTS AND 100K ENTITLEMENTS FAILS IN SELF-SERVICE |
29603087 | SELF REGISTRATION DOES NOT TRIGGER ROLE MEMEBERSHIP |
30062969 | TRUSTED RECON OF MANAGER DOES NOT PROPAGATE TO SSOTARGET |
30145982 | 12C ACCOUNTS BULK LOAD TO AOB APPINST FAILS: "ONE OR MORE INPUT REQUIRED PARAM. |
30202020 | [ROLECERT]: NO CERTIFICATION TASK CREATED FOR PROXY USER'S MANAGER |
30239831 | CONT: ADAPTER FACTORY GENERATING INVALID JAVA CODE. |
30414695 | ISSUE WITH OFFLINE CERTIFICATION COMMENTS FIELD LENGTH WHEN UPDATING FROM EXCEL |
30500178 | XL.CATALOGSEARCHRESULTCAP NOT ONLY AFFECT THE UI BUT ALSO INTERNAL PROCESSING |
30546975 | WHILE WITHDRAWING A REQUEST, THE CONFIRMATION BOX IS APPEARING WITH A BIG DIALOG |
30716490 | UNABLE TO PROCESS BATCH UPDATE IF ANY SSOTARGET IN PROVISIONING STATUS FOR USER |
30717640 | RULEENGINEEXCEPTION: INVALID RULE EXPRESSION - NOT_IN |
30717793 | CLONED DISCONNECTED PROVISIONING COMPOSITE FAILS AT ASSIGNREQUESTINPUT STAGE |
30738489 | REQUESTS/PENDING REQUESTS GET ERROR IF SECOND MANAGER IS DISABLED |
30838859 | [ROLECERT]: FUTURE STARTING PROXY USER RECEIVES CERTIFICATION |
30865103 | DELETE TASK NOT TRIGGERED ON ATTRIBUTE SET AS NOT ENTITLEMENT IN CHILD FORM |
30865689 | ISSUE AUDIT MESSAGES JOB DOES NOT PROCESS AUD_JMS - ORA-01403: NO DATA FOUND |
30866653 | ACCESS DENIED ERROR WHEN CALLING CREATEITRESOURCEINSTANCE FROM SCHEDULED TASK |
30893984 | APPLICATION INSTANCE SORT ORDER IN USER CERTIFICATION NOT ALPHABETICAL |
30910129 | DUPLICATE ACCESS POLICY NAME ERROR NOT CLEAR |
30925400 | CRYPTIC ERROR MESSAGE WHEN REQUEST FAILS |
30930007 | EXPERIENCING VERY SLOW PERFORMANCE WHEN SCANNING SOD POLICIES WITH 4.5K RULES. |
30942250 | CREATE ADMIN ROLE THROWS: JBO-29000: UNEXPECTED EXCEPTION CAUGHT: JAVA.LANG.NULLPOINTEREXCEPTION |
30977436 | USER ASSIGNED TO A ROLE WITH THE "+" CHAR IN THE NAME CAN'T ACCESS WORKLISTAPP |
30978612 | AP HARVESTING SYNC ATTRIBUTES/ENTITLEMENTS TO MATCH WITH THE ACCESS POLICY |
31057153 | OIM 12C SSOTARGET APPLICATION PROFILE MODIFY NOT TAKING PATH IN LDAPCONTAINERRULES |
31111401 | ADMIN ROLE: JUMPING FROM SUMMARY PAGE BACK TO FIRST PAGE RESULTS IN LOST DATA |
31114189 | INTEGER FIELDS WITH NO VALUE DEFAULTING TO 0 FOR APPS CREATED USING AOB |
31162758 | OIM 12C SSO USER TARGET RECON OVERWRITING ROLE VALUE SAVED ON OIM USER WITH DEFAULT VALUE |
31177214 | UNABLE TO ADD EMPLOYEE TYPE AS DISPLAY DATA IN THE INFORMATION WINDOW |
31180365 | UPGRADE FROM 11.1.2.3 TO 12.2.1.3: STRINGINDEXOUTOFBOUNDSEXCEPTION: STRING INDEX OUT OF RANGE: -19 |
31193971 | ENTITLEMENT CERTIFICATIONS ARE NOT GETTING GENERATED FOR SOME OF THE CERTIFIERS. |
31202544 | NON REQUESTABLE ROLES INCONSISTENT BEHAVIOR IN CERT DEFN "CONTENT SELECTION" |
31254720 | DIAG: POOR LOGGING IN OIMDATAPROVIDER |
31292576 | PASSWORD CHANGE FLOW ISSUES AFTER FIX 30809484 |
31316925 | ENT CERT SHOULD BE CREATED FOR CERTIFIER FOR REMAING ENT WHICH ARE CORRECT |
31351771 | INCONSISTENT VALUES IN THE REQUEST STATUS FILTER FROM TRACK REQUESTS PAGE |
31375771 | SSO TARGET APPLICATION FAILS TO GET PROVISIONED WITH MANAGER ATTRIBUTE. |
31434988 | ENT_ASSIGN_HIST DOESN'T SAY IF THE ENTITLEMENT WAS PROVISIONED OR INPROGRESS |
31464420 | DISABLE USER TASK IS GETTING TRIGGERED FOR PROVISIONING ACCOUNTS |
31555186 | CERTIFY OIM OAM INTEGRATION ON SOLARIS |
31605168 | INTEROP: UPDATING ROLE NAME IN TARGET LDAP AND
RECONCILE DID NOT UPDATE THE ENTILEMENTS IN INTEROP ENV
Note: See Revoking Membership Does Not Work for the known issue about the bug fix. |
31605187 | INTEROP:SSO FULL USER RECON DID NOT UPDATE WITH LAST
TOKEN VALUE
Note: See SSO Full User Reconciliation for the manual steps required for the bug fix to work. |
31670117 | INTEROP: ERROR COMING ON MODIFYING ROLE IN INTEROP AD ENVIRONMENT |
1.24.17 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200624
Applying this bundle patch resolves the issues described in Table 1-18.
Table 1-18 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200624
Bug Number | Description |
---|---|
29055661 | PASSWORD POLICY DOES NOT MATCH BETWEEN OIM AND AD CAUSING ISSUES DURING PASSWORD SYNC |
30007378 | REASSIGN THE REVIEWER ON CERTIFICATION FAILED ON PREVENTING SELF CERTIFICATION |
30097140 | SLOWNESS OPENING USER DETAILS ADMIN ROLES TAB |
30153927 | APPROVAL DETAILS INCORRECT AFTER REVOKING ROLE BY XELSYSADMIN AND ANOTHER USER |
30216857 | SETCHALLENGERESPONSESFORLOGGEDINUSER - CHALLENGE QUESTIONS PROVIDED ARE NOT DEFI |
30343249 | WHILE DELETING ORGANIZATION USERS REMAIN IN ACTIVE STATE |
30343784 | ACCESS POLICY NOT REVOKING ENTITLEMENTS ON ALREADY DISABLED USERS |
30376706 | ROLEMANAGER GRANTROLE SQLEXCEPTION: EXCEEDED MAXIMUM VARRAY LIMIT |
30391615 | ROLE WITH RULE FOR DATE FIELD IS NOT ASSIGNED TO USER |
30420218 | OIM/OAM INTEGRATION USER SESSION LOST AFTER ANY USER DATA EDITED |
30439939 | AP HARVESTING DOES NOT WORK FOR RESROUCES WITH MULTIPLE PROVISIONING WORKFLOWS |
30506899 | DELETE RECONCILIATION LEAVES PROVISIONING OPEN TASKS IN LIMBO STATE. |
30517366 | DELEGATE THE REVIEWER ON CERTIFICATION FAILED ON PREVENTING SELF CERTIFICATION |
30757297 | DISCONNECTED APPLICATION NOT TRIGGERING UPDATE TASK ON CHILD FORM |
30788834 | DIAG: NEED SOME TRACE LOGGING IN THE SCIM FUNTIONALITY |
30896936 | PUMA: CUSTOM MESSAGE NOT DISPLAYED WHEN COMPLETING MANUAL TASK |
31184149 | PERFORMANCE ISSUE IN OIMDATAPROVIDER.GETARRAYFORHIERAR |
31477738 | UNABLE TO CREATE RULE MEMBERSHIP WITH DATE DATA TYPE |
1.24.18 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200505
Applying this bundle patch resolves the issues described in Table 1-19.
Table 1-19 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200505
Bug Number | Description |
---|---|
27074256 | OIM-OAM-OID: SSO USER FULL RECONCILIATION DO NOT DELETE USER |
27216374 | OIM-OAM-AD: SSO GROUP HIERARCHY SYNC FULL RECON DO NOT WORK |
30257502 | USER SESSION IS NOT TERMINATED IN UPGRADED 12CPS4 ENV |
30327749 | ROLES CREATED IN OIM ARE SHOWN AS ENTITLEMENT IN CATALOG SEARCH |
30330170 | LDAP USER DELETE RECON JOB NOT AVAILABLE |
30330745 | ISSUE WITH USER-ROLE MEMBERSHIP RECON |
30354276 | REMOVE LDAPSYNC RELATED JOBS IN CONNECTOR BASED 12CPS4 OAM-OIG ENV |
30555995 | SSOTARGET AND SSOTRUSTED-FOR-SSOTARGET SHOULD NOT BE AVAILABLE FOR OTHER OIM OPERATIONS SUCH AS REQUEST |
30654239 | USER NOT SEEN IN USER CONTAINER AFTER APPROVING THE USER REG REQUEST IN ROLLING UPG ENV(11G-12CPS3-12CPS4)) |
30654620 | USER NOT SHOWN AS LOCKED IN OIM AFTER PROVIDING WRONG PASSWORDS IN ROLLING UPG ENV(11G-12CPS3-12CPS4) |
30654852 | ROLE CREATED IN OIM IS NOT SEEN IN LDAP IN ROLLING UPG ENV(11G-12CPS3-12CPS4) |
30655208 | ROLE CREATED IN OUD IS NOT SEEN IN OIM IN ROLLING UPG ENV (11G-12CPS3-12CPS4) |
30655442 | SESSION TERMINATION FAILING IN ROLLING UPG ENV (11G-12CPS3-12CPS4) |
30655935 | ROLLING UPG(11G-12CPS3-12CPS4): SSOTARGET APP INSTANCE DOES NOT HAVE ANY ENTITLEMENTS IN 12CPS4 |
30855442 | NOT ABLE TO ADD MEMBER IN EXISTING ROLES IN AD ROLLING UPGRADE ENV (11G-12CPS3-12CPS4) |
30855747 | CAN NOT ADD ROLE HIERARCHY FOR EXISTING ROLES IN AD ROLLING UPGRADE ENV(11G-12CPS3-12CPS4) |
30855892 | CAN NOT DELETE EXISTING ROLES IN AD ROLLING UPGRADE ENV(11G-12CPS3-12CPS4) |
30857219 | SSO GROUP HIERARCHY SYNC FULL RECONCILIATION JOB AND SSO GROUP HIERARCHY SYNC INCREMENTAL RECONCILIATION JOB FAILING IN AD ROLLING UPGRADE ENV |
30864002 | EXECUTION OF SSO GROUP HIERARCHY SYNC FULL RECONCILIATION IS SHOWN AS FAILED IN OUD BASED ROLLING UPGRADE ENV |
30864119 | EXECUTION OF SSO GROUP MEMBERSHIP FULL RECONCILIATION IS SHOWN AS FAILED IN OUD BASED ROLLING UPGRADE ENV |
30868468 | MODIFICATIONS TO NEWLY CREATED USER IS FAILING IN AD ROLLING UPGRADE ENV |
31190098 | INTEROP OIM_OAM_OUD IS BROKEN AFTER APPLYING PATCH 31178096 |
31198576 | TC_CB_SAFE_BUG20134996_DIFFCASEINGROUPLOOKUP_XELSYSADM.DIF IN LRG_OIM_12CPS4_DB_CUSTOMER_1 TOPO |
1.24.19 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200206
Applying this bundle patch resolves the issues described in Table 1-20.
Table 1-20 Resolved Issues in OIM BUNDLE PATCH 12.2.1.4.200206
Bug Number | Description |
---|---|
29942217 | IMPLEMENT BLIND/FILTERED SEARCH "FOR A REPORTEE" FOR A MANAGER |
29972923 | STEPS TO ROLLBACK AUTOCOMMITED DDL OPERATIONS IN DB |
30325576 | PARTIAL FIX FOR BUG 28777983 |
30680152 | ORGANIZATION SEARCH IN TRACK REQUESTS PAGE: ALL REQUESTS NOT DISPLAYED FOR ORGANIZATION NAME SEARCH IF NUMBER OF REQUESTS GREATER THAN 25 |
30680286 | ORGANIZATION SEARCH IN TRACK REQUESTS PAGE: DOES NOT EQUAL OPERATOR NOT WORKING AS EXPECTED |
30717520 | ORGANIZATION SEARCH IN TRACK REQUESTS PAGE: BENEFICIARY NAME NOT LISTED |
1.25 Known Issues and Workarounds
Known issues and their workarounds in Oracle Identity Governance Release 12.2.1.4.0 are described in the Oracle Identity Governance chapter of the Release Notes for Oracle Identity Management document. You can access the Release Notes document in the Oracle Identity Management Documentation library at the following URL:
https://docs.oracle.com/en/middleware/idm/suite/12.2.1.4/idmrn/index.html
Note:
Some known issues listed in the Release Notes for Oracle Identity Management may have been resolved by this Bundle Patch (OIM BUNDLE PATCH 12.2.1.4.240705). Compare the issues listed in Resolved Issues of this document when reviewing the Release Notes for Oracle Identity Management.This section describes the issues and workarounds in this BP release of Oracle Identity Governance:
- Restoring the Role Membership after Deletion
- Members Tab in Admin Role Freezes While Searching
- Revoke Multiple Entitlements Using Rest API
- Adding Missing ObjectClasses With OID
- Entitlement Type Not Available for Certification Reports
- Revoking Membership Does Not Work
-
Upgrade Assistant Fails With StringIndexOutOfBoundsException
1.25.1 Restoring the Role Membership after Deletion
Once a Role associated with a Rule is removed using OIM UI (condition associated with the rule is still satisfied), running the scheduled job: “Refresh Role Membership” will not restore the user.
1.25.2 Members Tab in Admin Role Freezes While Searching
Issue:
The Members tab in the Admin Role freezes while you are trying to search for users and add them.
Resolution:
When this issue appears, the ADF patch 34247006 is required to resolve this issue.
1.25.3 Revoke Multiple Entitlements Using Rest API
While revoking multiple entitlements, a request gets created automatically if you use the REST client such as POSTMAN.
To view the request, navigate to Pending Approvals. If you approve the request without visiting the Pending Approvals section, the entitlements gets revoked. Select the specific request which opens the Request Details page.
An error, ORA-00911: invalid character
is displayed and the entitlements are removed from the cart.
1.25.4 Adding Missing ObjectClasses With OID
As a workaround for the bug 33541821, while running OIGOAMIntegration.sh
for adding the missing ObjectClasses with OID *only*, if you encounter the following error Context Initialization Error, then re-run the command and add the missing objectClasses.
- Open the OIGOAMIntegration.sh script for editing
- Remove the line number 227: read -p
Enter OID's
ORACLE_HOME": ORACLE_HOME
- Save the change in the script
- Re-run the
OIGOAMIntegration.sh
script and add the missing objectClasses.
Note:
You have to input the OID MW_HOME from the command line.1.25.5 Entitlement Type Not Available for Certification Reports
In this patch, the feature Entitlement Type is introduced. The Certification UI and the Certification report does not display Entitlement Type details.
1.25.6 Errors Related to the For Reportees Feature
While searching requests in the Track Request window, when using the Organization Name search criteria together with the "For Reportees" option, at least one reportee should be associated with the Organization Name that was used:
IAM-2053037 : An error occurred while searching for the reportees as the organization name is invalid or not associated with any reportee (This is EXPECTED). Atleast 1 direct reportee should belong to the org name
The total number of direct reportees and indirect reportees must not exceed 1000. If the number of reportees (direct and indirect) exceeds the value of 1000, then the following error message is displayed:
“IAM-2053036 : An error occurred while searching for the reportees as the reportee size exceeded the limit 1,200. Please retry with other search criteria”
1.25.7 Identity Self Service and Identity System Administration are Inaccessible After Upgrading OPatch Version
After upgrading the OPatch version from 13.9.2.0.0 to 13.9.4.0.0, Identity Self Service and Identity System Administration cannot be accessed because of a mismatch in the versions of the com.oracle.cie.com*.jar
file.
For more information about this issue and a workaround, see Tech Note OIM 12c: OIM Consoles Do Not Come Up After Upgrading OPatch Version From 13.9.2.0.0 to 13.9.4.0.0 Due to com.oracle.cie.com*.jar (Doc ID 2535244.1) at the My Oracle Support web site at:
1.25.8 Revoking Membership Does Not Work
As part of the bug fix for 31605168, the entitlements are now updated with new role names, but the revoking of membership is not working.
1.25.9 Upgrade Assistant Fails With StringIndexOutOfBoundsException
Running the Upgrade Assistant for upgrading Oracle Identity Manager 11g Release 2 (11.1.2.3.0) to Oracle Identity Governance 12c (12.2.1.4) fails with the following error:
[2020-04-14T16:03:48.087-04:00] [Framework] [ERROR] [] [upgrade.Framework] [tid: XX] [ecid: XXXX] [[ java.lang.StringIndexOutOfBoundsException: String index out of range: -19 at java.lang.String.substring(String.java:1967) at oracle.iam.oimupgrade.mrua.OIMMRUA.readiness(OIMMRUA.java:345) at oracle.ias.update.plugin.Plugin.readiness(Plugin.java:595) at oracle.ias.update.plan.PlanStep.readiness(PlanStep.java:730) at oracle.ias.update.PhaseProcessor$ReadinessProcessor.runStepPhase(PhaseProcessor.java:873) at oracle.ias.update.PhaseProcessor.runStep(PhaseProcessor.java:369) at oracle.ias.update.PhaseProcessor$ExtendedRunnable.run(PhaseProcessor.java:1058) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) ]]
The issue takes place during the MDS backup. The cause of the error is the MDS JDBC URL used, which is in the form:
jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on)(ADDRESS=(PROTOCOL=TCP)(HOST=xxxx)(PORT=1521))(ADDRESS=(PROTOCOL=TCP)(HOST=xxxx) (PORT=1521))(CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=xxxx)(FAILOVER_MODE=(TYPE=select)(METHOD=basic))))
The upgrade tool does not expect complex URLs with something before the address field.
To workaround this issue, remove (LOAD_BALANCE=ON)
from the JDBC
URL.
1.25.10 Error on Running Bulk Load on ATP-D Setup
When you run the Bulk Load utility on ATP-D by using wallet, the utility exits with the following error:
./oim_blkld_usr_load.sh: line 260: /home/opc/db18c/bin/sqlplus: Permission denied ./oim_blkld_usr_load.sh: line 311: /home/opc/db18c/bin/sqlplus: Permission denied ./oim_blkld_usr_load.sh: line 336: /home/opc/db18c/bin/sqlplus: Permission denied ./oim_blkld_usr_load.sh: line 361: /home/opc/db18c/bin/sqlplus: Permission denied ./oim_blkld_usr_load.sh: line 386: /home/opc/db18c/bin/sqlplus: Permission denied ./oim_blkld_usr_load.sh: line 411: /home/opc/db18c/bin/sqlplus: Permission denied ./oim_blkld_usr_load.sh: line 436: /home/opc/db18c/bin/sqlplus: Permission denied ./oim_blkld_usr_load.sh: line 462: /home/opc/db18c/bin/sqlplus: Permission denied ./oim_blkld_usr_load.sh: line 486: /home/opc/db18c/bin/sqlplus: Permission denied
To workaround this issue:
-
Log in to Oracle WebLogic Administration Console as an administrator.
-
Click Services, Datasources.
-
Select the oimOperationsDB datasource.
-
Click Connection Pool, and check the URL value. It is similar to the following:
jdbc:oracle:thin:@(DESCRIPTION=(CONNECT_TIMEOUT=120)(RETRY_COUNT=20)(RETRY_DELAY=3)(TRANSPORT_CONNECT_TIMEOUT=3)(ADDRESS_LIST=(LOAD_BALANCE=on)(ADDRESS=(PROTOCOL=TCP)(HOST=abc.example.com)(PORT=1521))) (CONNECT_DATA=(SERVICE_NAME=db.example.com)))
-
Use the hostname, port, and service name from the URL value to run the Bulk Load utility.
1.26 Related Documents
For more information, see the following resources:
-
Oracle Fusion Middleware Documentation
This contains documentation for all Oracle Fusion Middleware 12c products.
-
This site contains additional documentation that is not included as part of the documentation libraries.
1.27 Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Oracle Fusion Middleware Oracle Identity Governance Bundle Patch Readme, OIM Bundle Patch 12.2.1.4.240705
G10824-01