What's New in Designer

Designer for Identity Manager can be updated online, which is a nice feature. With each new release they update the readme, but I never find the level of detail there sufficient to satisfy me. Thus I go digging to understand what they added and what it means to me. Since I am doing this for myself anyway, let me go share this with everyone else.

I have written a number of articles like this before:

Hmm, looking at that list I see I have been doing a lot more of these than I remembered. The last three are important since they look at the new features in Designer 4.5.1. Recently Designer was released via the Update web site and as I was doing my update, I grabbed the text in the readme about what is new so I could discuss it in this format. The update info, and the What's New option from Designers Help Menu show what changed in, 4.5.1, and also I addressed many of the earlier release items in my series on what is new in Designer 4.5.1 so I will skip those and instead look only at the new features in

New Feature and Enhancements

Designer now supports REST driver.

One of the flaws in Designer, to my mind at least, is that adding a new driver to the palette of available drivers (Right hand side of the screen) means an update to Designer. Yes, just getting the packages from the Update Site will allow you to add it from the Add New Driver menu options, but to register a new shim type, a new icon in the palette and so on requires an update. This is admittedly a small and minor update, but nonetheless still required. One place you would not think about it needing to be updated, but when the shim type is registered, it means that when building a Package you can now specify this type of driver to limit where the package can be installed.

Does it really matter if you drop it from the palette or from a menu item? Alas, it is starting to. There are a couple of drivers due soon enough (currently in beta, or recently released) that have helper tools to create the driver. That is, in addition to the standard prompts you get from Packages to fill in information, there will be additional 'builders' for defining other things. The two examples I know of, without too many specifics are fan out instances where you need to build a definition for each instance being fanned out to. I personally find this approach bothersome, since I like using the Add New driver menu option and never drag and drop drivers or anything else. (Ok maybe in Workflows I drag and drop stuff but that is different).

Regardless, NetIQ has released a REST driver (REpresentational STate) which is worthy of discussion on its own and is quite a clever driver. This update ads it to all the places it needs to be added. There was a very good IDM User Group session on this driver by its developers if you are interested, contact me to get added to that group.

It looks like the major item added is the REST drivers inclusion. See below for the other items it mentions and the articles in which I discussed them in the past. On to the high level bug fixes that they felt were worth calling out.

Fixes included:
Designer crash issue, which used to happen on driver start, stop or status check, has now been resolved.

I was trying to find the bug that underlies this one, to understand what was going on since I never experienced this issue.

Workflow editor now displays large workflows correctly without hiding any of the entities.

This particular issue was very annoying and I ran into it several times. When you use the Provisioning side of Designer and try to design a Workflow, as you drop new items into the process the layout gets redrawn. All the time. Which is astonishingly annoying. Alas this bug does not fix this issue. I can only wish. However it does fix this strange issue where the scaling was such that you could not keep your entire workflow layout on screen. It would have to scroll, and changing the zoom factor did not always help.

As you can imagine, on a large, high resolution screen running out of screen real estate can be very bothersome. This fix at least keeps it all visible as best it can.

The main complaint about the redrawing is that you cannot remember where things are located since they change every single time you make a change to the elements of the workflow. (That is add or remove an element, not change its properties). Now you can change the Activity's pretty name or even its underlying Activity Name (which is what is shown in the trace log) but that just means you still have to find your item that you want to work on, often in a new spot each time you look.

I know that I get very annoyed when my driver layout is 'auto arranged' since I remember where drivers are by position/location and that helps me find things much faster than any other method.

On a custom driver level package, the 'subscriber creation' option was not there in 'Linkage of External Items'. This has now been added in Designer.

This was a bit of a strange bug. Generally, when you build a package, you make a Policy object (or GCV or DirXML-Resource, or whatever) and right click Add to Package. (assuming there is an open package, package developer mode is enabled on the tree, and so on). Then you right on the object, select Package Properties, and there is a Linkage tab, where you can change how it is linked in. Be that by weight, or as first, last, after something else, or whatever you chose. The preferred approach these days is by a discrete weight value, other than the default of 500. In fact in the IDM 4.5 and 4.5.1 releases of new packages there was a distinct effort made to fix all weight of 500 objects and set unique values. This is because it was not always consistent on how Designer would order three policies all with a weight of 500. By setting them to say 505, 510, and 515 you can control the order properly, and leave room to insert other policies.

That is how you normally link in policies to a driver package. However it turns out there is an equally valid approach, that is more modeled after how you would handle policies in a Library. In this case you would go to Properties of the Package itself. (The version number part, not the parent object in the Package Catalog) There will be a Linkages side tab, and a small plus sign in the upper right of the screen.

If you click the plus sign a new selector appears on the previously blank screen, and you the first item is a field with a Search button to select the actual item to be linked in. Here you browse through the Package Catalog and select one piece of a package at a time.

You can see how this works in the Password Sync packages in all new IDM drivers. (Well really since IDM 4.x and packages). There is a Password Synchronization Common package that is installed on the driver, and it delivers a GCV object and 11 Policy objects. However none of them get linked in, when you add it to a driver. Rather they just get created to be pushed out to the IDV and the IDM engine.

Then each driver (Active Directory, LDAP, eDirectory and so on) has specific Password Synchronization package named Active Directory Password Synchronization or LDAP Password Synchronization. When you look at these driver specific packages they usually contain no Policy or other objects. (Bidirectional eDirectory would be an exception) Rather the Linkage tab on the Properties page specifies that the 11 policies from the Password Synchronization Common get linked into the policy set flow the proper way.

Back to the Linkages tab on the Package Property, and after you have browsed and selected an item from an existing package in the catalog to link in, the next issue is to decide where to link in that object. The Package is selected because you selected an object in it, and you will be asked if you want to add a dependency on this prior package, and usually the answer is yes. I cannot think of a real use case where the answer would be no.

Next up is Policy Set, as in, where in the fishbone view do you wish to see your object linked. The type of object you select will affect your options here. If you select a GCV object, you cannot place it in the Subscriber Command Transform, that would make no sense at all.

However if you had selected a Policy or XSLT object then you will get the choices of each channel (Subscriber and Publisher) and the then the policy set into which you wish to link.

For whatever crazy reason, when Designer 4.5 shipped it was missing the Subscriber Event Transformation in that list. For no apparent reason that I have ever been able to figure out, one possible location was missed. Everything else about this stuff was fine that one item was missing. I am sure there is a properties file in a JAR that defines the list, and a localization file that knows how to translate the shown value to different languages and all they had to do was fix the fact it was missed. This was a very strange issue that I did not entirely believe until I tried it myself on three different systems.

What is kind of neat about this issue is that someone in the support forums (Free support, lots of people answering questions. Sometimes you get a great answer, sometimes you get nothing, but it is free, so what did you expect?) noticed this, a bug was submitted, and the fix was released. It did not really take all that long either, which was nice. No need for an SR (Service Request) no need for calling support or going through an Account manager, just ask about it in the forum, people there (I happen to post a lot there) reproduced and reported it then it got fixed. How nice is that?

Anyway that is about it for this article. Looking forward for another Designer release and the various goodies and fixes to write about next!

Discussed earlier:

In the article: https://www.netiq.com/communities/cool-solutions/whats-new-designer-4-5-1-part-1/

  • Designer provides a single view user interface for viewing and upgrading the installed packages in your Identity Manager project. To access the single view use interface, right-click Package Catalog in the Outline view, then select Package Upgrade.4.5.1

  • Designer now extends the Compare Customization feature to the driver set and Identity Vault packages in addition to drivers. This feature compares the package items with the driver set or Identity Vault items similar to the driver items.4.5.1

  • Designer now supports comparing resource objects. For example, you can now compare objects such as resources, mapping tables, ECMA script, prompts, and so on, similar to the existing Compare Policies feature4.5.1

  • Designer now supports copying server-specific settings for GCV resources.4.5.1

In the article: https://www.netiq.com/communities/cool-solutions/whats-new-designer-4-5-1-part-2/

  • Designer provides the ability to copy the Engine Control Values by using "Copy > Server-Specific Settings..." option from the Driver's context menu.4.5.1

  • The Project Checker has been enhanced to notify if upgrades are available for the packages installed on a driver, driver set, and Identity Vault.4.5.1

  • The Project checker has been enhanced to notify if the driver or driver set policies in a user created package have After/Before linkages or have the same weight in a policy set.4.5.1

  • Designer provides you an option to update the GCVs without the need for deploying the entire driver or the driver set that contains the GCV. You can now deploy the GCV from the Deploy Attributes section in the Driver or Driver Set configuration.4.5.1

  • The Package Manager now provides a new document during prompt transformations for packages. This document will help the package developers to move the prompts from the driver configuration parameters to GCVs.4.5.1

In the article: https://www.netiq.com/communities/cool-solutions/whats-new-designer-4-5-1-part-3/

  • Designer's Document Generation feature now includes linked GCV objects. To display the GCV resource name, the Source column is included in the GCV table.4.5.1

  • Designer now includes "error.do-find-matching-object" error variable in the Variable browser under Policy Builder.4.5.1

  • Designer now lists all the versions of the packages except the existing versions on Designer. Earlier Designer listed only the latest versions of packages during online package updates.4.5.1

  • The "Copy server-specific settings…" dialog box now displays properly upon maximizing the window.4.5.1

  • During the base package upgrade, Designer now preserves the Data Abstraction Layer changes added through a User Application non-base package.4.5.1

  • Designer resolves the connectivity issue observed while using the Version Control feature of Designer on a secure server.

  • Designer no longer reports errors if you deploy a Workflow from Designer 4.5 to an older version of User Application.


How To-Best Practice
New Release-Feature
Comment List