Giter Site home page Giter Site logo

wrensecurity / wrenidm Goto Github PK

View Code? Open in Web Editor NEW
35.0 13.0 19.0 108.82 MB

Community‐developed identity management system with a flexible data model, multiple extension points and scripting support, including JavaScript and Groovy.

Home Page: https://wrensecurity.org/

License: Other

Java 58.10% Groovy 0.12% JavaScript 29.15% HTML 8.07% Batchfile 0.10% Perl 0.03% Shell 0.12% Roff 0.14% PLSQL 1.33% PLpgSQL 0.26% TSQL 0.30% Dockerfile 0.02% Less 1.33% SQLPL 0.93%
cybersecurity iam identity-management idm openidm rbac security workflow wrensecurity identity

wrenidm's Introduction

Wren:IDM logo

Wren:IDM

License Gitter

Wren:IDM is a community‐developed identity management system with a flexible data model, multiple extension points and scripting support, including JavaScript and Groovy. It can connect to and manage a wide range of systems through the Identity Connector Framework (Wren:ICF).

Wren:IDM is one of the projects in the Wren Security Suite, a community initiative that adopted open‐source projects formerly developed by ForgeRock, which has its own roots in Sun Microsystems’ products.

Wren:IDM itself is focused on identity management processes and it also provides a powerful framework for implementing IAG and a portion of IAM processes as well. Although the project is based on OpenIDM code, it is not affiliated with ForgeRock in any way. It is based on the very latest code available under a CDDL license (not‐yet‐released OpenIDM 5.x).

The features of Wren:IDM include:

  • A complete platform for building IDM and IG solutions using the concepts described below – roles, mappings, synchronizations, workflows, policies, etc.
  • ICF Connector Servers – services that allow connectors to be run outside of the IDM itself. Useful when a connector needs a specific client environment to talk to the integrated system. Also facilitates security. .NET and Java Connector Servers are available.
  • Administration GUI – an interface for making changes to data models and configuration using a point‐and‐click interface rather than Wren:IDM's REST interface.
  • Self‐service GUI – an interface for end‐users to update their profile information, passwords, and preferences.

Both the Administration GUI and Self‐Service GUI are web‐based, single‐page applications that can be turned off in deployments that do not desire to use them [1].

Contributions

Contributing Guide Contributors Pull Requests Last commit

Getting the Wren:IDM application

You can get Wren:IDM application in couple of ways:

Download binary release

The easiest way to get the Wren:IDM is to download the latest binary release.

Build the source code

In order to build the project from the command line follow these steps:

Prepare your Environment

Following software is needed to build the project:

Software Required Version
OpenJDK 8 and above
Git 2.0 and above
Maven 3.0 and above

Build the source code

All project dependencies are hosted in JFrog repository and managed by Maven, so to build the project simply execute Maven package goal.

$ cd $GIT_REPOSITORIES/wrenidm
$ mvn clean package

Built binary can be found in ${GIT_REPOSITORIES}/wrenidm/openidm-zip/target/wrenidm-${VERSION}.zip.

Docker image

You can also run Wren:IDM in a Docker container. Official Wren:IDM Docker images can be found here.

Documentation

Project documentation can be found in our documentation platform (docs.wrensecurity.org). Repository hosting cookbook with common use cases is available on GitHub.

Acknowledgments

Large portions of the source code are based on the open-source projects previously released by:

  • Sun Microsystems
  • ForgeRock

We'd like to thank them for supporting the idea of open-source software.

Disclaimer

Please note that the acknowledged parties are not affiliated with this project. Their trade names, product names and trademarks should not be used to refer to the Wren Security products, as it might be considered an unfair commercial practice.

Wren Security is open source and always will be.

Bibliogprahy

[1] SCHWARTZ, Michael, Maciej MACHULAK. Securing the Perimeter: Deploying Identity and Access Management with Free Open Source Software. Apress, 2018. ISBN 978-1-4842-2601-8.

wrenidm's People

Contributors

alinbrici46 avatar asclepiliz avatar austingene avatar brmiller avatar brunolavitforgerock avatar cgdrake avatar dhogan avatar ffolge avatar forgerocker avatar fr-jon avatar froliver avatar gaelallioux avatar huck-elliott-forgerock avatar huckelliott avatar jakefeasel avatar jamiefnelson avatar jasonv8147 avatar jlemay86 avatar joebandenburg avatar joyfeng0902 avatar jsonisathingy avatar karelmaxa avatar kortanul avatar lanafrost avatar markcraig avatar markg58 avatar ossa17 avatar patrickdiligentforgerock avatar pavelhoral avatar phillcunnington avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

orchitech guypaddock identiticoders kortanul bthalmayr crypticspawn ediboko1980 krystofnovotny robobik smukkand michbart karelmaxa minnoroth markkupekkarinen tbigby-kristin asis2016 kvcvc krausvo1

wrenidm's Issues

Replace SCR with OSGi's official DS annotations

We should consider switching Felix's own service annotations to official OSGi annotations. With that we might be able to get rid of maven-scr-plugin.

From SCR plugin's webpage:

While the Apache Felix Maven SCR Plugin is a great tool (see below), for developing OSGi components using Declarative Services you should use the official annotations from the OSGi R6 specification. The development of the Apache Felix SCR Plugin is in maintenance mode.

Additional references:

Update README + add contributor instructions

Our team is starting to get into Wren's copies of OpenIDM (Wren:IDM I guess?) but we noticed the README for the project still refers to ForgeRock's site + repositories. Might be a good idea to update that and provide some details about how to contribute.

[5.5.0] "Association" Tab Fails to Load on User Mappings when Preferences are Missing

Affected Versions

Summary

If you are defining a mapping to Managed User objects, and your Managed User object model does not have a preferences field, you cannot access the "Association" tab of the UI when editing the mapping. In addition, after opening the tab, you cannot access other tabs until you refresh the page.

Steps to Reproduce

  1. Start OpenIDM with any project that has mappings (e.g. the "Getting Started" sample project).
  2. Edit the "User" managed object and remove the "Preferences" field. (Alternatively, remove the field for the user object in the managed.json file)
  3. Navigate to http://localhost:8080/admin/
  4. Navigate to Configure -> Mappings.
  5. Open Developer Tools in the browser and leave it open to the "Console" tab.
  6. Back in the page, create a new mapping to the user object OR edit an existing mapping that references the user object.
  7. Switch to the "Association" tab.
  8. Attempt to expand and collapse the "Association Rules" section.
  9. Attempt to switch to the "Properties" tab.
  10. Examine the developer tools console.

Expected Results

  • No errors appear in the console during steps 5-10.
  • In step 8, the section opens.
  • In step 9, the view switches to the "Properties" tab.

Actual Results

  • The following error appears:
IndividualRecordValidationView.js:48 Uncaught TypeError: Cannot read property 'properties' of undefined
    at s.<anonymous> (IndividualRecordValidationView.js?v=5.5.0-SNAPSHOT:48)
    at lodash-3.10.1-min.js?v=5.5.0-SNAPSHOT:23
    at lodash-3.10.1-min.js?v=5.5.0-SNAPSHOT:25
    at Function.<anonymous> (lodash-3.10.1-min.js?v=5.5.0-SNAPSHOT:30)
    at Object.<anonymous> (IndividualRecordValidationView.js?v=5.5.0-SNAPSHOT:46)
    at Object.<anonymous> (jquery-2.1.1-min.js?v=5.5.0-SNAPSHOT:2)
    at j (jquery-2.1.1-min.js?v=5.5.0-SNAPSHOT:2)
    at Object.add [as done] (jquery-2.1.1-min.js?v=5.5.0-SNAPSHOT:2)
    at Array.<anonymous> (jquery-2.1.1-min.js?v=5.5.0-SNAPSHOT:2)
    at Function.each (jquery-2.1.1-min.js?v=5.5.0-SNAPSHOT:2)
  • In step 8, the section does not open.
  • In step 9, the view does not switch. All tabs stop responding.

[5.5.0] Multiple test failures (openidm-provisioner-openicf + openidm-security)

Affected Versions

  • 5.5.0 (feature/wrensec-builds-phase-3, at ff791d0)

Summary

Multiple tests are failing when the project is compiled.

Repro Steps

  1. Clone the wrenidm repository to the local machine, checked out at ff791d0.
  2. Build the project with mvn clean install -Dignore-artifact-sigs (signatures need to be skipped to avoid s4u/pgpverify-maven-plugin#29).

Desired

  • All tests pass.
  • The build completes successfully.

Actual

  • 20 out of 113 tests fail in the OpenICFProvisionerServiceTest. The error message is "Not Found" for all tests -- possibly an endpoint has changed locations or request routing is broken/misconfigured?
  • 18 out of 18 tests fail in the PrivateKeyResourceProviderTest. The error is always an NPE in SecurityTestUtils.createKeyStore(SecurityTestUtils.java:49).

See attached logs.
Test failures in 5.5-SNAPSHOT.txt

[5.5.0] When UI is Configured to Use SSL, Multiple Keystore / Truststore Errors Appear during Startup

Affected Versions

Summary

When you configure IDM to use SSL with a custom SSL certificate and a custom keystore password, multiple seemingly fatal errors appear during IDM startup that do not seem to actually affect functionality after startup.

Steps to Reproduce

  1. Unpack the IDM 5.5 ZIP package.
  2. Use the Java keytool command or KeyStore Explorer to create a new JCEKS keystore that:
  3. Replace the security/keystore.jceks file with the custom keystore from step 2.
  4. Customize the boot.properties file to:
    • Enable HTTP on port 443 via the openidm.port.https setting.
    • Specify the alias for the SSL private key, which was added to the keystore in step 2, via the openidm.https.keystore.cert.alias setting.
    • Specify the encrypted password for the keystore via the openidm.keystore.password setting (consult Procedure 20.2. Change the Default Keystore Password).
  5. Start IDM.
  6. Navigate to the instance of IDM you just started, using https://HOSTNAME, where HOSTNAME is whatever the hostname of the server is (should match the SSL cert to avoid browser warnings).
  7. Log-in to IDM as the openidm-admin.
  8. Switch to the Admin UI.

Expected Results

  • IDM starts up without any errors.
  • IDM functions out of the box the same as if SSL was not enabled, except everything is served up over SSL.

Actual Results

  • IDM repeatedly displays several seemingly-fatal errors that eventually stop right before it indicates it's ready. Here are the two most common errors (full server.out log is attached to this ticket):
Mar 20, 2018 4:31:09 PM org.forgerock.openidm.keystore.impl.DefaultKeyStoreInitializer initializeTrustStore
SEVERE: Unable to create ssl certificate
java.security.UnrecoverableKeyException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
        at com.sun.crypto.provider.KeyProtector.recover(KeyProtector.java:193)
        at com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:133)
        at java.security.KeyStore.getKey(KeyStore.java:1023)
        at org.forgerock.openidm.keystore.impl.DefaultKeyStoreInitializer.initializeTrustStore(DefaultKeyStoreInitializer.java:140)
        at org.forgerock.openidm.keystore.impl.TrustStoreServiceImpl.activate(TrustStoreServiceImpl.java:83)

Mar 20, 2018 4:31:09 PM org.forgerock.openidm.logging.LogServiceTracker logEntry
SEVERE: Bundle: org.forgerock.openidm.keystore [77] [org.forgerock.openidm.truststore(20)] The activate method has thrown an exception
org.apache.felix.log.LogException: java.security.GeneralSecurityException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
        at org.forgerock.openidm.keystore.impl.DefaultKeyStoreInitializer.initializeTrustStore(DefaultKeyStoreInitializer.java:156)
        at org.forgerock.openidm.keystore.impl.TrustStoreServiceImpl.activate(TrustStoreServiceImpl.java:83)
Caused by: java.security.UnrecoverableKeyException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
        at com.sun.crypto.provider.KeyProtector.recover(KeyProtector.java:193)
        at com.sun.crypto.provider.JceKeyStore.engineGetKey(JceKeyStore.java:133)
        at java.security.KeyStore.getKey(KeyStore.java:1023)
        at org.forgerock.openidm.keystore.impl.DefaultKeyStoreInitializer.initializeTrustStore(DefaultKeyStoreInitializer.java:140)
  • Despite the errors, IDM appears to function properly over SSL, just as desired.

2018-03-20--ssl-failure-log.txt

Support for placeholder substitutions in JSON config

Currently, there is not way to specify substitutable placeholders in the following parameters:

  • ICF Provisioner Service (conf/provisioner.openicf-*.json): enabled parameter - field expects boolean value, but substitutions are working only for fields of string type
  • Synchronization Service (conf/sync.json): the enableSync field of synchronization mapping

... something else?

Sync logic does not allow proper handling of object relocation (re-link)

When a linked object is moved in some systems, it's UID can change. This leads to MISSING situation, even if a new copy of the object can be located via correlation logic.

I am not sure if it is possible to implement RE-LINK and UPDATE operation with the current IdM synchronization logic, but would be nice if something like that achievable.

[5.5.0] Cannot Load Grids in OpenIDM 5.5 -- `filter.query is not a function`

Affected Versions

Summary

When building OpenIDM using dependencies from the wrensec-deps repository, it is not possible to use any grids in the Admin or self-service UI.

Steps to Reproduce

  1. Purge everything from the local Maven repo via rm -rf ~/.m2/repository).
  2. Clone the wrensec-deps repository to the local machine.
  3. Clone the wrenidm repository to the local machine, on the master branch.
  4. Install dependencies for Wren:IDM 5.5.
  5. Build the project with mvn clean install.
  6. Unpack openidm-zip/target/openidm-5.5.0-SNAPSHOT.zip to a local folder.
  7. Launch getting-started.sh.
  8. Log-in as openidm-admin.
  9. Switch to the Admin UI.
  10. Open the Developer Console.
  11. Navigate to Manage -> Users.

Expected Results

  • The grid loads.
  • No errors appear in the Developer Console.

Actual Results

  • The grid does not load.
  • The error filter.query is not a function appears in the web console. It is pointing to org/forgerock/openidm/ui/admin/util/BackgridUtils.js:35, in this code:
        _.each(this.state.filters, function (filter) {
            if (filter.query() !== '') { // Line 35
                params.push(getFilter(filter.name, filter.query()));
            }
        });

It appears that the filter object has no query method.

Add support for slf4j logging instead of JULI

I would love to have a different logging subsystem. JULI (java.util.logging) is pretty cumbersome and have very limited logging feature support (e.g. no date based file rotation, multi-line logging format, bad mail appender support...).

Ideally I would like to see SLF4J with Logback bundle. Of course doing this in OSGi / Felix environment will be very challenging.

Remove Existing Dependency on maven.forgerock.org for NodeJS Bundles

As a Wren:IDM user who is building the project from source, I would like it if the project didn't rely on ForgeRock to continue to provide NodeJS and NPM bundles so that my build continues to work even if ForgeRock further locks down their Maven repository.

Notes

Here's the log snippet that shows what's pulled down:

[INFO] Found proxies: []
[INFO] Installing node version v4.4.2
[INFO] Creating temporary directory /home/vagrant/playground/wrenidm/openidm-ui/node_tmp
[INFO] Downloading Node.js from http://maven.forgerock.org/repo/forgerock-third-party-virtual/v4.4.2/node-v4.4.2-linux-x64.tar.gz to /home/vagrant/playground/wrenidm/openidm-ui/node_tmp/node.tar.gz
[INFO] No proxies configured
[INFO] No proxy was configured, downloading directly
[INFO] Extracting Node.js files in node_tmp
[INFO] Unpacking /home/vagrant/playground/wrenidm/openidm-ui/node_tmp/node.tar.gz into /home/vagrant/playground/wrenidm/openidm-ui/node_tmp
[INFO] Moving node binary to /home/vagrant/playground/wrenidm/openidm-ui/node/node
[INFO] Deleting temporary directory /home/vagrant/playground/wrenidm/openidm-ui/node_tmp
[INFO] Installed node locally.
[INFO] Installing npm version 3.8.5
[INFO] Downloading NPM from http://maven.forgerock.org/repo/api/npm/npm-virtual/npm/-/npm-3.8.5.tgz to /home/vagrant/playground/wrenidm/openidm-ui/npm.tar.gz
[INFO] No proxies configured
[INFO] No proxy was configured, downloading directly
[INFO] Extracting NPM files in node/
[INFO] Unpacking /home/vagrant/playground/wrenidm/openidm-ui/npm.tar.gz into /home/vagrant/playground/wrenidm/openidm-ui/node/node_modules
[INFO] Installed NPM locally.

You can detect these dependencies if you add 169.254.0.1 maven.forgerock.org to your /etc/hosts file. This simulates the FR Maven host being down. Then you get:

[INFO] Creating temporary directory /home/vagrant/playground/wrenidm/openidm-ui/node_tmp
[INFO] Downloading Node.js from http://maven.forgerock.org/repo/forgerock-third-party-virtual/v4.4.2/node-v4.4.2-linux-x64.tar.gz to /home/vagrant/playground/wrenidm/openidm-ui/node_tmp/node.tar.gz
[INFO] No proxies configured
[INFO] No proxy was configured, downloading directly

[ERROR] Failed to execute goal com.github.eirslett:frontend-maven-plugin:0.0.28:install-node-and-npm (install-node-and-npm) on project openidm-ui-common: Could not download Node.js: Could not download http://maven.forgerock.org/repo/forgerock-third-party-virtual/v4.4.2/node-v4.4.2-linux-x64.tar.gz: Connect to maven.forgerock.org:80 [maven.forgerock.org/169.254.0.1] failed: Connection timed out (Connection timed out) -> [Help 1]

OPENIDM-7599 - Cannot Change `openidm-admin` Password when using JDBC Repo

Affected Versions

Summary

It is not possible to change the openidm-admin user's password when OpenIDM has been configured to use a JDBC repository instead of OrientDB. This makes it difficult to use in a production environment.

See OPENIDM-7599 for more details. This was fixed in the final release of OpenIDM 5.x and OpenIDM 5.5.x, but is not in the copy Wren has (it was committed after Wren's history ends).

Steps to Reproduce

  1. Configure OpenIDM to use a SQL-based repository (we used PostgreSQL).
  2. Launch OpenIDM using the "getting started" sample.
  3. Log-in as openidm-admin and openidm-admin.
  4. Navigate to the self-service password change page.
  5. Attempt to set a new password.

Expected Results

  • The password for the admin user is changed.
  • No errors appear.
  • A success message appears.

Actual Results

  • A bad request error appears on the page.
  • The response from the server is:
'{"_id":"openidm-admin","_rev":"0","roles":[{"_ref":"repo/internal/role/openidm-admin"},{"_ref":"repo/internal/role/openidm-authorized"}],"needsResetPassword":true,"password":"Welcome1"}'
{"code":400,"reason":"Bad Request","message":"Unmapped fields [/needsResetPassword] for type internal/user and table openidm.internaluser"}

Linked view ends with a global exception if there is something wrong with a linked resource

This issue is in historical/release/4.5.0, it is already fixed in develop

Right now the linkedView gets its data from SynchronizationService#getLinkedResources. When this method is unable to resolve the resource (either the connector is not available, the resource is not available, or in case of other connector exception) the whole request ends with an error. This is not optimal, because the error is then propagated to the administration interface as "Unexpected error... contact administrator".

It would be preferable (and in my opinion correct) to return errors for each fetched resource, so that the client (the administration interface) can decide what to display.

The solution could be to, instead of throwing an exception, set the exception as an attribute of the linked resource and set the resource content itself to null. This is properly handled by the administration interface and would thus require no change in that part of the application.

OPENIDM-8521: Create an EnvironmentVariablePropertyAccessor

As a devops engineer using Docker or another container platform, I'd love it if we had the option to use environment variables to provide configuration instead of just properties files, so that we don't have to translate environment variables into configuration files or command-line arguments within the container.

For reference, FR implemented this under this ticket:
https://bugster.forgerock.org/jira/browse/OPENIDM-8521

Unfortunately, that's after the point the trunk became closed off.

Configure GitHub Actions CI pipeline

It would be nice to replace current SemaphoreCI integration with the GitHub Actions CI pipeline.

I am proposing to switch to GitHub Actions for several reasons:

  • Pipelines are configured through YAML files in git repository
  • Current pipelines are not stable (see strange error in WrenSecurity/wrensec-commons#23)
  • By using GitHub Actions we will have everything under one roof
  • TBD

NPE in getting execution listener from deleted process instance

NullPointerException is thrown when getting the activity when calling the end execution process listener during the DELETE process instance action.

The NPE is caused by the lines:
((ExecutionEntity) variableScope).getActivity().getActivityBehavior();
and
((ExecutionEntity) variableScope).getActivity().getExecutionListeners(eventName);
in the OpenIDMResolverFactory#createResolver method.

A solution could be first checking whether getActivity() returns null and handling that case separately.

PostgreSQL JDBC driver is incompatible with PG 10+

When trying to run WrenIDM 5.x sustaining branch backed by PostgreSQL DB 10.5 following errors occur during IDM startup:

java.io.IOException: Failed to store configuration in repository: Creating object failed after 1 attempts (0-0A000): Returning autogenerated keys is only supported for 8.2 and later servers.
        at org.forgerock.openidm.config.persistence.RepoPersistenceManager.store(RepoPersistenceManager.java:409)
        at org.apache.felix.cm.impl.CachingPersistenceManagerProxy.store(CachingPersistenceManagerProxy.java:242)
        at org.apache.felix.cm.impl.ConfigurationImpl.update(ConfigurationImpl.java:381)
        at org.apache.felix.cm.impl.ConfigurationAdapter.update(ConfigurationAdapter.java:131)
        at org.forgerock.openidm.config.installer.JSONConfigInstaller.setConfig(JSONConfigInstaller.java:338)
        at org.forgerock.openidm.config.installer.DelayedConfigHandler.addedProvider(DelayedConfigHandler.java:76)
        at org.forgerock.openidm.metadata.impl.ProviderTracker.addProvider(ProviderTracker.java:127)
        at org.forgerock.openidm.metadata.impl.ProviderTracker.addedService(ProviderTracker.java:143)
        at org.forgerock.openidm.metadata.impl.ProviderTracker.addedService(ProviderTracker.java:54)
        at org.forgerock.openidm.osgi.ServiceTrackerNotifier.addingService(ServiceTrackerNotifier.java:71)
        at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941)
        at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870)
        at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256)
        at org.osgi.util.tracker.AbstractTracked.track(AbstractTracked.java:229)
        at org.osgi.util.tracker.ServiceTracker$Tracked.serviceChanged(ServiceTracker.java:901)
        at org.apache.felix.framework.util.EventDispatcher.invokeServiceListenerCallback(EventDispatcher.java:991)
        at org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:839)
        at org.apache.felix.framework.util.EventDispatcher.fireServiceEvent(EventDispatcher.java:546)
        at org.apache.felix.framework.Felix.fireServiceEvent(Felix.java:4557)
        at org.apache.felix.framework.Felix.registerService(Felix.java:3549)
        at org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:348)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager$3.register(AbstractComponentManager.java:886)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager$3.register(AbstractComponentManager.java:873)
        at org.apache.felix.scr.impl.manager.RegistrationManager.changeRegistration(RegistrationManager.java:132)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.registerService(AbstractComponentManager.java:940)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.activateInternal(AbstractComponentManager.java:740)
        at org.apache.felix.scr.impl.manager.DependencyManager$SingleDynamicCustomizer.addedService(DependencyManager.java:799)
        at org.apache.felix.scr.impl.manager.DependencyManager$SingleDynamicCustomizer.addedService(DependencyManager.java:743)
        at org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.customizerAdded(ServiceTracker.java:1215)
        at org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.customizerAdded(ServiceTracker.java:1136)
        at org.apache.felix.scr.impl.manager.ServiceTracker$AbstractTracked.trackAdding(ServiceTracker.java:945)
        at org.apache.felix.scr.impl.manager.ServiceTracker$AbstractTracked.track(ServiceTracker.java:881)
        at org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.serviceChanged(ServiceTracker.java:1167)
        at org.apache.felix.scr.impl.BundleComponentActivator$ListenerInfo.serviceChanged(BundleComponentActivator.java:127)
        at org.apache.felix.framework.util.EventDispatcher.invokeServiceListenerCallback(EventDispatcher.java:991)
        at org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:839)
        at org.apache.felix.framework.util.EventDispatcher.fireServiceEvent(EventDispatcher.java:546)
        at org.apache.felix.framework.Felix.fireServiceEvent(Felix.java:4557)
        at org.apache.felix.framework.Felix.registerService(Felix.java:3549)
        at org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:348)
        at org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:322)
        at org.forgerock.openicf.framework.osgi.internal.Activator.start(Activator.java:86)
        at org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:697)
        at org.apache.felix.framework.Felix.activateBundle(Felix.java:2226)
        at org.apache.felix.framework.Felix.startBundle(Felix.java:2144)
        at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1371)
        at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
        at java.lang.Thread.run(Thread.java:748)
Caused by: org.forgerock.json.resource.InternalServerErrorException: Creating object failed after 1 attempts (0-0A000): Returning autogenerated keys is only supported for 8.2 and later servers.
        at org.forgerock.openidm.repo.jdbc.impl.JDBCRepoService.create(JDBCRepoService.java:359)
        at org.forgerock.openidm.config.persistence.RepoPersistenceManager.store(RepoPersistenceManager.java:401)
        ... 47 more
Caused by: org.postgresql.util.PSQLException: Returning autogenerated keys is only supported for 8.2 and later servers.
        at org.postgresql.jdbc3.AbstractJdbc3Statement.addReturning(AbstractJdbc3Statement.java:151)
        at org.postgresql.jdbc3.AbstractJdbc3Connection.prepareStatement(AbstractJdbc3Connection.java:364)
        at org.forgerock.openidm.repo.jdbc.impl.query.TableQueries.getPreparedStatement(TableQueries.java:230)
        at org.forgerock.openidm.repo.jdbc.impl.GenericTableHandler.create(GenericTableHandler.java:245)
        at org.forgerock.openidm.repo.jdbc.impl.JDBCRepoService.create(JDBCRepoService.java:333)
        ... 48 more

For reasons behind this error, please see this source.

After upgrading the PG JDBC driver to its latest version (42.2.5 as of now), the IDM works without any issues on PG 10.5 I haven't performed any tests on earlier versions of PG yet).

Bonus: Current PG JDBC driver versions are packaged with a proper OSGi manifests so there is no need to provide our own repackaged and OSGized version of the driver.

Will send PR later...

Update POMs for Wren:IDM 4.0 to build from Wren JFrog

the title says it all -- we need to update the POMs to:

  • create a sustaining/4.0 branch.
  • archive all older FR branches as tags.
  • no longer ping FR Maven.
  • use wrensecurity.jfrog.io to resolve the wrensec parent POM (still called forgerock-parent for now).
  • build properly under JDK 8 (usually involves fixing Javadocs).
  • rename modules / artifacts to use "Wren:XYZ" naming so it's easy for users to tell artifacts we produce apart from those produced by FR in case a user ends up with a mixed set.

Invalid clearing of stored relationships

This issue is in historical/release/4.5.0, it is already fixed in develop.

There is a problem with relationship setting, where existing relationships get cleared when not asked to.

The conditions in two if-statements in the CollectionRelationshipProvider#setRelationshipValueForResource method are reversed, which results in clearing when the clearExisting flag is set to false. This results in relationship being deleted, which were not supposed to be deleted.

Filtering of activiti processes by the start date and end date

The Activiti processes should also be filterable by the start date and finish date.

This would require adding Activiti constants for the four constraints (started before, started after, finished before, finished after), and processing the request parameters in the ProcessInstanceResource#setProcessInstanceParams.

Fetching of activiti process instance variables

The instance variables of activiti processes are not being fetched at this moment. They should be added to the content of the response being sent to the resource handler from ProcessInstanceResource#queryCollection and ProcessInstanceResource#readInstance.

The variables should be fetched from the history service in order to support closed processes.

Exception during shutdown when admin UI is disabled

An exception is thrown during shutdown process when admin UI is disabled.

ui.context-admin.json

{
    "enabled" : false,
    "urlContextRoot" : "/admin",
    "defaultDir" : "&{launcher.install.location}/ui/admin/default",
    "extensionDir" : "&{launcher.project.location}/ui/admin/extension"
}

Exception

EVERE: Bundle: org.forgerock.openidm.servlet [100] [org.forgerock.openidm.ui.context(47)] The deactivate method has thrown an exception
org.apache.felix.log.LogException: org.ops4j.lang.NullArgumentException: Alias is null.
        at org.ops4j.lang.NullArgumentException.validateNotNull(NullArgumentException.java:75)
        at org.ops4j.lang.NullArgumentException.validateNotEmpty(NullArgumentException.java:105)
        at org.ops4j.lang.NullArgumentException.validateNotEmpty(NullArgumentException.java:90)
        at org.ops4j.pax.web.service.spi.model.ServiceModel.getServletModelWithAlias(ServiceModel.java:66)
        at org.ops4j.pax.web.service.internal.HttpServiceStarted.unregister(HttpServiceStarted.java:275)
        at org.ops4j.pax.web.service.internal.HttpServiceProxy.unregister(HttpServiceProxy.java:77)
        at org.forgerock.openidm.ui.internal.service.ResourceServlet.clear(ResourceServlet.java:197)
        at org.forgerock.openidm.ui.internal.service.ResourceServlet.deactivate(ResourceServlet.java:104)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.felix.scr.impl.inject.BaseMethod.invokeMethod(BaseMethod.java:224)
        at org.apache.felix.scr.impl.inject.BaseMethod.access$500(BaseMethod.java:39)
        at org.apache.felix.scr.impl.inject.BaseMethod$Resolved.invoke(BaseMethod.java:617)
        at org.apache.felix.scr.impl.inject.BaseMethod.invoke(BaseMethod.java:501)
        at org.apache.felix.scr.impl.inject.ActivateMethod.invoke(ActivateMethod.java:302)
        at org.apache.felix.scr.impl.inject.ActivateMethod.invoke(ActivateMethod.java:294)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.disposeImplementationObject(SingleComponentManager.java:343)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.deleteComponent(SingleComponentManager.java:152)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.doDeactivate(AbstractComponentManager.java:813)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.deactivateInternal(AbstractComponentManager.java:787)
        at org.apache.felix.scr.impl.manager.DependencyManager.deactivateComponentManager(DependencyManager.java:2225)
        at org.apache.felix.scr.impl.manager.DependencyManager.access$500(DependencyManager.java:55)
        at org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.removedService(DependencyManager.java:1082)
        at org.apache.felix.scr.impl.manager.DependencyManager$SingleStaticCustomizer.removedService(DependencyManager.java:968)
        at org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.customizerRemoved(ServiceTracker.java:1241)
        at org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.customizerRemoved(ServiceTracker.java:1136)
        at org.apache.felix.scr.impl.manager.ServiceTracker$AbstractTracked.untrack(ServiceTracker.java:996)
        at org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.serviceChanged(ServiceTracker.java:1175)
        at org.apache.felix.scr.impl.BundleComponentActivator$ListenerInfo.serviceChanged(BundleComponentActivator.java:127)
        at org.apache.felix.framework.util.EventDispatcher.invokeServiceListenerCallback(EventDispatcher.java:991)
        at org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:839)
        at org.apache.felix.framework.util.EventDispatcher.fireServiceEvent(EventDispatcher.java:546)
        at org.apache.felix.framework.Felix.fireServiceEvent(Felix.java:4557)
        at org.apache.felix.framework.Felix.access$000(Felix.java:106)
        at org.apache.felix.framework.Felix$1.serviceChanged(Felix.java:420)
        at org.apache.felix.framework.ServiceRegistry.unregisterService(ServiceRegistry.java:170)
        at org.apache.felix.framework.ServiceRegistrationImpl.unregister(ServiceRegistrationImpl.java:144)
        at org.ops4j.pax.web.service.internal.Activator.updateController(Activator.java:335)
        at org.ops4j.pax.web.service.internal.Activator$3.run(Activator.java:294)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)

The name of the audit request event can sometimes be empty

The name of the audit request event can sometimes be empty, because the id context used in getting the name can be null, and then it is trying to get an event name with the text "null" in it.

This is caused by the idContext in ServletConnectionFactory#getRouterEventName being initialised as null, which then makes the method (in some cases) return a name containing the text "null".

IDM fails to start on Java 10

Right now IDM is not compatible with Java 10:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.apache.felix.framework.util.SecureAction (file:/tmp/openidm/bin/felix.jar) to method java.net.URLClassLoader.addURL(java.net.URL)
WARNING: Please consider reporting this to the maintainers of org.apache.felix.framework.util.SecureAction
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Exception in thread "main" org.osgi.framework.BundleException: Could not create bundle object.
        at org.apache.felix.framework.Felix.installBundle(Felix.java:3057)
        at org.apache.felix.framework.BundleContextImpl.installBundle(BundleContextImpl.java:167)
        at org.apache.felix.framework.BundleContextImpl.installBundle(BundleContextImpl.java:140)
        at org.forgerock.commons.launcher.AbstractOSGiFrameworkService.process(AbstractOSGiFrameworkService.java:177)
        at org.forgerock.commons.launcher.AbstractOSGiFrameworkService.process(AbstractOSGiFrameworkService.java:160)
        at org.forgerock.commons.launcher.AbstractOSGiFrameworkService.start(AbstractOSGiFrameworkService.java:87)
        at org.forgerock.commons.launcher.Main.main(Main.java:38)
Caused by: java.lang.UnsupportedOperationException: Unable to add extension bundle to FrameworkClassLoader - Maybe not an URLClassLoader?
        at org.apache.felix.framework.ExtensionManager.addExtensionBundle(ExtensionManager.java:453)
        at org.apache.felix.framework.Felix.installBundle(Felix.java:3023)
        ... 6 more

[5.5.0] Enum values are lost when schema is saved through UI

Affected Versions

Summary

If managed.json defines enum values for a managed object string field, and the managed object is edited within the OpenIDM 5.5 Admin UI, the enum values are lost.

Steps to Reproduce

  1. Unpack the OpenIDM 5.5 ZIP file.
  2. Open conf/managed.json for editing.
  3. Change "type" : "string" under the accountStatus field to match the following:
                        "type" : "string",
                        "enum": [
                          "active",
                          "inactive",
                          "deleted"
                        ]
  1. Save the file.
  2. Start OpenIDM with default project
  3. Create a new user and select one of the statuses from the "Status" drop-down.
  4. Navigate to https://localhost:8443/admin/#managed/edit/user/
  5. Click the "Schema" tab.
  6. Save the schema.
  7. Create a new user and attempt to select a status from the "Status" field.
  8. Re-open conf/managed.json for editing.

Expected Results

  • The enum field is preserved after step 9 is performed.
  • In both steps 6 and 11, the "Status" field is a drop-down field.

Actual Results

  • The enum field disappears from the file in step 9.
  • In step 6 the field is a drop-down, but in step 11 it's just a text field.

Create a new Wren:IDM `getting-started` sample

For licensing reasons, the getting-started.bat and getting-started.sh scripts, along with the samples they referenced, are being removed in #21. This seriously hinders the ability of new Wren:IDM users to try out our fork, and puts us at a disadvantage compared to FR.

We should create a new getting started sample.

Data Disappears when You Change the Name of a Managed Object

Affected Versions

Summary

If the "name" of a managed object is changed, any existing records for that managed object type seemingly disappear from the IDM database.

Steps to Reproduce

  1. Start OpenIDM with any project that has mappings (e.g. the "Getting Started" sample project).
  2. Navigate to http://localhost:8080/admin/
  3. Navigate to Manage -> User.
  4. Click "New User".
  5. Fill out the form and save it to create the new user.
  6. Navigate to Manage -> User.
  7. Examine the user list to confirm the new user is present in the list.
  8. Navigate to Configure -> Managed Objects.
  9. Click on "User".
  10. Change the "Managed Object Name" to "users".
  11. Save the form.
  12. Navigate to Manage -> User.
  13. Examine the user list.
  14. Click "New User".
  15. Fill out the form and save it to create the new user.
  16. Navigate to Manage -> User.
  17. Examine the user list to confirm the new user is present in the list.
  18. Navigate to Configure -> Managed Objects.
  19. Click on "User".
  20. Change the "Managed Object Name" back to "user".
  21. Save the form.
  22. Navigate to Manage -> User.
  23. Examine the user list.

Expected Results

Either:

  • In steps 7, 13, 17, and 23, all users in the system should be shown (Preferred); OR
  • In steps 11 and 21, an error message should appear that indicates it is not possible to change the name of a managed object that has data associated with it.

Actual Results

  • In steps 7 and 23, only the user created in step 5 appears in the list (the user created in step 15 does not appear in step 23).
  • In step 13, no users appear in the list.
  • In step 17, only the user created in step 15 appears in the list.

Additional Information

It appears that the system matches managed objects in the DB by their name, and does not change this name in the DB when the managed object name changes. This explains why switching the managed object name to a different one and then switching it back seems to "restore" the missing managed objects.

In 5.5, with OrientDB as the repo, changing the managed object name letter case (e.g. changing "user" to "User") does not seem to affect the ability for the objects to be located. This appears to at least be an improvement over behavior seen in 4.0 with PostgreSQL in which merely changing letter case causes objects to disappear.

Drop OrientDB in favour of H2

We want to replace OrientDB with H2 in Wren:IDM to make the build process and sample deployment simpler.

From its introduction into the platform was OrientDB meant only as a demo database. OrientDB is not a simple project and it makes the build process unnecessarily complex, is quite bulky and introduces additional issues (#58).

I am proposing to switch to H2 for several reasons:

  • It is well established database engine for testing purposes.
  • It is pure Java and has a small footprint.
  • H2 has it's own console UI application if we need it.

What I am not sure of:

  • Don't know how well H2 plays with OSGi... but AFAIK that should not be an issue.

This issue is more about dropping OrientDB rather than about introducing H2. The final end goal might be to go for embedded Wren:DS, but that is not ready.

[5.5.0] RAPID-219 / OPENIDM-7194 / OPENIDM-7203: Nullable fields break schema

Affected Versions

Summary

If a managed object field is marked nullable, various parts of OpenIDM complain that the schema for the field is not compliant with JSON schema.

Steps to Reproduce

  1. Start OpenIDM with default project
  2. Navigate to https://localhost:8443/admin/#managed/edit/user/
  3. Click the "Schema" tab, then "telephoneNumber"
  4. Change "Nullable" to true
  5. Save the schema.
  6. Restart OpenIDM.

Expected Results

  • No errors appear in the OpenIDM / Felix Console.

Actual Results

  • On startup, the following error appears:
INFO: Json schema error: {description=, title=Mobile Phone, viewable=true, searchable=false, userEditable=true, policies=[], returnByDefault=false, minLength=null, pattern=^\+?([0-9\- \(\)])*$, type=[string, null]}
/type: Expecting a java.lang.String
org.forgerock.json.JsonValueException: /type: Expecting a java.lang.String
        at org.forgerock.api.transform.OpenApiTransformer.buildProperties(OpenApiTransformer.java:1349)
        at org.forgerock.api.transform.OpenApiTransformer.buildObjectModel(OpenApiTransformer.java:1261)
        at org.forgerock.api.transform.OpenApiTransformer.buildModel(OpenApiTransformer.java:1204)
        at org.forgerock.api.transform.OpenApiTransformer.applyOperationRequestPayload(OpenApiTransformer.java:964)
        at org.forgerock.api.transform.OpenApiTransformer.buildOperation(OpenApiTransformer.java:812)
        at org.forgerock.api.transform.OpenApiTransformer.buildCreate(OpenApiTransformer.java:481)
        at org.forgerock.api.transform.OpenApiTransformer.buildResourcePaths(OpenApiTransformer.java:369)
        at org.forgerock.api.transform.OpenApiTransformer.buildPaths(OpenApiTransformer.java:301)
        at org.forgerock.api.transform.OpenApiTransformer.doExecute(OpenApiTransformer.java:223)
        at org.forgerock.api.transform.OpenApiTransformer.execute(OpenApiTransformer.java:213)
        at org.forgerock.openidm.managed.ManagedObjectApiDescription.build(ManagedObjectApiDescription.java:230)
        at org.forgerock.openidm.managed.ManagedObjectService$ManagedObjectSetRequestHandler.<init>(ManagedObjectService.java:157)
        at org.forgerock.openidm.managed.ManagedObjectService.activate(ManagedObjectService.java:250)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.felix.scr.impl.inject.BaseMethod.invokeMethod(BaseMethod.java:224)
        at org.apache.felix.scr.impl.inject.BaseMethod.access$500(BaseMethod.java:39)
        at org.apache.felix.scr.impl.inject.BaseMethod$Resolved.invoke(BaseMethod.java:617)
        at org.apache.felix.scr.impl.inject.BaseMethod.invoke(BaseMethod.java:501)
        at org.apache.felix.scr.impl.inject.ActivateMethod.invoke(ActivateMethod.java:302)
        at org.apache.felix.scr.impl.inject.ActivateMethod.invoke(ActivateMethod.java:294)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:297)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:108)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:906)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:879)
        at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:823)
        at org.apache.felix.framework.ServiceRegistrationImpl.getFactoryUnchecked(ServiceRegistrationImpl.java:347)
        at org.apache.felix.framework.ServiceRegistrationImpl.getService(ServiceRegistrationImpl.java:247)
        at org.apache.felix.framework.ServiceRegistry.getService(ServiceRegistry.java:344)
        at org.apache.felix.framework.Felix.getService(Felix.java:3699)
        at org.apache.felix.framework.BundleContextImpl.getService(BundleContextImpl.java:470)
        at org.forgerock.openidm.router.RouterRegistryImpl.addingService(RouterRegistryImpl.java:159)
        at org.forgerock.openidm.router.RouterRegistryImpl.addingService(RouterRegistryImpl.java:45)
        at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:941)
        at org.osgi.util.tracker.ServiceTracker$Tracked.customizerAdding(ServiceTracker.java:870)
        at org.osgi.util.tracker.AbstractTracked.trackAdding(AbstractTracked.java:256)
        at org.osgi.util.tracker.AbstractTracked.track(AbstractTracked.java:229)
        at org.osgi.util.tracker.ServiceTracker$Tracked.serviceChanged(ServiceTracker.java:901)
        at org.apache.felix.framework.util.EventDispatcher.invokeServiceListenerCallback(EventDispatcher.java:991)
        at org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:839)
        at org.apache.felix.framework.util.EventDispatcher.fireServiceEvent(EventDispatcher.java:546)
        at org.apache.felix.framework.Felix.fireServiceEvent(Felix.java:4557)
        at org.apache.felix.framework.Felix.registerService(Felix.java:3549)
        at org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:348)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager$3.register(AbstractComponentManager.java:886)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager$3.register(AbstractComponentManager.java:873)
        at org.apache.felix.scr.impl.manager.RegistrationManager.changeRegistration(RegistrationManager.java:132)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.registerService(AbstractComponentManager.java:940)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.activateInternal(AbstractComponentManager.java:740)
        at org.apache.felix.scr.impl.manager.DependencyManager$SingleDynamicCustomizer.addedService(DependencyManager.java:799)
        at org.apache.felix.scr.impl.manager.DependencyManager$SingleDynamicCustomizer.addedService(DependencyManager.java:743)
        at org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.customizerAdded(ServiceTracker.java:1215)
        at org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.customizerAdded(ServiceTracker.java:1136)
        at org.apache.felix.scr.impl.manager.ServiceTracker$AbstractTracked.trackAdding(ServiceTracker.java:945)
        at org.apache.felix.scr.impl.manager.ServiceTracker$AbstractTracked.track(ServiceTracker.java:881)
        at org.apache.felix.scr.impl.manager.ServiceTracker$Tracked.serviceChanged(ServiceTracker.java:1167)
        at org.apache.felix.scr.impl.BundleComponentActivator$ListenerInfo.serviceChanged(BundleComponentActivator.java:127)
        at org.apache.felix.framework.util.EventDispatcher.invokeServiceListenerCallback(EventDispatcher.java:991)
        at org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:839)
        at org.apache.felix.framework.util.EventDispatcher.fireServiceEvent(EventDispatcher.java:546)
        at org.apache.felix.framework.Felix.fireServiceEvent(Felix.java:4557)
        at org.apache.felix.framework.Felix.registerService(Felix.java:3549)
        at org.apache.felix.framework.BundleContextImpl.registerService(BundleContextImpl.java:348)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager$3.register(AbstractComponentManager.java:886)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager$3.register(AbstractComponentManager.java:873)
        at org.apache.felix.scr.impl.manager.RegistrationManager.changeRegistration(RegistrationManager.java:132)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.registerService(AbstractComponentManager.java:940)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.activateInternal(AbstractComponentManager.java:740)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.enableInternal(AbstractComponentManager.java:674)
        at org.apache.felix.scr.impl.manager.AbstractComponentManager.enable(AbstractComponentManager.java:429)
        at org.apache.felix.scr.impl.manager.ConfigurableComponentHolder.enableComponents(ConfigurableComponentHolder.java:657)
        at org.apache.felix.scr.impl.BundleComponentActivator.initialEnable(BundleComponentActivator.java:341)
        at org.apache.felix.scr.impl.Activator.loadComponents(Activator.java:403)
        at org.apache.felix.scr.impl.Activator.access$200(Activator.java:54)
        at org.apache.felix.scr.impl.Activator$ScrExtension.start(Activator.java:278)
        at org.apache.felix.utils.extender.AbstractExtender.createExtension(AbstractExtender.java:259)
        at org.apache.felix.utils.extender.AbstractExtender.modifiedBundle(AbstractExtender.java:232)
        at org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:482)
        at org.osgi.util.tracker.BundleTracker$Tracked.customizerModified(BundleTracker.java:415)
        at org.osgi.util.tracker.AbstractTracked.track(AbstractTracked.java:232)
        at org.osgi.util.tracker.BundleTracker$Tracked.bundleChanged(BundleTracker.java:444)
        at org.apache.felix.framework.util.EventDispatcher.invokeBundleListenerCallback(EventDispatcher.java:916)
        at org.apache.felix.framework.util.EventDispatcher.fireEventImmediately(EventDispatcher.java:835)
        at org.apache.felix.framework.util.EventDispatcher.fireBundleEvent(EventDispatcher.java:517)
        at org.apache.felix.framework.Felix.fireBundleEvent(Felix.java:4541)
        at org.apache.felix.framework.Felix.startBundle(Felix.java:2172)
        at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1371)
        at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
        at java.lang.Thread.run(Thread.java:748)

[5.5.0] Code Editor Indicates It Has Focus When It Does Not

Affected Versions

Summary

When you open any code editor modal, the code editor contains a blinking text cursor that is indicating to the user that the code entry box has focus, even when it does not have focus. This is frustrating when you start to type and find that your input is not going to the right place.

Steps to Reproduce

  1. Start OpenIDM with any project that has mappings (e.g. the "Getting Started" sample project).
  2. Navigate to http://localhost:8080/admin/
  3. Navigate to Configure -> Mappings.
  4. Click the "Edit" button on any mapping.
  5. Click on any property mapping to open the edit modal.
  6. Switch to the "Transformation Script" tab.
  7. Examine the "Inline Script" field.
  8. Start typing text.

Expected Results

In step 7, the "Inline Script" field should not have a blinking cursor unless it actually has focus.

Actual Results

  • In step 7, the "Inline Script" field displays a blinking cursor despite the fact that the "Type" field actually has focus:
    image
  • In step 8, the text you type goes to the "Type" field. The "Inline Script" field continues to display a flashing cursor despite no text appearing there.

Additional Information

The field only behaves like this upon first entry into the modal for a given property mapping. Once the field has focus, if you move focus to another field on the page, it no longer displays the flashing cursor. Unfortunately, you are usually going into the modal for quick edits, which greatly increases the chances you will encounter this issue since it appears each time the modal is opened.

Dockerize Wren:IDM

The purpose of this issue is to create base dockerfile for Wren:IDM. The Dockerfile will be directly part of the GitHub repository and the build will be taken from openidm-zip/target folder (multi-stage docker build will be part of another issue). Docker image will be pushed into WrenSecurity Docker Hub organization [1].

[1] https://hub.docker.com/orgs/wrensec

Enhancement Request: Lower z-index of toast messages

As a user of the IDM Admin UI, I'd like it if notification messages that appear at the top of the page had a lower z-index, so that the messages don't interfere with the ability to interact with menus or modals.

Conditions of Acceptance

When a toast notification is on-screen, that notification does not appear on top of any menus or modals that are active.

Upgrade OSGi and Apache Felix versions

Would be nice if can do the following improvements:

  • change Felix annotations to standard OSGi DS annotations (@Component, @Reference, ...)
  • change field injection to constructor injection for @Reference and make statically bound references as final

This will allow us to:

  • move away from automagically generated bind methods
  • have immutable final references that will make code a little bit clearer
  • fix project in Eclipse IDE :) (it does no like generated accessors)

Another reason for this change is that we should start moving away from SCR plugin features because the plugin is no longer actively developed.

Make configuration parsing more extensible

Would be nice if the base IdM code allows for alternative artifact installers / config parsers. This is not about changing internal JSON config representation nor about direct support for a different format, but mainly about making base config parsing more extensible. Motivation is to allow YAML config files and config composition (extending or importing partial configuration).

This is more of an experiment request as I am not sure how feasible it is to implement something like that.

[5.5.0] Cannot use "integer" field types

Affected Versions

Summary

If a managed object field type is changed to "integer", managed objects cannot be saved if they contain that field because the field will never validate.

Steps to Reproduce

  1. Start OpenIDM with default project
  2. Navigate to https://localhost:8443/admin/#managed/edit/user/
  3. Click the "Schema" tab.
  4. Add a new "XRef ID" field that is of type "integer" and viewable.
  5. Save the schema.
  6. Attempt to add a new user, providing an integer value for the new "XRef ID" field (e.g. the value 10).

Expected Results

The new user is saved properly.

Actual Results

  • The following error appears:
Unable to update resource. Validation Failed.
Reason(s):
- xRefId: common.form.validation.VALID_TYPE

Failed authentication augmentation can leave client subject in inconsistent state

Context

Authentication can have multiple modules participating on the authentication process. Those modules are handled by FallbackAuthContext, which goes through every module one by one until a successful authentication is established.

The main thing here is that authentication modules are free to modify internal state of message context and client subject. And modules need to do that in order to let the caller know, who is the authenticated principal.

The issue

IDM registers authentication modules wrapped inside IDMAuthModuleWrapper. This wrapper calls the original module and on top of successful authentication can call augment script. When this script fails, the authentication is considered as unsuccessful.

The issue here is that Subject instance might be (and is) already initialized with principal from the wrapped module. When FallbackAuthContext moves to the next module, the principal is incorrectly resolved to the principal from the failed module. Augment script gets incorrect input and the final authentication is later represented with incorrect principal name (e.g. in audit).

I am not sure this has easy solution... obviously JASPIC was not designed with auth module wrappers in mind.

Backgrid: Clicking on filter reset button sorts the column

If you click on filter reset button, the click is propagated to the column header and it is interpreted as a sort request. This degrades user experience in two ways: it is confusing (user might not notice that the sorting took place), and it makes two requests (one for changed filter and one for sort request).

A bit of background we were able to get:

There is an issue for this on the FR Bugster: OPENIDM-5851

Store task variables to local task scope

Variables submitted during task completion should be stored to task local scope instead of process instance scope. In this moment, the attribute task_id_ in database table act_hi_varinst is completely unused.

Remove licensed files

The samples and the documentation site need to be removed, because they are under the CC-BY-NC-ND licence.

The files that need to be removed:

  • CC-BY-NC-ND license file
  • All the samples
  • License and Forgerock distribution information from the POM
  • Samples and Documentation site

Institute Code Quality Metrics?

Diving into the OpenIDM code, there's a lot of it that is poorly formatted or overly complex. This makes it difficult to test and maintain these areas. Predictably, a lot of these areas of the code are also lacking in test coverage since testing such code requires elaborate setup (it's more of an integration test).

It would be great if Wren:IDM was using a tool like Codacy, codebeat, or CodeClimate, so that contributors can get a handle on what areas of clean

[5.5.0] Admin UI - Cannot Remove a Display Fields from a Resource Collection on a Relationship Field

Affected Versions

Summary

Once you add a display field to a relationship field and save the schema, you can't go back and remove that display field. It has to be removed from the managed.json file manually.

Steps to Reproduce

  1. Start OpenIDM with default project
  2. Navigate to https://localhost:8443/admin/#managed/edit/user/
  3. Click the "Schema" tab, then "manager".
  4. Under "Resource Collections" at the bottom of the page, click the pencil icon.
  5. Select a property under "Display properties".
  6. Click save.
  7. Save the schema.
  8. Go back to the "manager" field.
  9. Under "Resource Collections" at the bottom of the page, click the pencil icon.
  10. Click the "x" icon next to the field that was added in step 5.
  11. Click save.
  12. Save the schema.
  13. Repeat steps 7-8.

Expected Results

  • The removed display field goes away.

Actual Results

  • The display field comes back.

NOT_READABLE properties are not properly audited

Right now the activity audit works based on object before a and object after states. That means if there are attributes marked as NOT_READABLE, those will never get included in the audit record. Fields marked as not readable might be important fields like userPassword, which means that passwordchanged audit flag won't be filled.

Relevant references:

Suggested fix:

Change detection should take fields from the request into account (i.e. sending update/patch/create request field names to audit service together with before and after object state).

Enhancement Request: Use "Readable Title" and "Description" of Managed Objects in the Manage Menu

As a user of the IDM Admin UI, I'd like it if the "Manage" menu used the "Readable Title of each managed object type as its name in the menu, and the "Description" of each managed object type as its tooltip description rather than the "Managed Object Name", so that the menu items are more presentable and easier to differentiate.

Conditions of Acceptance

  • Titles in the "Manage" drop-down are modified, as follows:
    • When a managed object has a "Readable Title" set: that title should be what appears for that managed object type in the "Manage" drop-down.
    • When a managed object is missing a "Readable Title": IDM should fall back to using the "Managed Object Name" for that managed object type in the "Manage" drop-down (before this ticket, this is currently what it does always).
  • Tooltips (which is called the title attribute in HTML5) in the "Manage" drop-down are modified, as follows:
    • When a managed object has a "Readable Description" set: that description should be what appears for that managed object type when hovering over it in the "Manage" drop-down.
    • When a managed object is missing a "Readable Description": IDM should fall back to using the "Managed Object Name" for the tooltip of that managed object type in the "Manage" drop-down (before this ticket, this is currently what it does always).

OrientDB fails to initialize on Alpine Linux

Hi.

Summary

WrenIDM currently bundles OrientDB 1.7.0 as a storage backend for development and evaluation purposes.
Due to incompatibility of OrientDB's dependencies and musl libc used on Alpine Linux (see details below), the WrenIDM cannot be used on Alpine (and Alpine based Docker images) without further changes to the build and OrientDB storage is unusable.

In this issue, I'd like to discuss possibilities of either OrientDB upgrade or replacement by different storage backend as a solution to this problem.

Problem

While trying to deploy and run current WrenIDM master branch (6d06406 as of now) on Alpine Linux v3.7, I get following error on OpenIDM startup:

Jun 25, 2018 3:33:18 PM org.forgerock.openidm.repo.orientdb.impl.OrientDBRepoService init
WARNING: Initializing database pool failed
com.orientechnologies.orient.core.exception.ODatabaseException: Cannot create database
        at com.orientechnologies.orient.core.db.record.ODatabaseRecordAbstract.create(ODatabaseRecordAbstract.java:384)
        at com.orientechnologies.orient.core.db.ODatabaseWrapperAbstract.create(ODatabaseWrapperAbstract.java:55)
        at com.orientechnologies.orient.core.db.ODatabaseRecordWrapperAbstract.create(ODatabaseRecordWrapperAbstract.java:64)
        at org.forgerock.openidm.repo.orientdb.impl.DBHelper.checkDB(DBHelper.java:316)
        at org.forgerock.openidm.repo.orientdb.impl.DBHelper.getPool(DBHelper.java:100)
        at org.forgerock.openidm.repo.orientdb.impl.OrientDBRepoService.init(OrientDBRepoService.java:866)
        at org.forgerock.openidm.repo.orientdb.impl.OrientDBRepoService.getRepoBootService(OrientDBRepoService.java:810)
        at org.forgerock.openidm.repo.orientdb.impl.Activator.start(Activator.java:64)
        at org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:697)
        at org.apache.felix.framework.Felix.activateBundle(Felix.java:2226)
        at org.apache.felix.framework.Felix.startBundle(Felix.java:2144)
        at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1371)
        at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
        at java.lang.Thread.run(Thread.java:748)
Caused by: com.orientechnologies.orient.core.exception.ODatabaseException: Cannot create database
        at com.orientechnologies.orient.core.db.raw.ODatabaseRaw.create(ODatabaseRaw.java:139)
        at com.orientechnologies.orient.core.db.ODatabaseWrapperAbstract.create(ODatabaseWrapperAbstract.java:55)
        at com.orientechnologies.orient.core.db.record.ODatabaseRecordAbstract.create(ODatabaseRecordAbstract.java:338)
        ... 13 more
Caused by: com.orientechnologies.orient.core.exception.OStorageException: Error on creating record in cluster: com.orientechnologies.orient.core.storage.impl.local.paginated.OPaginatedCluster@1d1ef5c0
        at com.orientechnologies.orient.core.storage.impl.local.paginated.OLocalPaginatedStorage.createRecord(OLocalPaginatedStorage.java:691)
        at com.orientechnologies.orient.core.config.OStorageConfiguration.create(OStorageConfiguration.java:394)
        at com.orientechnologies.orient.core.storage.impl.local.OStorageConfigurationSegment.create(OStorageConfigurationSegment.java:49)
        at com.orientechnologies.orient.core.storage.impl.local.paginated.OLocalPaginatedStorage.create(OLocalPaginatedStorage.java:303)
        at com.orientechnologies.orient.core.db.raw.ODatabaseRaw.create(ODatabaseRaw.java:135)
        ... 15 more
Caused by: java.lang.UnsatisfiedLinkError: /tmp/snappy-unknown-f952ea44-7c77-42b0-b2fd-4a3c1540afd8-libsnappyjava.so: Error loading shared library ld-linux-x86-64.so.2: No such file or directory (needed by /tmp/snappy-unknown-f952
ea44-7c77-42b0-b2fd-4a3c1540afd8-libsnappyjava.so)
        at java.lang.ClassLoader$NativeLibrary.load(Native Method)
        at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
        at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1824)
        at java.lang.Runtime.load0(Runtime.java:809)
        at java.lang.System.load(System.java:1086)
        at org.xerial.snappy.SnappyLoader.loadNativeLibrary(SnappyLoader.java:166)
        at org.xerial.snappy.SnappyLoader.load(SnappyLoader.java:145)
        at org.xerial.snappy.Snappy.<clinit>(Snappy.java:47)
        at com.orientechnologies.orient.core.compression.impl.OSnappyCompression.compress(OSnappyCompression.java:36)
        at com.orientechnologies.orient.core.compression.impl.OAbstractCompression.compress(OAbstractCompression.java:30)
        at com.orientechnologies.orient.core.storage.impl.local.paginated.OPaginatedCluster.createRecord(OPaginatedCluster.java:400)
        at com.orientechnologies.orient.core.storage.impl.local.paginated.OLocalPaginatedStorage.createRecord(OLocalPaginatedStorage.java:674)
        ... 19 more

        -> -> Jun 25, 2018 4:08:33 PM org.forgerock.openidm.info.impl.HealthService$4 run
SEVERE: OpenIDM failure during startup, ACTIVE_NOT_READY: Not all modules started [] [org.forgerock.openidm.repo-orientdb] []

After printing OSGi SCR services in felix console shows that openidm-orientdb service did not load:

-> scr list
 BundleId Component Name Default State
    Component Id State      PIDs (Factory PID)
 [   7]   org.forgerock.openidm.config.enhanced.starter  enabled
    [   1] [unsatisfied reference] org.forgerock.openidm.config.enhanced.starter
 [   7]   org.forgerock.openidm.config.manage  enabled
    [   0] [unsatisfied reference] org.forgerock.openidm.config.manage
 [  12]   org.forgerock.openidm.datasource.jdbc  enabled
 [  12]   org.forgerock.openidm.repo.jdbc  enabled
 [  15]   org.forgerock.openidm.cluster  enabled
 [  17]   org.forgerock.openidm.http.context  enabled
    [   2] [active      ] org.forgerock.openidm.http.context
 [  20]   org.forgerock.openidm.selfservice  enabled
 [  20]   org.forgerock.openidm.selfservice.kba  enabled
 [  20]   org.forgerock.openidm.selfservice.kbaservice  enabled
    [   4] [unsatisfied reference] org.forgerock.openidm.selfservice.kbaservice
 [  20]   org.forgerock.openidm.selfservice.propertymap  enabled
 [  20]   org.forgerock.openidm.selfservice.userupdate  enabled
    [   3] [unsatisfied reference] org.forgerock.openidm.selfservice.userupdate
 [  33]   org.forgerock.openidm.endpoint  enabled
 [  35]   org.forgerock.openidm.managed  enabled
 [  35]   org.forgerock.openidm.recon  enabled
    [   5] [active      ] org.forgerock.openidm.recon
 [  35]   org.forgerock.openidm.sync  enabled
    [   7] [unsatisfied reference] org.forgerock.openidm.sync
 [  35]   org.forgerock.openidm.synchronization  enabled
    [   6] [unsatisfied reference] org.forgerock.openidm.synchronization
 [  48]   org.forgerock.openidm.script  enabled
 [  48]   org.forgerock.openidm.script.ScriptedPatchValueTransformerFactory  enabled
    [   8] [unsatisfied reference] org.forgerock.openidm.script.ScriptedPatchValueTransformerFactory
 [  50]   org.forgerock.openidm.security  enabled
    [   9] [unsatisfied reference] org.forgerock.openidm.security
 [  58]   org.forgerock.openidm.maintenance  enabled
    [  11] [active      ] org.forgerock.openidm.maintenance
 [  58]   org.forgerock.openidm.maintenance.filter  enabled
    [  15] [active      ] org.forgerock.openidm.maintenance.filter
 [  58]   org.forgerock.openidm.maintenance.update  enabled
    [  16] [active      ] org.forgerock.openidm.maintenance.update
 [  58]   org.forgerock.openidm.maintenance.update.archives  enabled
    [  13] [active      ] org.forgerock.openidm.maintenance.update.archives
 [  58]   org.forgerock.openidm.maintenance.update.config  enabled
    [  10] [active      ] org.forgerock.openidm.maintenance.update.config
 [  58]   org.forgerock.openidm.maintenance.update.log  enabled
    [  12] [active      ] org.forgerock.openidm.maintenance.update.log
 [  58]   org.forgerock.openidm.maintenance.updatemanager  enabled
    [  14] [active      ] org.forgerock.openidm.maintenance.updatemanager
 [  62]   org.forgerock.openidm.audit  enabled
 [  62]   org.forgerock.openidm.audit.filter  enabled
    [  17] [active      ] org.forgerock.openidm.audit.filter
 [  72]   org.forgerock.openidm.auth.config  enabled
    [  18] [active      ] org.forgerock.openidm.auth.config
 [  72]   org.forgerock.openidm.authentication  enabled
 [  75]   org.forgerock.openidm.config.enhanced  enabled
    [  19] [active      ] org.forgerock.openidm.config.enhanced
 [  79]   org.forgerock.openidm.health  enabled
    [  20] [active      ] org.forgerock.openidm.health
 [  79]   org.forgerock.openidm.info  enabled
 [  87]   org.forgerock.openidm.identityProvider  enabled
 [  87]   org.forgerock.openidm.identityProviders  enabled
 [  90]   org.forgerock.openidm.openicf.syncfailure  enabled
    [  21] [unsatisfied reference] org.forgerock.openidm.openicf.syncfailure
 [  90]   org.forgerock.openidm.provisioner.openicf  enabled
 [  90]   org.forgerock.openidm.provisioner.openicf.connectorinfoprovider  enabled
    [  22] [active      ] org.forgerock.openidm.provisioner.openicf.connectorinfoprovider
 [  99]   org.forgerock.openidm.external.rest  enabled
    [  23] [active      ] org.forgerock.openidm.external.rest
 [ 102]   org.forgerock.openidm.router  enabled
 [ 102]   org.forgerock.openidm.router.internal  enabled
    [  24] [active      ] org.forgerock.openidm.router.internal
 [ 104]   org.forgerock.openidm.policy  enabled
 [ 112]   org.forgerock.openidm.keystore  enabled
    [  25] [active      ] org.forgerock.openidm.keystore
 [ 112]   org.forgerock.openidm.keystore.impl.manager  enabled
    [  27] [active      ] org.forgerock.openidm.keystore.impl.manager
 [ 112]   org.forgerock.openidm.keystore.sharedkey  enabled
    [  28] [active      ] org.forgerock.openidm.keystore.sharedkey
 [ 112]   org.forgerock.openidm.truststore  enabled
    [  26] [active      ] org.forgerock.openidm.truststore
 [ 115]   org.forgerock.openidm.messaging  enabled
 [ 118]   org.forgerock.openidm.crypto  enabled
    [  29] [active      ] org.forgerock.openidm.crypto
 [ 121]   org.forgerock.openidm.workflow  enabled
 [ 136]   org.forgerock.openidm.provisioner  enabled
    [  30] [active      ] org.forgerock.openidm.provisioner
 [ 158]   org.forgerock.openidm.ui.context  enabled
 [ 163]   org.forgerock.openidm.api-servlet  enabled
    [  33] [unsatisfied reference] org.forgerock.openidm.api-servlet
 [ 163]   org.forgerock.openidm.error-servlet  enabled
    [  31] [active      ] org.forgerock.openidm.error-servlet
 [ 163]   org.forgerock.openidm.router.servlet  enabled
    [  32] [active      ] org.forgerock.openidm.router.servlet
 [ 165]   org.forgerock.openidm.felix.webconsole  enabled
 [ 196]   org.forgerock.openidm.external.email  enabled
 [ 200]   org.forgerock.openidm.servletfilter  enabled
 [ 200]   org.forgerock.openidm.servletfilter.registrator  enabled
    [  34] [active      ] org.forgerock.openidm.servletfilter.registrator
 [ 202]   org.forgerock.openidm.schedule  enabled
 [ 202]   org.forgerock.openidm.scheduler  enabled
 [ 202]   org.forgerock.openidm.taskscanner  enabled
    [  35] [unsatisfied reference] org.forgerock.openidm.taskscanner

The main cause of this faulty behavior is shown by following line of the output.

Caused by: java.lang.UnsatisfiedLinkError: /tmp/snappy-unknown-f952ea44-7c77-42b0-b2fd-4a3c1540afd8-libsnappyjava.so: Error loading shared library ld-linux-x86-64.so.2: No such file or directory (needed by /tmp/snappy-unknown-f952

What happens is: Version of OrientDB that is currently packaged with OpenIDM (1.7.0) contains mandatory dependency on org.xerial.snappy:snappy-java:1.1.0.1 artifact.

org.forgerock.openidm:openidm-repo-orientdb:bundle:5.5.0-SNAPSHOT
     +- com.orientechnologies:orientdb-core:jar:1.7.10:compile
          +- org.xerial.snappy:snappy-java:jar:1.1.0.1:compile

In pom.xml of openidm-repo-orientdb module, this dependency is directly overriden by specifiying higher version of the snappy-java:l.1.1.6 (this fact is not important for this issue)..

This dependency is mandatory, which means without it, the orientdb-core bundle cannot be resolved during OSGi init.

The snappy library uses some native pre-compiled code (snappy-java.jar!org/xerial/snappy/native/Linux/x86_64/libsnappyjava.so) that is packaged with the library and this code fails to load on Alpine Linux because Alpine is musl based distro. Native code in snappy library was compiled and thus is incompatible with musl-based distros (see xerial/snappy-java#181).

Possible solution

I have fiddled with this issue on a 4.0.0 version of OpenIDM codebase a while ago and I was able to make it work by upgrading OrientDB to it's most recent stable version (OrientDB 2.2.22 back then).

You can see changes required for OrientDB upgrade in this commit

This version of OrientDB marks problematic snappy-java as an optional dependency (org.xerial.snappy;resolution:=optional in OSGi manifest, see module's POM for more detail) so it can be safely excluded on the consumer side (ie. openidm-repo-orientdb module). After upgrading this version of OrientDB, the snappy-java dependency can be safely excluded from classpath and OSGi framework won't complain about missing bundle (we will lose an ability to use compression in OrientDB which is probably fine for evaluation/dev purposes of this storage option).

I would be willing to port these changes to WrenIDM and upgrade OrientDB dependency to its latest version (latest stable is 3.0.2, so that would probably be the target I'll be aiming for) but I'd like to hear your opinion first.

Alternative

According to OpenIDM 5.5.0 release notes, OPENIDM-8861 and OPENIDM-10890, FR has replaced OrientDB with an embedded OpenDJ as a storage backend for product evaluation.

I'd appreciate any opinions and comments on this issue.

Thanks in advance.

Should we migrate to JUnit 5?

I want to start a discussion about potentially migrating to JUnit 5. The main objective of this issue is to enumerate potential flaws of TestNG, benefits of JUnit 5 and any other topics connected with the migration. This issue is not meant to be call to action.

Points worth consideration

  • Build system support
    • We are using Maven, both frameworks integrate well with it.
  • Code coverage support
    • TODO
  • OSGi support
    • Wren:IDM is specific in a way that it is OSGi based project. AFAIK only JUnit has components to help with OSGi testing. Many projects from the OSGi heavily rely on JUnit (e.g. bnd and Apache Slign).
    • TODO what about bnd testing?
  • IDE support
    • Eclipse: JUnit is the official test framework for the IDE itself and provides a bit better UX than TestNG
    • IDEA: TODO
  • Community support
    • Using GitHub's metrics TestNG has 1.6k stars JUnit has 4.3k stars. Both projects have pretty much the same number of opened issues and are under active development.
  • Wren Security support
    • Every Wren Security project is using TestNG right now. Switching JUnit in Wren:IDM would be pretty significant anomaly in that sense.
    • There is no shared library or process that makes the switch unfeasible. New framework would bring additional complexity to the interconnected family of Wren Security project, however Wren:IDM is the odd one out and the switch does not need to have impact on anything else (or maybe we can slowly switch the rest of the platform as well). Switching one project to JUnit is not that big of a deal, considering that this project is also the only OSGi project here.

Why we want to switch

  • OSGi support - if we want to write better bundle integration tests
  • Eclipse support - see IDE support in previous section
  • TODO

Disclaimer 1: I am pretty sure this is not the right place for this discussion - we can move it later (feel free to suggest better format).
Disclaimer 2: I have much more experience working with JUnit than TestNG... so I am definitely biased.

[5.5.0] Special Characters in Display Fields used for Relationship Fields are not HTML Unescaped

Affected Versions

Summary

Once you add a display field to a relationship field and save the schema, you can't go back and remove that display field. It has to be removed from the managed.json file manually.

Steps to Reproduce

  1. Start OpenIDM with default project
  2. Navigate to https://localhost:8443/admin/#managed/edit/user/
  3. Create a user who's user name is "Bob & Jane".
  4. Create another user and select "Bob & Jane" as their "Manager".
  5. View the new user.

Expected Results

  • The name of the manager appears as Bob & Jane.

Actual Results

  • The name of the manager appears as Bob &amp; Jane.

  • Here's a related, but different, example:
    image

Enhancement Request: Provide Reconciliation Error Logs through Admin UI

As a user running reconciliation manually, I'd like it if there was a way to get the error log for a "failed" reconciliation through the Admin UI so that I don't have to have SSH or physical access to the Wren:IDM server.

Conditions of Acceptance

  • The default logging configuration is modified to write logs for each mapping to a separate file.
  • On the mapping page, a link is added to retrieve the last log from the log file for the mapping.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.