CzechIdM 10.4

The main goals of version 10.4.0 were to implement delegations of approval tasks and to improve automatic roles assigned based on organizational structure.

The aim of delegations is to transfer approval tasks to another solver. We divide delegations into automatic and manual.

Automatic delegation

In automatic delegations, a rule is first created according to which tasks are automatically delegated. A typical example is the user's departure on holiday.

In this case, the user creates a delegation, where he selects the validity of the delegation and the delegate (the user to whom the tasks will be moved). From the moment the created delegation is valid, tasks will be delegated to the delegate. The type of delegation we chose when creating the rule determines which tasks will be delegated.


You can find more about this feature here.

Manual delegation

Manual delegation allows a user to reassign his tasks to someone else.

Are only available as a bulk operation on the agenda of assigned tasks. Manual delegation can also be used in the administrator mode, where the user has the right to see all unresolved tasks, all users.


You can find more about this feature here.

When organizational structure is changed, for example one element is moved in tree structure under different parent, then defined automatic roles are recalculated by the new tree structure.

Recalculation of automatic roles is skipped during tree sync. Recalculation of automatic roles can be (should be) correctly started after the end of the sync. This can be ensured by the property 'After end, start the automatic role recalculation' on the detail of sync configuration. Automatic roles are recalculated for synchronized tree nodes, where tree structure (parent node) was changed.

You can find more about this feature here.

In this version was added supoort for authentication against multiple system.

The feature extends original authentication against one system. The feature configuration allow set an many number of systems for authentication and define their specific order. When first system return successful authentication the authentication chain will end, otherwise chain continues.

You can find more about this feature here.

  • #984 - Delegations in IdM
  • #1043 - Support skip recalculation for automatic roles by tree structure.
  • #732 - Recalculate automatic roles after move some nodes
  • #2201 - Extending password validation by option "must not start/end with something".
  • #2273 - Bulk action for re-assign workflow tasks
  • #2247 - Check performance for 2000 virtual systems
  • #2046 - Authentication against multiple systems
  • #2282 - Filter: Throw exception, when no registered filter is found
  • #2272 - Add a filter to find managers' contracts by subordinate's contract
  • #2086 - LRT: add form attributes localization
  • #2157 - IdmTool - resolve third party module dependencies
  • #2296 - FE: add redirect on click menu item with sub menus
  • #2167 - Remove "useLegacyMergeSort=true" from Tomcat unit configuration
  • #2293 - Filter roles with no catalogue folder
  • #2295 - Optimalization of authentication against end system - perform GET only if "Authentication attr." is checked
  • #2154 - Automatic roles: Support user type field (projection) in automatic role by attribute
  • #2275 - Automatic role by tree structure: find valid (now or in future) contracts only (query optimization)
  • #2361 - Authorization policies - SelfContractEvaluator
  • #2356 - Identity projection - sort prime contracts by created date (prevent to reorder identity contracts beetwen form is saved and shown)
  • #1928 - IdentityStateEnum missing in index.js
  • #2158 - IdmTool - frontend build failed on heap limit (update node 12.x version)
  • #1885 - Removing an automatic role by attribute creates a request in concept with editable detail and after submitting it again, Server error appears
  • #2307 - Importing a batch created by CzechIdM on Windows fails on Linux
  • #2312 - Import of several virtual systems at once causes "Too many open files" errors and unavailability of IdM
  • #2346 - Notification skip on create of a workflow task doesn't work properly
  • #2336 - Authorization policies - policies for standard logged user (self) and manager (by subordinate) cannot be configured together
  • #2207 - LRT: Warning about task already running is logged repetitively
  • #2254 - Use the same json format as npm in package json desciptors.
  • #2313 - Identity projection - projection properties on mssql cannot be saved
  • #2305 - Automatic role by tree structure: contract and position cannot assign the same automatic role
  • #2357 - Identity projection - prevent to delete new prime contract, when prime contract order is changed
  • #2360 - IdmNotificationRecipient - integrity problem