Skip to main content
Version: Cloud

Resolved Issues and Bug Fixes

Read more about resolved issues and bug fixes in this release.

Access Approvals

Access approvals does not work properly

We fixed bugs that prevented correct functioning of the Access approval and did not allow:

  • Reassigning an access approval to a new user or viewing and approving them.
  • Displaying questions correctly when Everyone does not have access to a specific resource.

Enterprise Server

Incorrect UserHostAddress in Splunk logs for load balancing scenario

There was an issue where the metadata sent to Splunk contained the UserHostAddress of the load balancer instead of the actual client's IP (HTTP_X_FORWARDED_FOR).

This has been fixed. Now, when determining the client's IP address, we consistently use the X_FORWARDED_FOR header value if it is provided in the HTTP request. Previously, it was only used in some cases.

INC-275877

Changes made via Changeset for AppString do not persist

We've fixed an issue with transporting the Type of an AppString object using changeset logging. Previously, the Type could be recorded in one environment, but the change could not be imported into another environment.

INC-274908

ViewStateFailure - intermittent and unexpected session expired error

There was an intermittent This session has expired error. We have now fixed this issue.

INC-275687

Data object property handling in Access Requests

An issue was identified with hiding classification information in the GetDataObjects response during access request creation. We have reduced the number of properties fetched for data objects in the legacy UI Access Requests page to only the necessary ones.

INC-275169

Role and Policy Engine

Disabled auto accounts

We have added a warning message regarding RoPE calculation in the following situation:

  • If auto account creation is enabled for a system or resource type, it will not be created if an existing account for that identity and system already exists. This can cause an issue if the existing account is disabled, as the auto account would generate an enabled one. In such cases, RoPE will generate a warning message explaining why the account remains disabled.

INC-275193

Issue with provisioning tasks repeating multiple times

We have implemented an update in the merging process of actual state and desired state attributes. Previously, in scenarios where the desired state assignment was disabled and the actual state was enabled, the attribute from the actual state object would be copied, and the desired state attribute would be ignored. This has been improved so that the desired state attribute takes precedence, even if the desired state assignment is disabled.

INC-271514

Slow calculations with Auto Accounts with Child Resources

An issue has been fixed where a combination of trusted systems, child resources, and multiple account types caused an indefinite delay in calculations.

INC-277369

Failed calculations for multiple identities

There was an issue with failed calculations for multiple identities. The logging indicated the following: Value cannot be null. Parameter name: onlyUseAccountType (level Medium). The problem occurred when user deleted Account Type(s). This bug fix includes code to block the deletion of account types via the UI (by removing delete buttons) and to block deletion via OData (by throwing an exception when attempting to delete an account type).

INC-274107

RoPE invalid DateTime issue

We've resolved an issue where the Identity ValidFrom field was imported with a Date only value and a time of 00:00. If the Date coincides with a Daylight Savings Transition Date for the specified TimeZone and the transition time is 00:00, RoPE cannot convert the ValidFrom value to a local datetime. This is because such a time does not exist in the TimeZone. The solution is to adjust the time component by applying the Daylight Savings offset on these dates.

INC-277406

Connectors

SAP HCM data import (collector) extended XPaths settings

The SAP HCM data import (collector) now has extended default XPaths settings to read 20 custom fields (compared to 10 custom fields in the previous version).

INC-275054

Omada Provisioning Service extension methods - null checks

Omada Provisioning Service (OPS) extension methods used in the task mappings have been improved with null checks. In the previous versions, if null value was provided as input, some of the functions returned NullReferenceException. Currently, null or default value is returned in such cases, exceptions are not thrown.

INC-275117

OAuth token type field available for all OAuth types

For the REST-based data imports (collector), The OAuth token type field is now available for all OAuth types (before it was visible only for OAuth static and custom types). The field is not mandatory - if the authentication service returns the type, it will be used. Some APIs do not return the token type - for such cases, this field can be used to specify the token type.

INC-275021

REST data import failed for some types of private keys

The REST data import (collector) failed with the error Unable to cast object of type Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair to type Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters for some types of private keys. This issue has been fixed.

INC-275532

Documentation

Email templates with event definitions

An issue was identified with the reference paths in the mail template not working as expected. This problem occurs when the email recipient does not have permission to view the objects referenced in the paths, resulting in these keys being replaced by empty values. The explanation for this behavior has been added to the Email notification documentation.

INC-274584

Other

Code methods information

The information about the Code method OnboardingContractor.CreateContractorIdentity2 has been updated.

INC-277318

Filtering missing on transition object

Fixed bug where event definition in process template does not respected Target object type.

INC-273718

Authentication RETURNURL XSS Vulnerability

We've fixed an issue where, in some cases, the authentication code did not validate that the RETURNURL was a valid relative URL. This prevents any links to the login page from containing external or absolute URLs.

Issue with unresponsive imports

An issue with unresponsive imports have been resolved. In the SSIS data flows the extension attributes are included as strings. Including extension attributes in a more structured shape allows to improve import performance.

INC-274975

Jobs purging prevents storing new jobs

Creation of new jobs usually peaks during specific hours. Purging of archived jobs should be done outside of these peak hours. You can configure OPS to perform purging during selected time windows (in UTC) in the omada.ops.service.exe.config file:

Setting both values to 0 disables the operating window (purging will take place throughout the day). Note that PurgingEndingHour must be greater than PurgingStartingHour.

To determine the peak hours when new jobs are created in your system, use the following SQL:

select createHour=datepart(hour, CreatedTime) , count(*)
from Jobs 
group by datepart(hour, CreatedTime) 
order by createHour

INC-271429