CalNet operates a complex suite of applications that support the Identity and Access Management functions of the University. Below are CalNet releases from previous calendar years. Records of releases have been maintained on this website since March 2016.
You can sign up to receive timely notices when CalNet has a new release. To subscribe to the list, go to: https://groups.google.com/a/lists.berkeley.edu/d/forum/calnet-releases and click JOIN.
Or, see current year CalNet Releases.
December 2, 2018, 8:00am
The nds.berkeley.edu certificate is expiring on December 6th, 2018. Though this is now considered to be our legacy LDAP system we have several customers still using the cluster. This may impact their applications if they are manually importing certificates into their application's key store. CMR: CHG0032146
Services Affected
- nds.berkeley.edu
- Any application still using nds.berkeley.edu
November 30, 2018, 7:00am
This release is an upgrade of the the test/qa instance of CAS to version 5.3.6. This will enable customers to test the latest version of CAS on auth-test.berkeley.edu. New features and improvements can be found at https://calnetweb.berkeley.edu/calnet-technologists/cas/cas-53-upgrade. CMR: CHG0032155
Services Affected
- CAS auth-test
November 1, 2018, 7:30am
This release includes a variety of bug fixes; updates to system software; improvements to Registry Provisioning, SOR-Gateway Service, Active Directory, and CalNet Account Manager; and development on UCPath and the Cirrus guest app replacement. CMR: CHG0032080
Notable changes include
- Users in grace can use CalNet Account Manager
- Users in grace will be disabled but not deleted in Active Directory
- Users with a lapsed but not terminated HCM record will receive regular grace period notifications
- Guests will be able to use CalNet Account Manager to recover passphrase and change passphrase (new Guests will need to wait 24 hours after account creation before they can use this feature)
Services Affected
- Registry Service
- Registry Provisioning
- SOR Gateway Service
- CS Delegates
- SOR Gateway
- UCPath
- Cirrus Guest App
- CalNet Account Manager
- CalNet Guest Accounts
- Active Directory
- Special Purpose Accounts
Tickets Resolved
| Ticket | Comment |
| CNR-1744 | registry-service java.lang.IllegalArgumentException: null exception |
| CNR-1743 | registry-service principal cannot be null exception |
| CNR-1748 | CS delegate quartz job is running but doesn't appear to be doing anything in production |
| CNR-1737 | UCPath: Get test env hooked up to ddodsdpt ucpath DDODS |
| CNR-1738 | UCPath: Gain access to I-371 integration team's api-central REST endpoint |
| CNR-1753 | UCPath: real time messages need to go through the match engine |
| CNR-1751 | UCPath: Get test env hooked up to i-280 ihub endpoint |
| CNR-1731 | UCPath: Add mock i280 SORObjects to registry-mock |
| CNR-1662 | UCPath: Develop JMS consumer for expected format of real-time iHub messages for I-280 data |
| CNR-1752 | UCPath: Write a script to invoke I-371 (request I-280) for a list of EMPLIDs |
| CNR-1750 | UCPath: Send a UID message to uc path uid endpoint |
| CNR-1740 | UCPath: Add PS_PER_POI_TRANS to DDODS query |
| CNR-1732 | UCPath: Modify reg-prov-scripts to treat the i280 SOR as primary uc path SOR |
| CNR-1749 | UCPath: IHub real-time messages currently contain " " (quotespacequote) for empty values. Need to convert these to nulls. |
| CNR-1665 | UCPath: Modify BPR views to replace HCM with UCPath or augment views with UCPath data |
| CNR-1758 | sor-gateway hash and query quartz jobs should not be executing service methods within log.info() call |
| CNR-1759 | In sor-gateway incorrect calnetSorHashAndQuery.enabled check logic in hash and query quartz jobs |
| CNR-1761 | UCPath: Improve the UcPath?AppointmentsJson.getUcPathAppointmentEffectiveStatus logic for future effective appointments |
| CNR-1725 | UCPath: Mechanism for detecting desynchronization between DDODS and last i280 received |
| CNR-1762 | Create mechanism in SGS to call the IHub UCPath I-371 (request msg) interface |
| CNR-1771 |
Cirrus: Create LDAP DownstreamObject for Cirrus guests and add GUEST-TYPE-SOCIAL to berkeleyEduAffiliations (this has changed to GUEST-TYPE-SPONSORED as of March 2019). |
| CNR-1776 | Cirrus: Add sponsorUid to LDAP |
| CNR-1774 | Cirrus: Need to pay attention to the guest end date in the Cirrus JSON |
| CNR-1763 | Cirrus: Add Cirrus SORObject processing to registry-provisioning-scripts |
| CNR-1766 | Cirrus: Add an Identifier type for the Cirrus primary key |
| CNR-1767 | Cirrus: Add an IdentifierType for the Cirrus accepted invitation ID |
| CNR-1765 | Cirrus: Add an IdentifierType for Cirrus Guest Sponsor UID |
| CNR-1718 | Cirrus can't provide sponsorUid, only sponsorEppn (calnetId), in the messages they pass back -- convert eppn to uid as early as possible on our end |
| CNR-1768 | Cirrus: Add an IdentifierType for Cirrus Guest Sponsor EPPN |
| CNR-1769 | Cirrus: Add a cirrusGuest role |
| CNR-1770 | Cirrus: Set primaryOU to ou=Guests |
| CNR-1772 | Cirrus: Add person name from Cirrus JSON to PersonName table |
| CNR-1773 | Cirrus: Add personal (social) email address to Email table |
| CNR-1722 | Latest Apache HttpClient versions, included in recent Grails/SpringBoot apps, break REST HTTP Digest authentication |
| CNR-1622 | Remove commas from the calnet sor person identifier in the CalNet SOR Person tool for a better copy and paste experience |
| CNR-1782 | Create a batch job to reprovision people where current date > ASGN_END_DT |
| CNR-1784 | AD: In-grace people should be disabled in AD, not deleted |
| CNR-1781 | Upgrade SGS to Atomikos 4.0.6 |
| CNR-1780 | Upgrade to Camel 2.21.2 and ActiveMQ 5.15.5 within Grails plugins for BIDMS |
| CNR-1727 | Create spa registry account/credentials and grant role to sorObjects endpoint for SPA SOR |
| CNR-1786 | UCPath: Add support to SGS for querying multiple DDODS instances |
| CNR-1787 | UCPath: Add support to SGS to listen on multiple UCPath real time message queues |
| CNR-1788 | Make best effort in determining if person has employee or student in-grace roles during IdentifierBuilder phase and mark identifier as active if so |
| CNR-1790 | In registry-provisioning-scripts legacy SIS role builder, remove anything looking at stale legacy SIS term data |
| CNR-1791 | Confirm a legacy guest can use CAM to change or reset passphrase once legacy system has provisioned Guest to LDAP |
| CNR-1792 | Get CAM forgot passphrase working for legacy guests |
| CNR-1793 | Remove Change Personal Email Address functionality for legacy guests in CAM |
| CNR-1794 | Remove Change CalnetId functionality in CAM for legacy guests |
| CNR-1783 | registry-provisioning needs Spring Security authn/authz added for url protection |
October 31, 2018, 6:00am
This release is a migration of the ldap.berkeley.edu LDAP service to DS 6.0. This is a major upgrade to the LDAP server software and will complete our migration to the latest version. In addition to this upgrade the LDAP SSL public certificate will change. It will be important for developers whose applications do not trust the Comodo root CA to update their applications manually. We will post the new certificate ahead of the upgrade. CMR: CHG0032027
Services Affected
- LDAP
October 24, 2018, 6:00am
This release is a migration of the dir.calnet.berkeley.edu LDAP service to DS 6.0. This is a prerequisite step to change CHG0032027. This upgrade will allow us to implement the updated certificate and test the latest LDAP server software upgrade on the cluster that will become ldap.berkeley.edu on October 31. CMR: CHG0032031
Services Affected
- LDAP
October 18, 2018, 9:30pm
Users going in to grace starting will continue to be required to 2-Step until they expire or move to ADVCON. Users in ADVCON who are currently doing the 2-Step will no longer be required. CMR: CHG0032049
Services Affected
- CalGroups
- 2-Step
October 1, 2018, 10:00am
The Access Control Instruction (ACI) for the anonymous bind account will be changing starting on October 1, 2018. Currently the ACI permits access to many attributes [1] anonymously, but starting October 1, 2018, access to the berkeleyEduAffiliations attribute will be removed. After further review by various campus security and functional units, further access restrictions are likely to happen at a later date. See Changes to LDAP Binds for more information. CMR: CHG0031961
Services Affected
- LDAP
September 30, 2018, 8:00am
This release is to upgrade the nodes behind the dir-auth LDAP cluster to DS 6.0, apply OS security patches, and apply a new SSL certificate. These nodes support CAS and Shibboleth. CMR: CHG0032023
Services Affected
- LDAP
- CAS
- Shibboleth
September 28, 2018, 7:30am
This release fixes a bug that is causing accounts in grace to be deleted in AD. This will require a Tomcat restart, which will result in an outage of appox. 30 seconds. CMR: CHG0032030
Services Affected
- Active Directory
- Registry-p1
- SOR Gateway Service
- Berkeley Person Registry
September 26, 2018, 9:oopm
This release is a routine patch of the OS/JVM on the CalNet Grouper and Shibboleth VMs. CMR: CHG0032009
Services Affected
- CalGroups
- Shibboleth
September 25, 2018, 7:00am
This release is a change to the CAS screen for students not enrolled in 2-Step, and changes to CalGroups to support the last step of the Student 2-Step project. CMR: CHG0032016
Services Affected
- CalGroups
- CAS
September 20, 2018, 6:30am
This release is an upgrade to the nodes behind the dir-bpr LDAP and application of OS security patches. CMR: CHG0032001
Services Affected
- LDAP
- Berkeley Person Registry
September 19, 2018, 8:30am
This release is a routine OS patching for RHEL for dir-os-p* VMs at SDSC. CMR: CHG0032007
Services Affected
- LDAP
September 5, 2018, 6:00pm
This release is a reboot of calnet-p2/net-auth-p2 to install a new OS kernel. It will primarily impact users of the krbsync pw sync to AD tool. A brief (< 5 min) outage will occur. Any adverse risk is low since the change can be reverted quickly if needed. CMR: CHG0031976
Services Affected
- Active Directory
August 30, 2018, 8:30pm
We will apply OS patches and also apply a required certificate update on the Apache ActiveMQ server used by CalGroups and the Berkeley Person Registry. - Changes made to CalGroups during this maintenance window may be slightly delayed to downstream systems (eg AD, Google). Changes will resume after AMQ is back up. CMR: CHG0031963
Services Affected
- CalGroups
- Berkeley Person Registry
- Downstream systems
August 26, 2018, 9:00pm
This release updates 2-Step notification CAS UI for students not enrolled in 2-Step. CMR: CHG0031967
Services Affected
- CAS Login Screen
August 24, 2018, 3:30pm
This emergency release includes security patches for the OS as well as a revised krbsync app. CMR: CHG0031962
Services Affected
- Active Directory
August 9, 2018, 6:30am
This substantial release includes updates and bug fixes to many CalNet services, as well as updates to CalNet's UC \Path development. CMR: CHG0031910
Services Affected
- Active Directory
- CalNet Account Manager
- CalNet Admin Tool
- Berkeley Person Registry
- Registry Service
- SOR Gateway Service
- UCPath
Tickets Resolved
| Ticket | Comment |
| CNR-1515 | Modify registry-service to call bidms-downstream AD change password REST endpoint at the same time it calls krbservice to set Kerberos password |
| CNR-1591 | Resolve all duplicate calnetIds in our systems |
| CNR-1598 | There may be reg-serv, CAM or CAT Quartz jobs that need to be disabled on bpr-t2 |
| CNR-1623 | Upgrade everything to Grails 3.3.x |
| CNR-1631 | merge delete SORObject cascade exception |
| CNR-1647 | Sync BPR display name changes to AD |
| CNR-1653 | no more ou=students, send students to fsa |
| CNR-1654 | ActiveMQ Derby transaction log is growing beyond what it should |
| CNR-1658 | For ActiveMQ, get embedded Derby listening on a network port so we can connect to it externally with the Derby client |
| CNR-1659 | delete expired people out of AD |
| CNR-1660 | UCPath: Build UCPath DDODS queries |
| CNR-1661 | UCPath: Add UCPath DDODS queries to Sor Gateway Service |
| CNR-1668 | UCPath: Once HCM identifier name becomes known in external_identifiers, modify sor-key-data-extractor to parse out |
| CNR-1670 | UCPath: Create IdentifierTypes for different UCPath environment EMPLIDs |
| CNR-1671 | UCPath: Add berkeleyEduUCPathID and berkeleyEduUCPathDevID to dev LDAP schema |
| CNR-1672 | UCPath: Add UCPath EMPLID to identifiers (crosswalk) service for different UCPath environments |
| CNR-1673 | UCPath: Modify registry-prov-scripts to provision UCPath EMPLID to Identifiers table |
| CNR-1674 | UCPath: Modify reg-prov-scripts to add berkeleyEduUCPath<ENV>ID to the LDAP DownstreamObject JSON |
| CNR-1675 | UCPath: Investigate which HCM table has values that end up in employee berkeleyEduAffiliations in LDAP |
| CNR-1678 | UCPath: Add mock UCPath DDODS SORObjects to registry-mock |
| CNR-1679 | UCPath: Need to add DDODS "source" to DDODS SORObjects |
| CNR-1680 | UCPath: Find out how HCM APPT_TYPE and ORG_NODE are going to be converted in UCPath |
| CNR-1681 | UCPath: Modify reg-prov-scripts to add ucPathIds to Identifiers table |
| CNR-1682 | UCPath: Figure out overall isActive logic for the UCPath Identifier |
| CNR-1683 | UCPath: Figure out primary job logic |
| CNR-1684 | UCPath: Add PS_UC_LL_EMPL_DTL to query for UC_HOME_DEPT_CD |
| CNR-1685 | UCPath: Add PS_UC_JOB_CODES to query for UC_FACULTY_INDC |
| CNR-1686 | UCPath: Replicate the EDW CUR_REC_FLAG for UCPath JOBS by adding an IS_EFFECTIVE flag |
| CNR-1687 | UCPath: Need to figure out how future-dated appointments are presented in UCPath: EFF_DT/EFFSEQ? |
| CNR-1688 | UCPath: Possibly add PS_PRIMARY_JOBS to query for PRIMARY_FLAG |
| CNR-1689 | UCPath: The methods in reg-prov-scripts UcPathUtil need to be extensively tested with UCPath sample data |
| CNR-1690 | UCPath: Add a CAMPUS_SOLUTIONS_STUDENT_ID identifier to Identifiers table and to identifiers service |
| CNR-1693 | Start-of-grace email that goes out is showing the start of grace date to be one day earlier than it should |
| CNR-1694 | UCPath: Need to enable the isActive logic in registry-sor-key-data |
| CNR-1695 | UCPath: Build list of tables being queried so that service acct access can be requested for these tables |
| CNR-1697 | UCPath: rps DOB builder |
| CNR-1698 | UCPath: rps job builder |
| CNR-1699 | UCPath: rps role builder |
| CNR-1700 | UCPath: Add employee class roles based on the EMPL_CLASS codes and descriptions |
| CNR-1701 | UCPath: Logic to turn UCPath state into LDAP berkeleyEduAffiliations and part of masterAccountStatus calculation |
| CNR-1702 | AD renaming errors on certain type of entries |
| CNR-1703 | change log message when receiving a CS EMPLID change message and the SORObject remains unchanged |
| CNR-1704 | UCPath: reg-prov-scripts UcPathTypeMapper needs to gain awareness of UCPath POI/CWR affiliate types |
| CNR-1705 | UCPath: Add documenting comments to top of the UcPathRoleBuilder.build() method |
| CNR-1706 | UCPath: reg-prov-scripts needs to set title code and deptartment attributes in LDAP sourced from UCPath |
| CNR-1708 | UCPath: In reg-prov-scripts PersonRoleExecutorSpec there are some commented out ucpath test cases that need to be looked at |
| CNR-1715 | bidms-downstream AD CANT_ON_RDN error |
| CNR-1716 | reg-prov-scripts: Set samAccountName to uidUID# for anybody with "system" as calnetId as this is not an allowed samAccountName |
| CNR-1720 |
Suppress noisy "Purging orphaned entry" messages in sor-gateway-service log |
August 8, 2018, 9am
Unneeded Access Control Instructions (ACIs) have a negative impact on performance, so we are removing several from the OpenDJ production LDAP tier. This requires no downtime for the affected hosts.
Services Affected
- CalNet systems such as CAS and Shibboleth,and BPR
August 1, 2018, 7:00am
We will be removing access to affiliations from anonymous LDAP binds on August 1, 2018. This will improve the security of anonymous searches. Click here to find out how this impacts your service. CMR: CHG0031713
Services Affected
- All campus applications that use an anonymous LDAP bind
Tickets Resolved
| Ticket | Comment |
|---|---|
|
LDAP-3 |
Update ACI for anonymous binds |
Jul 24, 2018, 4:30pm
This release is a patch to CalGroups. The service will remain up while the patching happens, since the servers are redundant. Potential affected users are campus employees. CMR: CHG0031888
Services Affected
- CalGroups
Tickets Resolved
| Ticket | Comment |
| CG-168 | Install CalGroups Patch |
May 29, 2018, 6am
This release will update the OS and JVM for the BPR stack (registry-p1, amq-p1, bpr-p1). This will result in a brief 5-min outage for public CalNet applications such as CalNet Account Manager (CAM). CMR: CHG0031688
Services Affected
- Berkeley Person Registry
- CalNet Account Manager
- CalNet Admin Tool
May 23, 2018, 5:30pm
This release includes updates to language in account lock/unlock and new account/change ID screens in CalNet Admin Tool and CalNet Account Manager. CMR: CHG0031701
Services Affected
- CalNet Admin Tool
- CalNet Account Manager
| Ticket | Comment |
|---|---|
|
CM-427 |
Update language in account lock/unlock messages |
|
CM-424 |
Update account language in Create ID and Change ID screens to reflect auto bMail provisioning |
May 21, 2018, 5:15pm
This release changes the way affiliations are filtered in CalNet Account Manager. CMR: CHG0031704
Services Affected
- CalNet Account Manager
Tickets Resolved
| Ticket | Comment |
|---|---|
|
CNR-1692 |
Filter affiliations list in CalNet Account Manager |
April 4, 2018, 7am
This release includes bug fixes and upgrades to the CalNet stack and changes to AD provisioning scripts. CMR: CHG0031553
Services Affected
- Berkeley Person Registry
- Active Directory
Tickets Resolved
| Ticket | Comment |
|---|---|
|
CNR-1650 |
Turn off ActiveMQ journal |
|
CNR-1611 |
Fix regression on the performance of an individual ldapSync queue message consumption |
|
CNR-1595 |
Fix bidms-downstream provision changed identities quartz job exception |
|
CNR-1651 |
A registry-model uniqueness exception is now getting thrown |
|
CNR-1644 |
Stop BPR provisioning of SPAs to AD |
March 26, 2018, 5am
During the 5 to 5:15 am window a 5-min outage of all CalNet services (CAS, Shib, LDAP, etc.) will occur as firewall services are migrated. CMR: CHG0031513
Services Affected
- CAS
- Shibboleth
- LDAP
- Berkeley Person Registry
Tickets Resolved
| Ticket | Comment |
|
OPS-401 |
Move CalNet networks from ASA to Palo Alto firewall service. |
March 16, 2018, 6am
This release updates the target date on the 2-Step notification CAS UI. CMR: CHG0031507
Services Affected
- CAS Login Screen
March 14, 2018, 5pm
This release was completed on March 15, at 7am. It included updates and new functionality to CalNet Account Manager and CalNet Admin Tool. CMR: CHG0031508.
Services Affected
- CalNet Admin Tool
- CalNet Account Manager
- Berkeley Person Registry
- bConnected
Tickets Resolved
| Ticket | Comment |
| CNR-1641 | Add database constraint to enforce that CREDMGMT (and LDAP/AD) sorObjKeys must match the uid |
| CNR-1620 | Modify CalNet SOR Person tool to trigger a provision for newly created or updated accounts |
| CAT-163 | Call bConnected API to lock Google account when CalNet account is locked |
| CAT-165 |
Create new CAT User Role |
March 7, 2018, 5pm
This release is a patch to the Active Directory provisioning code. CMR: CHG0031506.
Services Affected
- Active Directory
Tickets Resolved
| Ticket | Comment |
| CNR - 1640 |
AD provisioning change |
March 4, 2018, 6am
This release contains regular updates for the nds-p* nodes in the ldap.b.e cluster, including patches for OpenDJ, OpenJDK, and RHEL. CMR: CHG0031454
Services Affected
- Users of the ldap.b.e cluster
February 24, 2018, 6pm
This release resolves a known issue in which new AD accounts are not getting enabled when CalNet account is claimed. CMR: CHG0031477
Services Affected
- Active Directory
Tickets Resolved
| Ticket | Comment |
| CNR - 1634 | Reports of userAccountControl in AD not going active when account goes active |
February 21, 2018, 6am
This release updates the URL for the sign-up link on the 2-Step notification CAS UI. CMR: CHG0031464
Services Affected
- CAS Login Screen
February 15, 2018, 6am
This CAS release updates the notification message displayed by the auth.b.e cluster for 2-Step Cohort 1 not yet in CalNet 2-Step. CMR: CHG0031451
Services Affected
- CAS Login Screen
February 13, 2018, 7am
A Tomcat restart is required to change configuration to enable Two-Step during account claim for anyone in the RequiredMinusExemptFromReq group. CMR: CHG0031456
Services Affected
- CalNet Account Manager
February 06, 2018, 7am
In this release, Berkeley Person Registry will start provisioning records to CalNet Active Directory. CMR: CHG0031380
Services Affected
- Berkeley Person Registry
- All services that use CalNet Active Directory (AD)
February 03, 2018, 7pm
This release includes updates to CalNet Account Manager and Registry Service in support of the 2-Step project. CMR: CHG0031410
Services Affected
- account-manager
- bidms-downstream
- calnet-admin-tool
- calnet-people
- registry-match-service
- registry-provisioning
- registry-service
- registry-sor-gateway
- ucb-match
Tickets Resolved
| Ticket | Comment |
| CM-403 | Modify 2-Step page in CAM to remove opt-out |
| CM-404 | Create workflow for requiring 2-Step of new employees during account claim process |
| CM-406 | For a non-mandatory two-step enroller, the get backup passcodes button remains greyed out (disabled) even after adding a device |
| CM-408 | Modify BPR QA environment to use group-test instead of production grouper |
| CM-409 | Modify CAM to also consider HCM affiliations along with Allow2StepUserTest membership |
| CM-410 | CAM two-step needs more complete audit logging |
| CM-411 | CAM two-step needs to show end user decent error messages when duo or grouper services fail |
| CM-412 | Unable to type in "Create your CalNet ID" field |
| CM-413 | Ability in CAM to mock Grouper for test environments by bypassing it and going directly to LDAP |
| CM-415 | Make requiring employees to two-step during claim configurable and turn it off for now |
| CNR-1369 | Convert to using central Tomcat JNDI database connection pool to stay under our PostgreSQL connection limits |
| CNR-1589 | bypass-the-match-engine queue is throwing exception in reg-prov |
| CNR-1629 | Every project needs its version and group put into gradle.properties |
| CNR-1630 | Publish WAR files to Maven repo for all BIDMS web applications |
| WA-55 | Create a calnetSwitch to replace buggy bootstrapSwitch |
February 1, 2018, 6am
The legacy auth-key.berkeley.edu (Second-level) CAS server will be turned off. This legacy server has been replaced by CalNet 2-Step Verification. CMR: CHG0031248.
Known Services Affected
- OSCAR II
February 01, 2018, 6am
This release will be an upgrade to the CAS server cluster (auth.b.e) to the Apereo CAS release (5.0.10) with some custom UC Berkeley mods. This affects all CAS- and Shibboleth-integrated apps.
Update: The new version of CAS is now up in auth-test. It is a minor change that should not affect any existing integrations, but we recommend testing your applications well before February 1 to be certain it functions as anticipated. CMR: CHG0031216
Services Affected
- CAS
- Shibboleth
January 9, 2018, 9pm
This release is a patch of CalGroups servers. Since the servers are redundant, there will be no user level outage on CalGroups, however, there will be a brief lag in syncing updates to LDAP, AD, and Google. Affected user base will be employees. Affected systems are SPA Admin app and MyCalNet, related to CalNet 2-Step. CMR: CHG0031223
Services Affected
- CalNet Account Manager
- SPA Admin App
- CalGroups
January 04, 2018, 7am
On 1/4/18, the reset passphrase token app will require CalNet 2-Step to log in. CMR: CHG0031275
Services Affected
- Token app
December 13, 2017, 8am
In this release, the option to automatically send a push to a phone will be disabled since it prevents users from enabling the Remember Me option. CMR: CHG0031246
Services Affected
- CalNet Account Manager
- SPA Admin App
- CalGroups
November 27, 2017, 6am
Apply security and other updates to the OS and JVM for the BPR prod tier (amq-p1, registry-p1, and bpr-p1). A brief outage while systems are restarted will be required during the maintenance window. CMR: CHG0031177
Services Affected
- Berkeley Person Registry
- CalNet Account Manager
- CalNet Admin Tool
November 15, 2017, 5am
The Berkeley Person Registry postgres database will be upgraded on 11/15/17, 5am. Outage expected from 5am-6am. Additional details forthcoming. CMR: CHG0031129
Services Affected
- Berkeley Person Registry
- CalNet Account Manager
- CalNet Admin Tool
- CalNet Crosswalk
November 6, 2017, 9pm
We will be upgrading the OS and the Shib-Cas plugin. It will be a rolling upgrade, so no downtime is expected. The Shibboleth IDP service is used by the entire campus for access to apps like Google, Box, and CalTime. CMR: CHG0031116.
Services Affected
- Shibboleth
Tickets Resolved
| Ticket | Comment |
|---|---|
| OPS-385 |
Upgrade Production Shibboleth IDP |
November 1, 2017, 7am
CalNet 2-Step required for all IST employees and users of CAT effective November 1, 2017. CMR: CHG0031128
Services Affected
- CAS
- CalNet Admin Tool
October 29, 2017, 6am
Perform a rolling patch and upgrade to the RHEL 7.x OS, OpenJDK JVM, and OpenDJ LDAP servers dedicated for use by CAS and Shibboleth. CMR: CHG0031096
Services Affected
- CAS
- Shibboleth
Tickets Resolved
| Ticket | Comment |
|---|---|
| OPS-384 |
Upgrade OS, JVM, and OpenDJ for dir-auth.calnet.1918.b.e cluster |
October 25, 2017, 7am
This release includes upgrades to how CalNet sets passphrases, CalNet Account Manager, Grails 3.2.11, registry provisioning, work in support of a new AD structure, and changes to how records are consolidated. Changes released to QA 10/9/17.CMR: CHG0031112
Services Affected
- CAS
- CalNet Admin Tool
- CalNet Account Manager
- LDAP
- Berkeley Person Registry
- SOR Gateway Service
- Registry Service
Tickets Resolved
| Ticket | Comment |
| CM-386 | Passphrase work |
| CM-387 | Modify CAM to use the new bidms-credential-policy plugin that centralizes passphrase validation |
| CM-389 | Passphrase related to CAM |
| CM-391 | CAM is giving generic "system error" |
| CM-394 | Change CAM Menu text |
| CM-395 | CAM Lib update |
| CNR-1367 | Provision from BPR to Active Directory |
| CNR-1415 | SGS needs to set uid on LDAP and AD SORObjects rather than waiting until LdapSync does it |
| CNR-1497 | Add a configuration item to enable/disable AD provisioning in bidms-downstream |
| CNR-1498 | Add a configuration item to enable/disable creation of AD DownstreamObjects in registry-provisioning-scripts |
| CNR-1504 | immediate entryUUID retrieval is not working in prod after an insert or rename |
| CNR-1518 | Create "dynamic attribute" feature for bidms-connectors |
| CNR-1532 | Bug in reg-prov-scripts for AD where dn.ONCREATE has "CN=null" in it for uids with no name |
| CNR-1536 | bidms-downstream provision changed identities quartz job is throwing an exception |
| CNR-1537 | Need ability in reg-prov to create AD downstreamobjects but not send messages to downstream AD queue |
| CNR-1538 | When setting AD DownstreamObject userAccountControl DISABLE, TrackStatus lock flag is being checked, but what about Person.isLocked? |
| CNR-1540 | Access to bidms-downstream quartz/list web page is being denied |
| CNR-1541 | AD userAccountControl has to be 546, not 512, on CREATE for active users |
| CNR-1542 | Check for invalid characters in AD CN since it's part of the DN |
| CNR-1544 | Remove primaryGroupID from AD DownstreamObject |
| CNR-1545 | Remove guests from list of users provisioned to AD |
| CNR-1546 | Set AD CN to Display Name (UID) |
| CNR-1547 | CS SORObjects have some badly-structured JSON in them |
| CNR-1548 | CAT and CAM can no longer download Bower assets |
| CNR-1549 | Improve the performance of CredentialTokenService |
| CNR-1551 | CAT and CAM are trying to use same Greenmail ports in dev and test environments |
| CNR-1564 | SGS REST endpoint that serves same purpose as JMS SORObjectJSONQueue |
| CNR-1569 | Add audit logging support to registry-provisioning NewUidController and ProvisionController |
| CNR-1573 | SGS endpoints need to be protected with spring security |
| CNR-1575 | mleefers requesting AD street address go into a different attribute |
| CNR-1576 | mleefers requesting two-letter instead of three-letter country code |
| CNR-1577 | Modify registry-match-service triggerMatch endpoint to return uid if it's assigned |
| CNR-1578 | need to proxy SGS sorConsume REST calls through registry-service for networking security reasons |
| CNR-1579 | When deleting entries, bidms-connectors LDAP needs to check for and delete "subordinate" entries |
| CNR-1580 | match-service triggerMatch endpoint needs to recognize synchronousDownstream=false |
| CNR-1581 | Support sending uid in the JSON payload in the sorObjects controller to match new sorObjects with existing uids |
| n/a | upgrade to Grails 3.2.11 |
| n/a | Passphrase work |
| CM-400 | Updates to change ID email language |
October 6, 2017, 7:30am
This release prevents enablement of CalNet 2-Step with a smart phone until after the Duo Mobile App has been verified to have been installed on the smart phone. CMR: CHG0031064
Services Affected
- CalNet Account Manager
- Duo 2-Step
Tickets Resolved
| Ticket | Comment |
|---|---|
| CM-399 |
Update hasDevices logic to make sure Duo account is active. |
September 19, 2017, 6:00pm
This release updates the merge function in CalNet Admin Tool. CMR: CHG0031005
Services Affected
- CalNet Account Manager
- Registry Service
Tickets Resolved
| Ticket | Comment |
|---|---|
| CAT-169 |
During merges, don't copy delete.credmgmt.calnetId if keep.ldap.beKerbPrincStr is present |
September 14, 2017, 6:00pm
This release fixes a bug and updates the CalNet Admin Tool. CMR: CHG0030992
Services Affected
- CalNet Account Manager
Tickets Resolved
| Ticket | Comment |
|---|---|
| CAT-154 |
Enable X-FORWARDED-FOR header for auth.calnet.b.e |
| CAT-157 |
CAT needs modifications to work with latest ucb-spring-security-cas-ldap |
| CAT-158 |
Error when consolidating records in CAT |
September 9, 2017, 9:00am
We will be changing our SLB config to allow HTTP templates for the Auth.b.e VIP. We will give ourselves a 30 min window to do the work, and there will be a few seconds downtime as the SLB saves and responds to the new configuration. The change will happen Saturday morning, September 9, from 9 - 9:30 am. This affects any server using the campus SSO and the entire campus population. This change was tested successfully with the SDSC DR and BR CAS cluster. CMR: CHG0030879
Services Affected
- CAS
Tickets Resolved
| Ticket | Comment |
|---|---|
| CAS-5 |
Enable X-FORWARDED-FOR header for auth.calnet.b.e |
August 26, 2017, 6:00am
To support new CalNet 2-Step users starting Monday, a new CAS server build with help text for Duo 2-Step is deployed. CMR: CHG0030956
Services Affected
- This affects all CAS users, but the change is only additional help text show at the Duo 2-Step prompt.
August 10, 2017, 7:00pm
This release includes fixes and updates to CalNet Account Manager and CalNet Admin Tool as well as an upgrade to Grails 3.2.11. CMR: CHG0030913
Services Affected
- CalNet Account Manager
- CalNet Admin Tool
Tickets Resolved
| Ticket | Comment |
|---|---|
| CAT-154 |
CAT is displaying a "null" in the list of affiliations for all records. |
| CM-384 |
Update 2-Step Email notification to stop Google Phishing warning. |
| CNR-1454 |
New employee can't claim CalNet ID |
| N/A |
Upgrade to Grails 3.2.11 |
July 28, 2017, 3:00pm
This release replaces the CalNet OpenIDM. OpenIDM will be turned off and Downstream Provisioner will write directly to LDAP. CMR: CHG0030864
Services Affected
- SOR Gateway Service
- Registry Provisioning
- Registry Provisioning Scripts
- Downstream Provisioner
- OpenIDM
- LDAP
Tickets Resolved
| Ticket | Comment |
|---|---|
| CNR-1419 |
Replace OpenIDM with a new downstream provisioning system |
| CNR-1490 |
If in grace but affiliations are unknown, set primaryOu to existing LDAP ou |
| CNR-1493 |
DownstreamProvisioningRESTClientService.provisionUid is throwing exceptions |
| CNR-1494 |
sor-gateway DailyHashAndQueryJob is throwing exception |
| CNR-1492 |
bidms-downstream LDAP schema violation exceptions |
| CNR-1495 |
Registry-d1 sor-gateway is throwing a start-up exception related to oracle db connection |
| CNR-1489 |
Removal of calnetId is causing an exception in registry-provisioning-scripts |
| CNR-1476 |
bidms-downstream is reporting bad avg batch time values in the timing statistics |
| CNR-1477 |
bidms-downstream sometimes can't find uid in LDAP but when a LDAP write is attempted, NameAlreadyBoundException is seen |
| CNR-1484 |
bidms-downstream seeing OpenDJ errors sometimes with namespace changes |
| CNR-1464 |
Change capitalization to berkeleyEduUnitHRDeptName in DownstreamObject JSON |
| CNR-1465 |
Don't send audit log entries to the app log, as it's already logged in audit log file |
| CNR-1466 |
Create DownstreamObjects for LDAP namespace entries |
July 26, 2017, 6:00am
This release will patch the production MIT Kerberos cluster. A brief outage of about 1 minute per node will occur. Some Kerberos clients will automatically fail over to the slave KDC when this happens. CMR: CHG0030836
Services Affected
- CAS
July 19, 2017, 6:00am
This release will update OS to RHEL 7.x and latest application libraries on the calnet.b.e web server, which includes the Directory Update Application. CMR: CHG0030822
Services Affected
- Directory Update Application
July 18, 2017, 7:00am
This release fixes an error in the CalNet Admin Tool and also changes what information is displayed in the tool. CMR: CHG0030863
Services Affected
- CalNet Admin Tool
Tickets Resolved
| Ticket | Comment |
|---|---|
| CAT-133 | Delete "Empl ID" field from basic info |
| CAT-150 | Remove OU from CAT |
| CAT-152 | CAT Throwing a MissingProperty Error |
July 12, 2017, 6:00am
This release will patch RHEL 6.x and the JVM for the idc.b.e application cluster. CMR: CHG0030818
Services Affected
- CalNet self-service applications on the idc.b.edu cluster, such as Guests, SPAs, and Access Keys
June 28, 2017, 6:00am
This release reconfigures the CAS auth.b.e servers to not do SSO for the base /cas/login URL if no service parameter is provided. This change is considered a security best practice. CMR: CHG0030793
Services Affected
- All campus CAS users, especially those using 2-Step Verification
June 21, 2017, 6:00am
This release is a rolling upgrade of the production CAS Server to fix intermittent degradation of service due to load and a known bug in the 5.0.4 server. CMR: CHG0030785
Services Affected
- CAS
June 15, 2017, 6:00am
This release is a rolling upgrade of the production CAS Server cluster to release 5.0.6 with bug fixes and some additional custom UI fixes. CMR: CHG0030749
Services Affected
- CAS
- Shibboleth
June 12, 2017, 6:00am
In this release, CalNet will migrate net-auth.berkeley.edu to RHEL 7.x from 5.x. 15-min planned outage affecting campus customers of the Berkeley Person Registry identity management applications CalNet Admin Tool and CalNet Account Manager. CMR: CHG0030742
Services Affected
- net-auth.berkeley.edu
- Berkeley Person Registry
- CalNet Account Manager
- CalNet Admin Tool
June 8, 2017, 2:00am
This release includes updates to CalNet Account Manager. Changes to CAM will be visible only to users who have been granted access to CalNet Two-Step beta testing. CHG0030750.
Services Affected
- CalNet Account Manager
Tickets Resolved
| Ticket | Comment |
| CM-344 | 2FA Login |
| CM-345 | Pilot implementation of 2FA admin iFrame |
| CM-351 | Add page headers to CAM pages |
| CM-352 | 2FA documentation |
| CM-353 | Restrict who can see 2-Step Verf in the menu |
| CM-354 | 2-Step form edits for the instructions |
| CM-356 | Changes to 2-Step Form Based on User Feedback |
| CM-357 | Turn on 2-Step Switch Automatically |
| CM-358 | Do not ask for pw on the 2-Step Switch |
| CM-359 | Don't ask for pw on the Get Backup Passcodes request |
| CM-360 | Get Backup Passcodes Screen Changes |
| CM-361 | 2FA Form Format and Color Changes |
| CM-362 | Changes to New Enrollment Instructions |
| CM-363 | Change 2-Step Switch Title |
| CM-364 | Changes to Manage Your Devices - Help Text |
| CM-367 | Send email when generating backup codes |
| CM-368 | Add link to privacy statement in the footer |
| CM-370 | Change language on passphrase reset screen |
| CM-371 | reduce UC Berkeley logo |
| CM-372 | Delete numbers on the items in the Help Section |
| CM-373 | 2 Step Switch Format Change |
| CM-374 | Backup Passcodes Format Change |
| CM-375 | Reduce Duo iFrame height |
| CM-376 | Add line spaces |
| CM-377 | 2 Step Switch Confirmation Messages |
| CM-378 | Changes to Get Backup Passcodes Page |
| CM-379 | cross-site request forgery protection? |
| CM-381 | Change font-size and weight in help headers |
| CM-382 | Move on/off + passcode button closer to text |
June 6, 2017, 9:00pm
This release is a minor upgrade of the Shibboleth IDP to version 3.3.1 and the Shibcas connector. There is no expected downtime, though we have an hour window to complete the work. Affected systems include any using the Shibboleth IDP for authentication. Students, staff, and faculty could potentially be affected. Site examples include most off-campus services like Google, ServiceNow, Learning Center, Salesforce, and Box.
The Shibcas connector upgrade will fix the error messages displayed to a user readable message rather than the current code dump. CMR CHG0030731.
Services Affected
- Shibboleth
- Any using the Shibboleth IDP for authentication
Tickets Resolved
| Ticket | Comment |
|---|---|
|
SHIB-1 |
Minor Shibboleth IDP upgrade - 3.3.1, Shibcas |
May 18, 2017, 10:00pm
This emergency CAS Server release fixes the regression affecting some campus applications using SPAs. No outage is expected as we will do a rolling restart of the cluster nodes. CMR: CHG0030704
Services Affected
- CAS
- Special Purpose Accounts
May 16, 2017, 10:00am
This release is a rolling restart for CAS, no outage expected. CMR: CHG0030697
Services Affected
- CAS
May 15, 2017, 6:00am
Begin testing on April 7, 2017
This release is the final step in migration to CAS Server 5.0.4. We are upgrading the Apereo CAS servers at UC Berkeley from version 4.1.x to 5.0.4 with some additional features deployed, with the help of Unicon, one of the major contributors to the CAS project. CMR: CHG0030513
The QA tier will be updated on April 7 to allow for testing. To test, point your QA CAS client application at the auth-test.berkeley.edu DNS name. The previous QA nodes (cas-t1/t2) will remain available for a transition period as individual nodes. Please be sure to test your application before May 15.
Find additional details about this upgrade on our website: Migration to CAS Server 5.0.4
Services Affected
- CAS
May 10, 2017, 6:00pm
This release provides improved audit logging of account events for integration with Security Operations monitoring. CMR CHG0030673.
Services Affected
- Berkeley Person Registry
- CalNet Admin Tool
- CalNet Account Manager
Tickets Resolved
| Ticket | Comment |
|---|---|
|
CNR-1416 |
CAM/CAT/reg-service events log |
May 5, 2017, 4:15pm
This release fixes a condition that is causing SGS LDAP imports to fail and removes case-sensativity from email address field in CalNet Account Manager.
Services Affected
- Berkeley Person Registry
Tickets Resolved
| Ticket | Comment |
|
CNR-1462 |
OpenDJ objects that start with entryuuid= are causing SGS LDAP imports to fail |
|
CM-342 |
Reset passphrase recovery case insensitive email lookup |
May 5, 2017, 10:00am
This release changes the logic CalNet uses to determine expiration dates and fixes a condition that causes provisioning exceptions. CMR: CHG0030628
Services Affected
- Berkeley Person Registry
Tickets Resolved
| Ticket | Comment |
| CNR-1451 | Update expiry logic |
| CNR-1460 | Provisioning exceptions |
May 4, 2017, 5:00pm
This release fixed a bug in which stale cache was preventing new employees from claiming a CalNet account.
Services Affected
- Berkeley Person Registry
- CalNet Account Manager
Tickets Resolved
| Ticket | Comment |
| CNR-1454 | Stale cache - production restart required |
April 26, 2017, 5:15am
In this release a number of CalNet applications are being upgraded to use the Grails 3 framework. This release will be deployed to QA on April 10, 2017. CMR CHG0030578.
Services Affected
- Berkeley Person Registry
- CalNet Account Manager
- SOR Gateway Service
- Registry Provisioning
- Registry Rest Service
Tickets Resolved
See April 19, 2017 release for complete list of ticket resolved.
April 19, 2017, 7am
In this release CalNet Admin Tool is being upgraded to use the Grails 3 framework. This release will be deployed to QA on April 10, 2017. A second release on April 25 will upgrade Berkeley Person Registry and CalNet Account Manager to use the Grails 3 framework. CMR CHG0030548.
Services Affected
- CalNet Admin Tool
Tickets Resolved
| Ticket | Comment |
| CAT-134 | Convert to Grails 3.x |
| CM-161 | Upgrade CAM to Grails 3.x |
| CNR-1275 | Migrate grails-external-groovy-plugin to Grails 3.x |
| CNR-1276 | Regression: Between Groovy 2.4.4 and Groovy 2.4.5 (Grails 3 uses .7) a change was made that as reintroduced a memory leak to external-groovy |
| CNR-1277 | Migrate sor-key-data plugin to Grails 3.x |
| CNR-1278 | Migrate registry-provisioning-scripts to Grails 3.x |
| CNR-1280 | Migrate registry-model plugin to Grails 3.x |
| CNR-1281 | Migrate grails-gorm-util-plugin to Grails 3.x |
| CNR-1282 | Migrate registry-commons to Grails 3.x |
| CNR-1283 | Migrate grails-domain-utils-plugin to Grails 3.x |
| CNR-1286 | Migrate groovy-hashchode-ast to Groovy 2.4.7 |
| CNR-1296 | Migrate grails-render-json-plugin to Grails 3.x |
| CNR-1316 | Migrate groovy-sql-util to Grails 3 |
| CNR-1347 | Update sorQuery script to accept a SORObjectKey (Grails 3 branch) |
| CNR-1353 | Migrate mock-registry to Grails 3 |
| CNR-1360 | Migrate ucb-messaging plugin to Grails 3.x |
| CNR-1361 | Migrate the UCB fork of the grails-routing plugin to Grails 3.x |
| CNR-1363 | Grails 3 registry-model jobAppointments collection not being persisted when person is saved and not being retrieved when person is loaded |
| CNR-1365 | For registry-model Grails 3 branch, type: JSONBType, sqlType: 'jsonb' in mapping is not working |
| CNR-1368 | Property injection into Provision object is not working on Grails 3 branch |
| CNR-1372 | Migrate registry-provisioning to Grails 3.x |
| CNR-1373 | Migrate rest-client-builder-digest-auth to Grails 3.x |
| CNR-1374 | Grails 3 Spring Boot in conjunction with registry-settings is complaining of multiple jms connection factories |
| CNR-1375 | Grails 3 registry-settings doesn't seem to be merging config correctly |
| CNR-1378 | Grails 3 reg-prov: no log output is being produced |
| CNR-1382 | Figure out why grails 3 reg-prov wiped out the database at start-up |
| CNR-1383 | Grails 3 reg-settings needs to set dbCreate to not delete by default |
| CNR-1384 | Migrate sor-gateway-service to Grails 3.x |
| CNR-1385 | Migrate ucb-match to Grails 3.x |
| CNR-1386 | Migrate registry-match service to Grails 3.x |
| CNR-1391 | Migrate registry-rest-client to Grails 3.x |
| CNR-1393 | Migrate registry-service to Grails 3.x |
| CNR-1394 | Migrate rest-queryfilter-plugin to Grails 3.x |
| CNR-1397 | Integration Hub is changing the development AMQ host |
| CNR-1399 | Grails 3 reg-service is having odd transaction management problems |
| CNR-1401 | Grails 3 reg-service doesn't need jmsTransactionManager/ChainedTransactionManager because it only produces JMS and JMS producers aren't transactional |
| CNR-1402 | Grails 3 reg-settings: Add option to create JMS beans but skip the jmsTransactionManager if the app is only using JMS for producing messages |
| CNR-1403 | Grails 3 reg-service still is using ChainedTransactionManager even after removing jmsTransactionManager |
| CNR-1404 | Grails 3 reg-settings: Add an "enable multiple data source" option to reg-settings to work around a Grails 3 bug |
| CNR-1405 | Grails 3 reg-prov's BootStrap.groovy isn't running |
| CNR-1407 | Some Grails 3 registry-service integration tests aren't passing and have been @Ignored |
| CNR-1408 | In order to get Grails 3 reg-service integration tests to pass, had to move setupSpec to setup, but this makes running tests very slow |
| CNR-1409 | SorPeopleAssignmentServiceIntegrationSpec passing locally but is failing on Bamboo |
| CNR-1417 | Grails 3 match-service isn't consuming the newUid queue |
| CNR-1420 | Deadlock between match-service and call out to registry-provisioning's provisionUid in Grails 3 (but probably Grails 2 too) |
| WA-46 | Move ucb-webapp-foundation to Grails 3.1.x |
| WA-49 | Migrate ucb-twitter-bootstrap and ucb-twitter-bootstrap-fields plugins to Grails 3 |
April 4, 2017, 4:30pm
This release provides a fix so that alumni already in OU = ADVCON do not get grace notification emails. CMR: CHG0030512
Services Affected
- Berkeley Person Registry
- LDAP Provisioning
Tickets Resolved
|
Ticket |
Comment |
|
CNR-1412 |
Users in ADVCON receiving grace notification emails |
March 15, 2017, 3:00am
This release resumes the CalNet account expiration process and implements grace period email notifications. This release requires a second restart at 6pm on March 16. CMR: CHG0030441.
Services Affected
- Berkeley Person Registry
- CalNet Account Manager
- CalNet Admin Tool
March 14, 2017, 9:00pm
Upgrade production shibboleth IDP (shib.berkeley.edu) to version 3.3.0. The upgrade will bring us to the current release and allow us to use the consent model. The change will take place during a change window on Tuesday, March 14, from 9 - 11 pm. The actual change will be within that time and will be a brief, approximate 15 sec delay. The service affects most campus users. CMR: CHG0030422
Services Affected
- Shibboleth IDP
- Any system using the Shibboleth IDP for attribute release / authentication
March 9, 2017, 3:00am
This release includes work in support of the CalNet account expiration process, fixes a bug in CalNet consolidation and refines logic for changing CalNet IDs. This release was originally scheduled for March 8, 2017. CMR: CHG0030440
Services Affected
- Berkeley Person Registry
- LDAP Provisioning
- CalNet Account Manager
- CalNet Admin Tool
Tickets Resolved
|
Ticket |
Comment |
|
CNR-1371 |
Berkeley.edu email address should key of alternateIdEmailAddress |
|
CNR-1366 |
Do not use BPR LDAP Display Name for full name |
|
CNR-1364 |
Check hql in findPeopleExitingExpiry |
|
CNR-1362 |
If a person does not have an @berkeley.edu account don't try to send additional emails. |
|
CNR-1359 |
Registry Service gets wrong values from config in GraceServiceJob |
|
CNR-1358 |
Refine logic for changing CalNet ID |
|
CNR-1357 |
Grace Period Notify email still using calnet@berkeley.edu FROM address |
|
CNR-1356 |
Cannot format given Object as a Date Error |
|
CNR-1349 |
CNR-1169 Filter out people who does not have a calnetId |
|
CNR-1325 |
Disallow future-dated startOfRoleGraceTimes in PersonRoleArchive table |
|
CNR-1322 |
CNR-1167 Make adjustments to Grace period jobs |
|
CNR-1308 |
UIDold and Consolidation date not being written during CAT consolidations |
|
CNR-1302 |
Send email notification for expired accounts that have been activated again |
|
CNR-1293 |
CNR-1167 Check if person has berkeley email address before sending email |
March 1, 2017, 1:00am
This release includes minor edits and bug fixes for CalNet Account Manager and CalNet Admin Tool. Also introduces new features to CalNet Account Manager that display user's names and affiliations. CMR: CHG0030408
Services Affected
- CalNet Account Manager
- CalNet Admin Tool
Tickets Resolved
|
Ticket |
Comment |
|
CM-334 |
Edit CAM Footer |
|
CM-333 |
Edit CAM Account Info page |
|
CM-331 |
Re-enable change in CM-311 |
|
CM-311 |
Show more info after user logs into CAM |
|
CAT-118 |
An Error Has Occurred message after consolidation in CAT |
|
CAT-117 |
Assigning someone SIS View privilege doesn't appear to work |
|
CAT-44 |
CAT-37 Make simple / advanced search |
| CAT-127 |
Show more info for user |
| CAT-122 |
CAT-118 Consolidation error bug |
February 28, 2017, 5:30pm
A restart of the PostgreSQL DB behind the prod Berkeley Person Registry (BPR) to allow more active connections will result in a brief outage to allow reconfiguration. Outage anticipated from 5:30pm-5:35pm on Tuesday, February 28. CMR: CHG0030418
Services Affected
- Berkeley Person Registry
February 27, 2017, 1:00am
Refining logic for CalNet ID change. Release is in support of new alumni email program. CMR: CHG0030411
Services Affected
- CalNet Account Manager
Tickets Resolved
|
Ticket |
Comment |
|
CNR-1358 |
Refine logic for changing CalNet ID |
February 21, 2017, 6:00am
This release is to patch the OS and JVM for the four servers comprising the CalNet Berkeley Person Registry (BPR) prod tier (registry-p1, bpr-p1, amq-p1, and idm-p2). CMR: CHG0030335
Services Affected
- CalNet Account Manager
- CalNet Admin Tool
- Berkeley Person Registry
February 14, 2017, 8:00pm
This release updates the production Grouper servers, which service calgroups.berkeley.edu, from version 2.2 to 2.3. The upgrade is a precursor to using a new provisioning UI. CalGroups will be down during the upgrade due to a database upgrade. CMR: CHG0030385
Services Affected
- CalGroups
- CalNet SPAs
- LDAP Groups
Tickets Resolved
|
Ticket |
Comment |
|
CG-156 |
Upgrade production Grouper |
February 1, 2017, 3:00pm
This release includes fixes to improve memory usage and upgrading of dependencies. CMR: CHG0030348
Services Affected
- Berkeley Person Registry
- Registry Service
- LDAP
Tickets Resolved
|
Ticket |
Comment |
|
CAT-118 |
An Error Has Occurred message after consolidation in CAT |
|
CNR-1311 |
Convert bad HCM job-end dates that are set to 9999-12-31 to be null, which causes the Registry to write the current date as the start-of-grace-time when it encounters such a bad end date. |
|
CNR-1291 |
Don't write legacy guest system accounts to LDAP |
|
CNR-1262 |
New ou determination logic based on roles (but back-port the "don't move to a lesser OU" work-around that was in the old code into the new code) |
|
CNR-1197 |
Don't provision (IGNORE) to LDAP any new uid missing at least one-LDAP affiliation |
|
CNR-1262 |
Fixes CNR-1193 and CNR-1256 (dupe of CNR-1193): Records in presir when they should be in ADVCON |
|
CNR-1197 |
Fixes CNR-1184: Employee Only CS Record provisioned to presir ou because of partial HCM record |
|
CNR-1262 |
Rewrite OU determination logic to key off of roles instead of identifiers |
January 25, 2017, 5:00am
This release was completed on January 26, 2017, and made additional changes to CalNet ID changing logic and enabled account expiration processes. CHG0030323
Services Affected
- CalNet Account Manager
- Berkeley Person Registry
- LDAP
Tickets Resolved
|
Ticket |
Comment |
|
CNR-1285 |
Changing recoveryEmailAddress after changing calnetId should not rewrite calnetId |
|
CNR-1267 |
When setting recovery email address, the oldCalnetId is overwritten with current calnetId in CREDMGMT SOR Object |
|
CNR-1265 |
Prevent claiming CalNet IDs only defined in KDC |
|
CNR-1239 |
Send a message to people who are in grace but never received an email |
|
CNR-1217, CNR-1167 |
Make cron job to send grace emails |
|
CNR-1213 |
Track status object must have metadata field to store extra info |
|
CNR-1191, CNR-1167 |
Create rest endpoint to send email |
|
CNR-1169 |
Disable account when an account has expired |
|
CNR-1298 |
LdapInformation endpoint |
|
CNR-1304 |
Password error in account locking |
|
CM-319 |
Users not able to claim CalNet IDs they already own in namespace |
|
CM-323 |
Add custom link in full text to passphrase reset button |
|
CM-327 |
Fix CalNet ID change screen |
January 25, 2017, 3:00pm
This release implements new Campus Solutions update code to accept real time messages via JMS queue and make database queries on demand for individual student records. It should allow new CalNet accounts to be created in near real time once all the appropriate record creation has been completed in Campus Solutions. Release also includes updates to Registry provisioning logic to support en- of-life account handling. CMR: CHG0030328
Services Affected
- Berkeley Person Registry
- Registry Service
- LDAP
Tickets Resolved
|
Ticket |
Comment |
|
(no CNR) |
Fix setting a proper grace start date for the aggregate roles: masterAccountActive and ldapNoExpDate. |
|
CNR-1287 |
Fix no students in Dev marked as registered |
|
CNR-1292 |
Close out new Sql instances in an attempt to fix connection pool leak in SGS |
|
CNR-1273 |
Upgrade SOR Gateway Service to Grails 2.5.5 |
|
CNR-1272 |
Convert the Camel routes in SGS to use reliable-tx-camel |
|
CNR-1031 |
Convert sor-gateway-service to use JTA Transaction Manager |
|
CNR-1266 |
Consume CS "person basic sync" messages from IHub to trigger 'real-time' SGS EMPLID querying |
|
CNR-1297 |
Replace special 07/28/16 CS affiliation end dates with 01/01/1901 so real dates used instead from other SOR data |
|
CNR-1289 |
Create an expirationNotify role |
January 8, 2017, 11:45am
This release fixes a bug in the CalNet Account Manager, in which a CalNet ID change reverts if the user sets their recovery email address in the same session. CHG0030266. (This release rescheduled from 1/6/17, 5:00am).
Services Affected
- CalNet Account Manager
- Berkeley Person Registry
- LDAP
Tickets Resolved
|
Ticket |
Comment |
|
CM-321 |
Change CalNet ID bug |
January 6, 2017, 6:40am
This Emergency SOR Gateway Service patch deploys a one-liner patch that adds 14 days to the calculation of last semester end date because Campus Solutions indicates the spring semester has started but they have not yet updated the registration service indicators to show spring instead of fall. This affects the berkeleyEduAffiliation: STUDENT-TYPE-REGISTERED value in LDAP. Tomcat restart on registry-p1 is required. CMR: CHG0030268. (This relesase rescheduled from 1/6/16, 5pm).
Services Affected
- Berkeley Person Registry
- LDAP
Tickets Resolved
|
Ticket |
Comment |
|
CNR-1287 |
No students in Dev marked as registered |
December 19, 2016, 5:00pm
This release includes functionality to support upcoming term changes, backend registry handling of grace periods, service indicators that prevent students from being unregistered, improvements to how HCM employees and alumni are provisioned, and clearing of stale berkeleyEduExpDates. CMR: CHG0030233
Services Affected
- Berkeley Person Registry
- Registry Service
- LDAP
Tickets Resolved
|
Ticket |
Comment |
|
CNR-917 |
CNR-860 Determine current or future CS terms |
|
CNR-970 |
CNR-860 Logic for determining start of next Fall or Spring term for -REGISTERED grace period |
|
CNR-1016 |
Once CNR-970 taken care of, uncomment the commented code for SERVICE_INDICATOR term checks in CsPersonRoleBuilder |
|
CNR-1189 |
Provisioning HCM accounts with appointment dates later than the entry date |
|
CNR-1225 |
Add "is active" logic to HRMS and ADVCON key extractors |
|
CNR-1226 |
Use "is active" key extractor logic to send HRMS and AVCON SORObjects to match queue if they lack UID and key extractor says they're now active |
|
CNR-1227 |
Try to get the sor-key-data-extractor to load certain external reg-prov-script classes to execute "is active" logic on the raw SORObject data |
|
CNR-1228 |
Clear berkeleyEduExpDate when active |
|
CNR-1240 |
Add support for a numeric sync marker, instead of just a timestamp, to SorObjectChecksum and SorObjectChecksumQuery tables |
|
CNR-1243 |
Tweaks to registry provisioning scripts for CalNet SOR Person |
|
CNR-1244 |
Calculate grace delta upon immediately adding a personRoleArchive entry |
|
CNR-1246 |
berkeleyEduStuID should remain in LDAP after student has gone into grace or expired |
|
CNR-1247 |
Modify SGS to include new service indicator view for CS query |
December 16, 2016, 5:00am
This release improves the Change CalNet ID function in CalNet Account Manager, and fixes a bug related to alumni accounts. It also includes an update to the instructions regarding claiming accounts and changing accounts. CMR: CHG0030232
Services Affected
- CalNet Account Manager
- Registry Service
Tickets Resolved
| Ticket | Comment |
| CNR-1265 | Prevent claiming CalNet IDs only defined in KDC |
| CM-314 | Allow alums to change CalNet ID without a recovery email address |
| CM-313 | Change CalNet ID failure bug |
| CM-312 | When user changes CalNet ID and does not have an ext email address do not show error |
| CM-310 | Edit confirmation message when an alum changes CalNet ID |
| CM-308 | Account Manager throwing javax.management.MalformedObjectNameException |
| CM-305 | Stack trace appears on Change CalNet ID page |
| CM-316 | When changing recovery email without previous recovery email address, system reports an error |
December 1, 2016, 9:30pm
To support updating of certain AdvCon (mostly Alumni) CAS customers, a check for CalNetIDs starting with "cads" is now done. The popup dialog triggered then redirects the browser to the Change CalNetID page. Released to QA (auth-test.b.e) November 30, 2016. CMR: CHG0030193.
Services Affected
- CAS
Tickets Resolved
|
Ticket |
Comment |
|
OPS-350 |
Trap CalNetIDs starting with "cads" and redirect to Change ID app |
November 18, 2016, 5:00am
This release added the ability for alumni to set a bConnected key.
- CalNet Admin Tool
- Berkeley Person Registry
- LDAP
Tickets Resolved
|
Ticket |
Comment |
|
CS-26 |
MMK should allow ou=ADVCON to be able to set a bConn key so that alumni can create bConn accounts. |
November 3, 2016, 11 am
This release is to provision FORMER employee, affiliate and student statuses , test and guest accounts to LDAP and BPR fixes. It also includes CAM and CAT text and content changes. See CMR: 30120
- Berkeley Person Registry
- LDAP
- CalNet Admin Tool
- CalNet Account Manager
Tickets Resolved
| CNR-1029 | Provision FORMER affiliation when an active affiliation is removed |
| CNR-1163 | Modify DownstreamLdapBuilder to add FORMER affiliations |
| CNR-1171 | Modify LdapDownstreamBuilder to add current LDAP affiliation roles based on calculated berkeleyEduAffiliation values |
| CNR-1174 | Report of invalid date format for bECalNetIDUpdatedDate |
| CNR-1190 | Change SGS HRMS Oracle hash query to hash(firstname||lastname) rather than hash(firstname) + hash(lastname) |
| CNR-1194 | Don't provision (IGNORE) TEST accounts to LDAP |
| CNR-1195 | Add a test account role for TEST accounts |
| CNR-1200 | Provision GUEST LDAP affiliation for guest accounts |
| CNR-1206 | Refactor archived role builders to use a builder context to avoid Hibernate exceptions |
| CNR-1207 | Modify registry-model Person to disallow same roles both in assignedRoles and archivedRoles |
| CNR-1213 | Track status object must have metadata field to store extra info |
| CM-304 | Update language in notification when users can't claim an account |
| CAT-113 | Edit email message when account is locked |
| CAT-112 | For locked accounts, allow option to not send email |
| CAT-111 | Show more info for locked accounts lists |
October 24, 2016, 6am
Available in QA: October 14th
Update: war built from qa-to-prod-delegation branch is now deployed to cas-p2/p3/p7 (auth) with default theme set to "default" the OS and JVMs also patched on those hosts, the CAS prod tier.
A feature release of Apereo CAS Server 4.1.9 will be deployed to auth-test on 10/14/16 at 6 am and, assuming no regression is found, to auth on 10/24/16 at 6 am. OS and JVM patches will also be applied. The new features include improved performance when showing lists of SPAs, and a delegated authentication option for apps using the test/qa CAS server environments. CMR: CHG0030053.
- CAS
- SPA users
October 20, 2016, 12:00am
This release improves CalNet Admin Tool and adds the ability for an admin to set a CalNet ID on behalf of a user directly from the CalNet Admin Tool. CMR: CHG0030077
- CalNet Admin Tool
- Berkeley Person Registry
Tickets Resolved
|
Ticket |
Comment |
|
CNR - 1188 |
Add rest endpoint to set calnetId |
|
CAT-107 |
Ability for admin to set a record's CalNet ID |
|
CAT-109 |
Update role mapping wiki page |
|
CAT-110 |
Create new role for SIS in QA |
October 13, 2016, 4:30pm
This release fixes a provisioning bug that is picking up inactive records. CMR: CHG0030054
- Berkeley Person Registry
Tickets Resolved
|
Ticket |
Comment |
|
CNR - 1186 |
Stop provisioning employee-onlys without a CAMPUS_ID |
October 13, 2016, 6am
Updated description: This release updates the CalNet Admin Tool, including adding affiliations, better scrolling, and cache manager naming issue. It also clears up an error when attempting to match records and automates some consolidation functions. CMR: CHG0030051.
- CalNet Admin Tool
- Registry Service
Tickets Resolved
|
Ticket |
Comment |
|
CAT-105 |
Error when attempting to match records |
|
CAT-104 |
Show a record's current affiliations |
|
CAT-101 |
Cache manager naming issue on production |
|
CAT-99 |
Better scrolling for partial match view |
|
CNR-1149 |
After merge, wrong CalNet ID marked as active |
|
CNR-1178 |
When merging two records, an error is thrown |
October 12, 2016, 3:05pm
This critical patch will fix a bug that prevented some new employees and affiliates from claiming CalNet accounts. CMR: CHG0030050.
- Registry Provisioning
- LDAP
- OpenIDM
Tickets Resolved
| Ticket | Comment |
| CNR-1176 | Add empty-string check for CAMPUS_ID in the SGS CS "employee-only" detection logic |
| CNR-1182 | Rename isNotProd config param in LdapSync to isProd and adjust the code accordingly |
| CNR-1183 | Fix LdapSync bug where cleanUpMismatchedAssignments() is being called in prod instead of dev/qa |
| none | Add some hibernate session clearing calls to try and eliminate a memory leak |
October 4, 2016, 6am
Update to October 4 CalNet Release:
On October 4, 2016, the CalNet team will retire the legacy LDAP Sync Code and hand control of LDAP provisioning to the Berkeley Person Registry. This step modernizes campus identity data management. CMR: 4816.
Find detailed information about LDAP Schema changes at: https://calnetweb.berkeley.edu/calnet-technologists/ldap-directory-service/ldap-simplification-and-standardization
See additional information about impacts of the Sync Code Retirement, here: https://calnetweb.berkeley.edu/news/calnet-sync-code-retiring
Services Affected
- LDAP Provisioning
- LDAP Sync Code
- Berkeley Person Registry
- CalNet Deputy UAS Portal
- CalNet Deputy Issue Initial Token Application
Tickets Resolved
|
Ticket |
Comment |
|
CAT-38 |
Replace registry-p1 and idm-p2 scripts with CAT buttons |
|
CAT-62 |
ability for admin to allow someone to change CalNet ID |
|
CAT-81 |
Improve view of list of records to be matched |
|
CAT-82 |
generate an notification email when account is locked / unlocked |
|
CAT-83 |
edits to account locking/unlocking email content |
|
CAT-93 |
Missing link to submit all records for rematch |
|
CM-293 |
switch to berkeleyEduIsMemberOf |
|
CNR-1000 |
Provision affiliation roles to LDAP |
|
CNR-1007 |
Provisioning to ADVCON OU |
|
CNR-1013 |
Remove isLegacy / isOwned / definitiveAttributes from LdapDownstreamBuilder |
|
CNR-1018 |
Provision berkeleyEduAffID (ucbaffid) |
|
CNR-1021 |
Rename IdentifierType hrmsEmployeeId to hcmId to avoid future confusion |
|
CNR-1022 |
Develop API for ADVCON to replace account claiming API to kerb service |
|
CNR-1023 |
Make REST endpoints for reprovisioning and sorHash/sorQuery |
|
CNR-1024 |
Add a PersonJob table to the registry schema and add it to the model |
|
CNR-1025 |
Modify registry-provisioning-scripts to provision to PersonJob table |
|
CNR-1039 |
Remove hrmsPrimaryApptRcdNo role now that we have PersonAppointment table with an isPrimary flag |
|
CNR-1040 |
Primary job determination logic needs to be moved to a PostBuilder so there's one one primary job if multiple HRMS SORObjects |
|
CNR-1043 |
Create endpoint for advcon to use passphrase reset |
|
CNR-1044 |
Endpoint for ADVCON to set recovery Email address |
|
CNR-1045 |
Endpoint for ADVCON to set passphrase |
|
CNR-1046 |
Don't set berkeleyEduUnitHRDeptName because sync code has stopped setting it |
|
CNR-1047 |
Change berkeleyEduEmpDeptUnitTitleCode to be single-value pointing to primary appointment |
|
CNR-1050 |
Investigate which HRMS records get an AffId |
|
CNR-1052 |
Implement Audit in registry-service |
|
CNR-1053 |
Create an "Archived Identifier" table to store old identifiers |
|
CNR-1056 |
Add new HCM identifier types to distinguish between employee-specific and affilite-specific HCM identifiers. |
|
CNR-1057 |
Change prov-script affiliateId and employeeNumber logic to use new hcm IdentifierTypes |
|
CNR-1061 |
Implement pagination and showing rejected records for PartialMatch service |
|
CNR-1065 |
Provision HCM employee and affiliate berkeleyEduAffiliations |
|
CNR-1066 |
Provision ADVCON berkeleyEduAffiliations |
|
CNR-1070 |
Provision UAS Identifier from LDAP_AFFILIATESOURCE data |
|
CNR-1071 |
Provision uas affiliate id as part of LDAP berkeleyEduAffID array |
|
CNR-1072 |
Provision uasAffiliateId as LDAP berkeleyEduCalNetAffID |
|
CNR-1074 |
changes to NameTypeEnum[] priorityList |
|
CNR-1075 |
SGS registry-p1 still occasionally throwing deadlock exceptions |
|
CNR-1078 |
Provision birthday info to LDAP |
|
CNR-1080 |
Provision berkeleyEduCalNetIDUpdatedDate |
|
CNR-1081 |
Provision berkeleyEduCalNetUIDConsolidationDate |
|
CNR-1082 |
Provision berkeleyEduCalNetUIDOld |
|
CNR-1084 |
prov-scripts needs refactoring for LDAPDownstream to use person objects directly instead of as JSON or a Map |
|
CNR-1085 |
Provision berkeleyEduUnitHrDeptName |
|
CNR-1086 |
Registry service should write, when a record is consolidated. |
|
CNR-1090 |
Disable legacy SIS SOR |
|
CNR-1092 |
Change legacy SIS isActive logic to always return false now |
|
CNR-1093 |
Modify LdapSync logic to account for Registry being responsible for provisioning HRMS and ADVCON to LDAP now |
|
CNR-1097 |
Why is ADVCON cads2986 not matching up to Expired uid 563834 in prod? |
|
CNR-1100 |
Will need to create ArchiveIdentifier records for any current LDAP identifiers not matched up to a SORObject so they don't get overwritten |
|
CNR-1103 |
crosswalk service occasionally throws LinkedHashMap exception |
|
CNR-1105 |
ldapSyncQueue is hanging/crashing/notworking |
|
CNR-1106 |
Add an "unknown affiliate id" identifier type |
|
CNR-1108 |
Replace LdapPersonIdentifier json with IdentifierArchive json in PersonSorObjectsJson |
|
CNR-1109 |
Create dummy web service to trick OpenIDM into resetting its sync key for testing purposes |
|
CNR-1110 |
Fix deleteTrackStatus, throws an exception |
|
CNR-1111 |
Write a general LDIF "diff" script to compare two LDIF files for differences |
|
CNR-1114 |
Don't provision berkeleyEduBirthYear to LDAP |
|
CNR-1115 |
berkeleyEduBirthDay and berkeleyEduBirthMonth should always be formatted with two digits (leading '0' if necessary) |
|
CNR-687 |
Add hcmEmployee role(s) |
|
CNR-791 |
Provision SORObject(SOREnum.CALNET_CREDMGMT) oldCalnetId |
|
CNR-799 |
Upgrade match-service and match engine to Grails 2.5.4 |
|
CNR-988 |
Provision primary job title code to LDAP |
|
CNR-989 |
Provision primary department to LDAP |
|
CNR-990 |
Provision department code to LDAP |
|
CNR-991 |
Provision employee number to LDAP |
|
CNR-992 |
Provision employee type to LDAP |
|
CNR-993 |
Provision person's affiliations to LDAP |
|
CNR-994 |
Provision person names to LDAP |
|
CNR-995 |
Provision unique identifiers for a person to LDAP |
|
CNR-996 |
Provision old CalNet ID to LDAP |
|
CNR-997 |
Provision ou to LDAP |
|
CNR-999 |
Refactor LdapDownstreamBuilder |
|
CNR-1116 |
OpenIDM on registry-d1 isn't moving people from ou=people to ou=advcon people |
|
CNR-1122 |
Prevent OpenIDM from reprovisioning SPAs to LDAP |
|
CNR-1121 |
Provision AFFILIATE-TYPE for HCM affiliates into LDAP berkeleyEduAffiliations |
|
CNR-1124 |
Clear out all berkeleyEduAffiliationsDetailed values now |
|
CNR-1104 |
Quartz job to observe CsCampusIdMismatchView and set PersonIHub.timeresendrequested and trigger to service to resend those |
|
CNR-1059 |
After all new apps deployed using hcmId IdentifierType, remove deprecated hrmsEmployeeId from IdentifierTypeEnum and prov-scripts and the table |
September 21, 2016
Services Affected
- Berkeley Person Registry Services
- CalNet Admin Tool
- CalNet Account Manager
Tickets Resolved
| Ticket | Comment |
| CNR-996 | Provision old CalNet ID to LDAP |
| CNR-1022 | Develop API for ADVCON to replace account claiming API to herb service |
| CNR-1023 | Make REST endpoints for reprovisioning and sorHash/sorQuery |
| CNR-1043 | Create endpoint for advcon to use passphrase reset |
| CNR-1044 | Endpoint for ADVCON to set recovery Email address |
| CNR-1045 | Endpoint for ADVCON to set passphrase |
| CNR-1061 | Implement pagination and showing rejected records for PartialMatch service |
| CAT-38 | Replace registry-p1 and idm-p2 scripts with CAT buttons |
| CAT-81 | Improve view of list of records to be matched |
| CAT-82 | Generate an notification email when account is locked / unlocked |
| CAT-83 | Edits to account locking/unlocking email content |
| CM-293 | Switch to berkeleyEduIsMemberOf |
September 14, 2016, 6am
For this release, we will point the production CAS cluster to a new, more powerful OpenDJ LDAP cluster for back-end directory services. This change will be transparent to both CAS client applications as well as users; it is an internal change for the service with no external impact other than better performance. See CMR: 4787
- CAS
August 18, 2016, 10pm
This emergency patch is an update to CalNet import code deployed to fix changes to SOR Gateway Service. It should reduce or eliminate the frequent exceptions currently being seen when a data import job is attempted due to Spring JDBC pooling bug. Crosswalk service should not be impacted.
Registry-p1Tomcat restart required. CMR: 4752.
Note: this change during the No Fly Zone has been approved by SIS project team.
- Berkeley Person Registry
- LDAP
August 10, 2016
This release is in response to a security advisory by OpenIDM. It contains a patch to OpenIDM 3.1.0 which will be applied to registry-d1 and prevents exposure of vulnerable encryption keys. CMR: 4734
A separate release issues changes to LDAP production.
- Registry Provisioning
- LDAP
- OpenIDM
Tickets Resolved
| Ticket | Comment |
| CNR-1008 | Seed displayName in LDAP to an initial value if not set |
| Added csRegisteredStudent role and set -REGISTERED affiliation in LDAP |
August 9, 2016
This new SOR Gateway service release will fix a bug in the the programming logic that determines employee affiliation as well as implementing newly developed logic for determining terms for registered students. It also deploys a fix for database production errors. CMR: 4729.
- Berkeley Person Registry
- LDAP
| Ticket | Comment |
| CNR-987 | CS Employees with both an Employee AND Instructor affiliation are still getting into the partial match queue |
| CNR-917 | Determine current or future CS terms |
| CNR-970 | Logic for determining start of next Fall or Spring term for -REGISTERED period |
| CNR-982 | Tweak "employee-only-without-a-CAMPUSID" logic to ignore "APPLICANT/Applied" affiliations when calculating if employee-only or not |
| CNR-1001 | Try to find another way to get a Postgres BaseConnection object in the SGS other than by using custom SafeNativeConnectionExecutor, which may be contributing to SGS exceptions. |
| CNR-1003 | Fix PostgreSQL SGS refreshPersonSorObjectsJson deadlock scenario |
| CNR-1005 | "Already value for key" connection pool exceptions in SGS |
August 7, 2016, 6am
The campus CAS server cluster behind auth.berkeley.edu will have the OS patched, the CAS server upgraded to release 4.1.9 and an improved Spring LDAP pooling configuration. These changes are currently in place for the auth-test.berkeley.edu service. No new TLS certificate is involved and no service outage is planned. CMR 4679.
- CAS
- LDAP
| Ticket | Comment |
| CM-4679 | CAS server upgrade and patching |
August 3, 2016
This patch to the SOR Gateway Service changes the validation query on connections in the database connection pool to see if it helps get rid of prematurely closed exceptions that are causing exceptions to be thrown when re-hashing and re-querying. CMR: 4720.
Requires a registry-p1 Tomcat restart.
- CalNet Admin Tool
August 2, 2016
All CalNet services including CAS (auth.berkeley.edu), Shibboleth (shib.berkeley.edu), LDAP Directory (ldap.berkeley.edu) will be unavailable for a 10 to 15 min window - between 4 and 4:30 am - while new network load balancer equipment is enabled. CMR 4685.
- CAS
- LDAP
- Shibboleth
August 1, 2016
This releases added account locking and unlocking features within CalNet Admin Tool for CalNet staff. It also contained minor UI edits and created access for additional roles. CMR: 4714.
- CalNet Admin Tool
- CalNet Account Manager
- Berkeley Person Registry
Tickets Resolved
| Ticket | Comment |
| CAT-71 | Outgoing email on lock/unlock do not show HTML correctly |
| CAT-5 | Ability for CalNet Staff to lock accounts |
| CAT-6 | Ability for CalNet Staff to unlock accounts |
| CAT-39 | Person must have "locked" flag |
| CAT-64 | Check wording for email sent to user when account is locked |
| CAT-65 | Check wording for email sent to department when account is locked |
| CAT-66 | Check wording for email sent to user when account is unlocked |
| CAT-68 | Create a role and view for Limited View group |
| CAT-69 | Add Recovery Email Address to basic Info |
| CAT-70 | Create role for security |
| CAT-73 | In QA, no form on the CAT home page |
| CAT-74 | CAT does not reflect recovery email address entered in CAM |
| CAT-75 | Ability to update recovery email address for a user with no CalNet ID |
| CAT-76 | Added a way to bump logging levels on server |
| CAT-78 | Testing in QA: unclear error message when searching |
| CM-289 | Change order of menu links |
| CNR-980: | Prevent locked accounts from doing Account Manager service call |
| CNR-947 | Endpoint to lock and unlock account |
| CNR-980 | Make creation of CredManangerSor able to take only recovery email without CalNet ID |
July 19, 2016
This release deployed a change that prevents pulling Campus Solutions employee-only records into Berkeley Person Registry/CalNet unless they have a UID already set in CS. This is so we can reliably match CS employees with HCM records.
This release does require a Tomcat restart. CMR: 4682
- SOR Gateway Service
- Berkeley Person Registry
- LDAP
July 9, 2016, 12am
Hotfix: Use csDelegateProxyEmailAddress directly when sending out proxy delegate emails (with a fallback to calnetCredentialRecoveryEmailAddressCalculated). CMR: 4668.
- CalNet Account Manager
- Berkeley Person Registry
July 8, 2016, 4pm
- SOR Gateway Service
- CalNet SOR Person Creation Tool
July 5, 2016
- Berkeley Person Registry
- LDAP
July 5, 2016
- Berkeley Person Registry
- LDAP
| Ticket | Resolved |
|
CNR-952 |
Reset "STU-" affiliations in LDAP, not just "STUDENT-", for CS people. |
|
CNR-953 |
Modify registry-service PeopleToProvision to include all changed DownstreamObjects in the OpenIDM query, not just for CS people. (In support of CNR-952 fix) |
|
CNR-957 |
When person has no SORObject other than LDAP, set DownstreamObject DN to whatever the existing LDAP DN is. (In support of CNR-952 fix) |
|
CNR-966 |
Reject all email addresses that end in berkeley.edu for calnetCredentialRecoveryEmailAddressCalculated email type. |
July 1, 2016
- Berkeley Person Registry
- CalNet Account Manager
- LDAP
| Ticket | Resolved |
| CM-284 | ASTP Report Action Item: return response header with name "X-Frame-Opt" |
| CM-286 | Refactor rest client calls out of CAM and into plugin to also be used in CAT |
| CM-287 | Added instructions online for users claiming an account but have no recovery email address |
| CM-288 | Added "Affiliate ID" to instructions |
| CNR-961 | Modify SGS to assign SORObject a UID if UID exists in the source key data |
| CNR-945 | ASTP Report Action Item: increase token length to 16 characters |
June 29, 2016
Services Affected
- Berkeley Person Registry
- Provisioning
- SOR Gateway Service
- Match Service
- LDAP
| Ticket | Comment |
| CNR-799 | Upgrade match-service and match engine to Grails 2.5.4 |
| CNR-886 | Modify SGS and to send CS people that don't have an admit/sircompleted/student affiliation to match queue with matchOnly indicator set to true |
| CNR-904 | The displayName parser may not be parsing lastName, firstName correctly (is this different than normal displayName format?) |
| CNR-912 | @LogicalEqualsAndHashCode refactor for domain classes to improve provisioning performance |
| CNR-913 | Add sysadm.PS_UC_SRVC_IND_VW1 (Service Indicators) to SGS CS query |
| CNR-919 | Prevent circular reference loop in @DomainEqualsAndHashCode hashCode() generator |
| CNR-924 | LDAP DownstreamObject bug when LDAP fields have JSON characters in them |
| CNR-930 | Add a "matchOnly" indicator for match queue messages for registry-match-service |
| CNR-932 | add a sql statement timeout in SGS to avoid deadlocks in the consumer of the SORObject JSON queue |
| CNR-933 | Modify LdapSync to call rematch service on CS SORObjects that haven't yet matched up to a UID |
| CNR-934 | Modify registry-match-service to remove sorObject from PartialMatch when uid assigned |
| CNR-935 | CsPersonRoleBuilder not assigning csEmployee role to all people with active CS jobs |
| CNR-937 | If LdapSync assigns an uid to a SORObject, remove that SORObject from PartialMatch table if it exists |
| CNR-939 | Assign csEmployee role to anyone with a CS EMPLOYEE affiliation |
June 28, 2016
Services Affected
- CalNet Account Manager
- CalNet Admin Tool
- Berkeley Person Registry
| Ticket | Comment |
| CAT-4 | Ability for CalNet admins and deputies to change recovery email address for user |
| CAT-50 | Simple Search functions not working for certain attributes |
| CM-281 | Refactor PersonUtil out of Account-Manager into registry-commons |
| CM-280 | Format change in Change CalNet ID form |
| CM-279 | Allow CalNet IDs not created by Acct Mgr to be changed |
| CM-274 | Remove SIS links from Acct Mgr Admin Home page |
| CM-273 | Reformat Change CalNet ID form |
| CM-272 | Update CalNet ID requirement |
| CM-267 | Need to check if an account is locked before allowing access |
| CM-262 | When changing calnetId, and the passphrase is wrong, the shown message is not reflecting this. |
| CM-261 | Change instruction text in Change CalNet ID form |
June 23, 2016
CalNet ran a job to correct 454 student records that had been incorrectly set to expired status which was affecting email access. A check of impacted records has confirmed that the job was successful.
Services Affected
- LDAP
June 22, 2016
There is no planned outage for this migration, which will be over at 6:15 am. At that time, the current primary cluster (nds-auth.calnet.1918.berkeley.edu) will become the failover target. See CMR 4577.
The new OpenDJ cluster provides a 50% increase in vCPU capacity (6 vs. 4) and twice the JVM RAM available (14 vs. 7 GB) compared to the current OpenDJ cluster it replaces. The new nodes are running RHEL 7.2 vs. 6.7 for the OS.
[1] auth.berkeley.edu consists of cas-p2.calnet.berkeley.edu, cas-p3.calnet.berkeley.edu, and cas-p7.calnet.berkeley.edu
Services Affected
- CAS
- LDAP
- Shibboleth
| Ticket | Comment |
| OPS-332 | Convert auth.berkeley.edu cluster to use dir-auth.calnet.1918.b.e OpenDJ cluster |
June 17, 2016
Hotfix being deployed to production to fix bug causing large "cn" values, leading to problems in LDAP. No Tomcat restarts anticipated due to change happening in external provisioning scripts. See CMR 4623.
- LDAP
- Berkeley Person Registry
| Ticket | Comment |
| CNR-924 | LDAP DownstreamObject bug when LDAP fields have JSON characters |
June 14, 2016
Fixes bug in which users with numeric values for CalNet IDs encounter errors in ID creation.
Separate release enhances CalNet Account Manager to allow use by people not associated with CS. CMR: 4631.
Services Affected
- CalNet Account Manager
- LDAP
- Berkeley Person Registry
| Ticket | Comment |
| CM-265 | MAP@Berkeley users with all numeric CalNet IDs can't create a CalNet ID |
| CNR-915 | Need to always write beKerberosPrincipalString to LDAP when someone has a CREDMGMT SORObject |
June 10, 2016
This release includes a bug fix to correct matches and show claim token. Feature enhancement includes showing LDAP record, search function improvements and revamped UI.
- CalNet Admin Tool
Tickets Resolved
| Ticket | Comment |
| CAT-58 | Match fails in prouction CAT |
| CAT-3 | Reconciliation Manager stops displaying new partial matches |
| CAT-8 | Ability to see LDAP record |
| CAT-12 | Make login interval longer |
| CAT-25 | Whan app times out, require user to log in |
| CAT-26 | Display search result in list format |
| CAT-31 | Create another access role for view only with raw data |
| CAT-42 | CAT master is failing Bamboo tests, preventing deployment to prod |
| CAT-45 | Reconcile mis a button to click when matching records |
| CAT-47 | Hide SSN in SR |
| CAT-48 | CAT does not show tokens - this is needed for support |
June 3, 2016
Update: This release is complete. Known issues with CAT search results are being investigated.
This release improves LDAP provisioning performance and CalNet Admin Tool and Account Manager, as well as fixes various bugs. Fixes include changes to permissions and processes for those using the Account Manager to change their CalNet IDs and addressing inconsistency in CalNet Admin tool searches to yield improved search results. Due to changes in this release, reprovisions will be required within the registry stack. See CMR 4613.
- Berkeley Person Registry
- Provisioning
- CalNet Admin Tool
- Account Manager
- LDAP
Tickets Resolved
| Ticket | Comment |
| CAT-22 | Inconsistent search results |
| CM-255 | Change email address for Change CalNet ID notices |
| CM-256 | Allow CalNet ID change to existing name if UID owns it |
| CM-257 | Only allow CalNet ID change with CM tool for IDs created through CM |
| CM-260 | Update "from" email in prod. |
| CM-271 | Delegate email changes - critical changes requested |
| CNR-779 | registry-service endpoint to allow calnetID change |
| CNR-822 | Add newCalnetId to change calnet id track status |
| CNR-824 | REST endpoint to check if a calnet id was created by account-manager |
| CNR-826 | Registry Service Endpoint URL changes for checkForExistingCalnetId now with UID |
| CNR-827 | Endpoint for checkForExistingCalnetId must take into account uid |
| CNR-828 | Inconsistent search result - interim solution |
| CNR-841 | Move LDAP attr-determination scripts from OpenIDM to registry-provisioning-scripts and write JSON to DownstreamObject table |
| CNR-844 | Add LDAP attributes to SGS LDAP querying that are used in LdapDownstreamBuilder |
| CNR-849 | Have the SGS pull in all LDAP attributes except metadata like timestamps and modifiedBy etc |
| CNR-850 | Modify peopleToProvision service to read from DownstreamObject table |
| CNR-862 | Set OpenIDM to "own" CS people with CS Student affiliation |
| CNR-863 | Endpoint to disable and enable password reset request |
| CNR-864 | Reset passphrase should be prevented if flag is set in registry |
| CNR-866 | A provisionUid bug somewhere in the SOR Gateway Service processing chain |
| CNR-867 | Create a second provisionUidBuild queue for "bulk" operations like from queueChangedIdentities.sh |
| CNR-876 | Don't write berkeleyEduOfficialEmail and mail back to LDAP |
| CNR-877 | Improve CollectionUtil.sync performance |
May 27, 2016
Emergency patch to OpenIDM in production to not write to berkeleyEduOfficialEmail and mail attributes. This will require an OpenIDM restart.
When: Approx 11:10am.
See CMR 4606.
- LDAP Provisioning
May 25, 2016
Available for testing on auth-test: May 19, 2016
The CAS service for the auth.berkeley.edu cluster will use Spring LDAP pooling for SPA lookups. This improves the efficiency of those searches so that CAS queries to populate the SPA pick list occur more quickly.
See CMR 4591.
- CAS
- LDAP
- CalGroups
| Ticket | Comment |
| OPS-334 | Spring LDAP pooling for CAS SPA lookups |
May 22, 2016
RHEL 6.x OS patching for production MIT Kerberos KDC cluster completed.
See CMR 4558.
Services Affected
- Campus MIT Kerberos
Tickets Resolved
| Ticket | Comment |
| OS patching MIT Kerberos KDCs. |
May 21, 2016
Edits made to delegate email to make claiming a delegate account more user friendly.
Services Affected
- CalNet Account Manager
Tickets Resolved
| Ticket | Comment |
| CM-271 | Delegate email changes - critical changes requested |
May 18, 2016
People in CS with only student affiliation and not admit or SIRCompleted affiliations are now getting "berkeleyEduAffiliations: STUDENT-TYPE-NOT REGISTERED" set in LDAP.
Services Affected
- Berkeley Person Registry
- LDAP Provisioning
Tickets Resolved
| Ticket | Comment |
| CNR-862 | Set OpenIDM to "own" CS people with CS Student affiliation. |
May 16, 2016
The obsolete DNS CNAME records for auth2.berkeley.edu and ncas.berkeley.edu were removed from DNS today.
See CMR 4579.
Services Affected
- CAS
May 13, 2016
Edited logic to deal with duplicates in Berkeley Person Registry. Implemented redirect for idc.berkeley.edu to calnetweb.berkeley.edu.
Services Affected
- Berekely Person Registry
- LDAP Provisioning
- idc.berkeley.edu
Tickets Resolved
| Ticket | Comment |
| CNR-848 | Move CS SORObjects between dupe uids according to some logic |
| OPS-333 |
Redirect idc.berkeley.edu to calnetweb |
May 10, 2016
Bug fixes and URL update for Calnet Admin Tool. Redirect for mycalnet.berkeley.edu implemented.
Services Affected
- Account Manager
May 3, 2016
Services Affected
- Berkeley Person Registry
- Account Manager
- LDAP Provisioning
Tickets Resolved
| Ticket | Comment |
| CNR-687 | Add HCM roles. |
| CNR-790 | Re-enable assigning csUndergraduate/csGraduate/csStudent roles in Registry and also add csExtension and csAdvisor roles. |
| CNR-794 | Upgrade to Grails 2.5.4. |
| CNR-795 | Upgrade to Grails 2.5.4. |
| CNR-805 | Change SGS HCM query for better recognition of Peoplesoft effective dating in hrms.employee_verif_v view. |
| CNR-806 | Change SGS HCM query for better recognition of Peoplesoft effective dating in hrms.employee_verif_v view. |
| CNR-807 | Change SGS HCM query for better recognition of Peoplesoft effective dating in hrms.employee_di_v view. (Partially complete. Next release will have further mods). |
| CNR-832 | Always write berkeleyEduKerberosPrincipalString and berkeleyEduCalNetIDUpdatedFlag. |
May 1, 2016
Services Affected
- CAS MAP@Berkeley plugin
- Account Manager
April 27, 2016
Services Affected
- CalNet Account Manager
Tickets Resolved
| Ticket | Comment |
| CM-255 | Change email address for Change CalNet ID notices |
April 24, 2016
Services Affected
- CAS
April 21, 2016
- CalNet Account Manager
Tickets Resolved
| Ticket | Comment |
| CM-249 | Text Corrections |
| CM-250 | Disallow SPA's to make any changes |
April 20, 2016
- CalNet Account Manager
- Berkeley Person Registry
Tickets Resolved
| Ticket | Comment |
| CM-234 | Ability for emps/students to change calnet ID |
| CM-236 | Change menu item label |
| CM-244 | Edit message for those claiming an account but who already have one |
| CM-246 | Error message for people who can't reset password via CM |
| CNR-779 | Registry-service endpoint to allow calnetID change |
April 17, 2016 - deferred
- CAS delegated authentication
- CalNet Account Manager
April 11, 2016
Summary
- Added new features to the CalNet Account Manager application to allow users to reset their passphrase and change their recovery email address.
- Added error reporting to calnet-systems@berkeley.edu.
- Added filter to disallow undergraduate admits who have not SIR'ed from creating a CalNet ID.
- Revised code to allow users with CalNet ID's that are all-numeric or begins with "CADS" to be able to create a new CalNet ID.
- Revised code to check the namespace before granting a CalNet ID.
- Revised code to check that a delegate does not have CalNet ID before allowing them to create one.
- Minor webpage and email content edits.
Services Affected
- CalNet Account Manager
- Berkeley Person Registry
- LDAP Provisioning
Known Bugs with this Release
This issues are being addressed and will be resolved as soon as possible.
- Requesting an update to an empty external email address currently isn't working.
- When a requestor submits their recovery email address to reset their passphrase, CalNet Account Manager is erroneously showing the requestor's non-employee and non-student accounts, if they exist, to be reset. This functionality doesn't work and will be addressed in a later version.
Tickets Resolved
| Ticket | Comment |
| CM-123 | Ability for emps/students/delegates to reset forgotten passphrase |
| CM-169 | Of the admitted undergrads, only those who accepted their offers can claim CalNet ID |
| CM-187 | NPE in DelegateService.bindDelegateCommands |
| CM-188 | If a delegate account already has a CalNet ID don't let them claim |
| CM-192 | Change polling delegates timing |
| CM-197 | Delegate account email "I already have a CalNet ID" doesn't work. |
| CM-206 | Check namespace for CalNet ID availability |
| CM-213 | Update Account Manager Main Menu |
| CM-214 | Allow people with all numeric or cads calnet ids to create a new calnet id |
| CM-223 | PW reset Email Invite Format changes |
| CM-224 | Add contact info in CalNet Account Manager |
| CM-225 | Send Error log entries to calnet-systems@berkeley.edu |
| CM-227 | Testing Findings Using QA Stack |
| CM-228 | Revise Reset Passphrase form |
| CM-230 | Testing Reset Passphrase Using Dev |
| CM-231 | Testing Reset Passphrase Using QA |
| CM-232 | Username and Email address are Null for slate student |
| CM-235 | Update to account creation page |
| CM-236 | Change menu item label |
| CM-237 | Edit email confirmation to delegates - SIS request |
| CM-238 | Account manager CAS configuration needs updating |
April 8, 2016 - deferred
Deferred until we determine how to support LDAPS via the SLB/VIP for ldap.berkeley.edu.
Update and patch the OS and JVM for the nds-auth LDAP directory cluster nds-p4/-p5/-p10 (used by the auth.b.e CAS cluster) and perform a rolling upgrade of the OpenDJ servers to the 2.6.4 release.
Services Affected
- CAS and LDAP
April 7, 2016
Registry Provisioning and OpenIDM bug fixes and preparations for new account manager functionality.
Services Affected
- LDAP Provisioning
Tickets Resolved
| Ticket | Comment |
| CNR-754 | provisionUid is removing and re-adding the same identifiers every time it reprovisions |
| CNR-765 | Create csDelegate role in Registry |
| CNR-766 | Make it so none of the provisioning-scripts builders run if the SORObject is isDeleted=true |
| CNR-767 | Distinguish between active (future) and inactive (ex) STUDENT-TYPE-NOT-REGISTEREDs. |
| CNR-768 | Don't set STUDENT-TYPE-NOT REGISTERED if STUDENT-TYPE-REGISTERED is set. |
| CNR-770 | OpenIDM throwing exceptions trying to rename namespace entries |
| CNR-771 | OpenIDM needs to refire recon-by-id somehow after LINK and UNLINK operations |
| CNR-775 | Probable bug where the CS IdentifierBuilder is not detecting properly when there is only one job and its active |
| CNR-776 | isActive on HRMS identifier possibly set incorrectly. |
| CNR-785 | Remove LDAP Student expiration dates when adding an active CS affiliation |
March 29, 2016
Three releases scheduled. Upgrade to production ActiveMQ 5.13.2 on amq-p1. Bug fix for CalAccess that repaired the service that checks on FERPA requirements for a user.
Scheduled CAS upgrade in which default CAS Authorization was pushed into production at auth.berkeley.edu was disabled because of a bug in LDAP. We are investigating the issue and will update you with our plans going forward as we are able to.
Services Affected
- Berkeley Person Registry
- LDAP Provisioning
- CalAccess
- CAS
Tickets Resolved
| Ticket | Comment |
| CNR-758 | Upgrade to ActiveMQ |
|
CA-299 |
FerpaService fails to authenticate |
March 28, 2016
Emergency fix to remove blocker for LDAP provisioning.
Services Affected
- OpenIDM
- LDAP Provisioning
| Ticket | Comment |
| CNR-770 |
OpenIDM throwing exceptions trying to rename namespace entries |
March 20, 2016
Bug fix to handle account creation issues reported by users.
Services Affected
- Berkeley Person Registry
- CalNet Account Manager
- LDAP Provisioning
- Kerberos Provisioning
Tickets Resolved
|
Ticket |
Comment |
|
CM-220 |
Account Creation is failing |
|
CM-218 |
Production Account Manager is throwing locking exceptions |
March 18, 2016
Feature enhancements for the following:
-
ability for delegates to create their CalNet ID accounts
-
ability for CalNet ID account holders to change their external email addresses
Code fixes for the following:
-
error handling when an expired token is used to claim an account
-
changes to confirmation email content and format
-
checking that a user’s requested CalNet ID is not already in namespace
Services Affected
- Berkeley Person Registry
- CalNet Account Manager
- LDAP Provisioning
Tickets Resolved
|
Ticket |
Comment |
|
CM-147 |
ability for emps/students/delegates to change recovery email |
|
CM-179 |
Delegates can claim account directly |
|
CM-180 |
When user tries to use an expired token, they see a CAS login |
|
CM-183 |
edit delegate email invitation to create CalNet ID |
|
CM-198 |
edit confirmation email message when a CalNet ID is activated |
|
CM-199 |
format changes for confirmation message when a delegate's CalNet ID is created |
|
CM-200 |
Confirmation page for undergrads is broken |
|
CM-201 |
send email to existing accounts about the change request for recovery email address |
|
CM-202 |
content for email to continue process for recovery email address creation |
|
CM-207 |
account-manager must verify calnetId on new checkForExistingCalnetId endpoint in registry-service |
|
CM-209 |
send email to new account to confirm completed recovery email address process |
|
CM-211 |
New wording change for delegate invite mail |
|
CM-217 |
Edit email confirmation message for delegates again! |
|
CNR-717 |
Registry-service endpoint to store and verify recovery email address |
|
CNR-723 |
Write CalNet ID to namespace upon creation |
March 17, 2016
This was a fix for bug that was allowing new users to create CalNet IDs that had already been reserved by some other system. Usually an email alias or mail list name. 42 affected CalNet IDs were changed to resolve the conflict and new code was deployed to improve namespace updates when new CalNet IDs are created.
Services Affected
- Berkeley Person Registry
- CalNet Account Manager
- LDAP Provisioning
Tickets Resolved
| Ticket | Comment |
| CN-723 | Write CalNet ID to namespace upon creation |
March 16, 2016
Bug fix release to improve logging and to deploy updates to the account creation process to do more thorough namespace checking.- CalNet Account Manager
- Berkeley Person Registry
- LDAP Provisioning
Tickets Resolved
| Ticket | Comment |
| CM-207 | account-manager must verify calnetId on new checkForExistingCalnetId endpoint in registry-service |
| CNR-537 | Remove the SOR Sql objects from SGS resources.groovy |
| CNR-682 | Make CS_DELEGATE hash/query timestamp-aware |
| CNR-692 | SisStudentIdentifierBuilder.isActive is not handling multiple terms nor disregarding past terms |
| CNR-709 | in registry-provisioning-scripts, use parseFullName() as an additional way to try to parse out individual name components from displayName |
| CNR-718 | Don't make "sorObject not found" a "fatal" error in NewUidService |
| CNR-719 | Add INFO log statement when oprId, security key, or email changes for CS_DELEGATE |