CalNet Releases

CalNet operates a complex suite of applications that support the Identity and Access Management functions of the University.  As technology is updated throughout the CalNet portfolio, updates will appear on this page.  

If you support technology that depends on CalNet tools, this is the best place to look to understand if something in the CalNet technology stack has changed and how it could be affecting your services. You can also sign up to receive notices when CalNet has a new release. To subscribe to the list, go to: https://groups.google.com/a/lists.berkeley.edu/d/forum/calnet-releases and click JOIN.
 

                


Upcoming Releases


Recent Releases


January 3, 2019, 6:00pm

This is an emergency release primarily to address a regression bug affecting some accounts with conflicting affiliations. CMR: CHG0032199

Notable changes include

  • Fix for employees showing up with FORMER-EMPLOYEE and EMPLOYEE-TYPE-* LDAP affiliations at the same time
  • Add LDAP mail attribute for social guests
  • Registry-match-service newSORObjectQueue queue listener stops listening after one exception on a message.

Services Affected

  • Registry Service
  • Registry Provisioning
  • Cirrus Guest App
  • CalNet Account Manager
  • CalNet Guest Accounts

Tickets Resolved

Ticket Comment
CNR-1800
LDAP mail attribute with cirrus/social guests user email address
CNR-1804
Registry-match-service newSORObjectQueue queue listener stops listening after one exception on a message.
CNR-1807
Employees showing up with FORMER-EMPLOYEE and EMPLOYEE-TYPE-* LDAP affiliations at the same time.
CNR-1808
Add additional exception handling in provisionUid and provisionUidBuilk (related to CNR-1804)

December 2, 2018, 8:00am

The nds.berkeley.edu certificate is expiring on December 6th, 2018.  Though this is now considered to be our legacy LDAP system we have several customers still using the cluster.  This may impact their applications if they are manually importing certificates into their application's key store. CMR: CHG0032146

Services Affected

  • nds.berkeley.edu
  • Any application still using nds.berkeley.edu

November 30, 2018, 7:00am

This release is an upgrade of the the test/qa instance of CAS to version 5.3.6.  This will enable customers to test the latest version of CAS on auth-test.berkeley.edu.  New features and improvements can be found  at https://calnetweb.berkeley.edu/calnet-technologists/cas/cas-53-upgrade. CMR: CHG0032155

Services Affected

  • CAS auth-test

November 1, 2018, 7:30am

This release includes a variety of bug fixes; updates to system software; improvements to Registry Provisioning, SOR-Gateway Service, Active Directory, and CalNet Account Manager; and development on UC Path and the Cirrus guest app replacement. CMR: CHG0032080

Notable changes include

  • Users in grace can use CalNet Account Manager
  • Users in grace will be disabled but not deleted in Active Directory
  • Users with a lapsed but not terminated HCM record will receive regular grace period notifications
  • Guests will be able to use CalNet Account Manager to recover passphrase and change passphrase (new Guests will need to wait 24 hours after account creation before they can use this feature)

Services Affected

  • Registry Service
  • Registry Provisioning
  • SOR Gateway Service
  • CS Delegates
  • SOR Gateway
  • UC Path
  • Cirrus Guest App
  • CalNet Account Manager
  • CalNet Guest Accounts
  • Active Directory
  • Special Purpose Accounts


Tickets Resolved

Ticket Comment
CNR-1744 registry-service java.lang.IllegalArgumentException: null exception
CNR-1743 registry-service principal cannot be null exception
CNR-1748 CS delegate quartz job is running but doesn't appear to be doing anything in production
CNR-1737 UC Path: Get test env hooked up to ddodsdpt ucpath DDODS
CNR-1738 UC Path: Gain access to I-371 integration team's api-central REST endpoint
CNR-1753 UC Path: real time messages need to go through the match engine
CNR-1751 UC Path: Get test env hooked up to i-280 ihub endpoint
CNR-1731 UC Path: Add mock i280 SORObjects to registry-mock
CNR-1662 UC Path: Develop JMS consumer for expected format of real-time iHub messages for I-280 data
CNR-1752 UC Path: Write a script to invoke I-371 (request I-280) for a list of EMPLIDs
CNR-1750 UC Path: Send a UID message to uc path uid endpoint
CNR-1740 UC Path: Add PS_PER_POI_TRANS to DDODS query
CNR-1732 UC Path: Modify reg-prov-scripts to treat the i280 SOR as primary uc path SOR
CNR-1749 UC Path: IHub real-time messages currently contain " " (quotespacequote) for empty values. Need to convert these to nulls.
CNR-1665 UC Path: Modify BPR views to replace HCM with UC Path or augment views with UC Path data
CNR-1758 sor-gateway hash and query quartz jobs should not be executing service methods within log.info() call
CNR-1759 In sor-gateway incorrect calnetSorHashAndQuery.enabled check logic in hash and query quartz jobs
CNR-1761 UC Path: Improve the UcPath?AppointmentsJson.getUcPathAppointmentEffectiveStatus logic for future effective appointments
CNR-1725 UC Path: Mechanism for detecting desynchronization between DDODS and last i280 received
CNR-1762 Create mechanism in SGS to call the IHub UCPath I-371 (request msg) interface
CNR-1771 Cirrus: Create LDAP DownstreamObject for Cirrus guests and add GUEST-TYPE-SOCIAL to berkeleyEduAffiliations
CNR-1776 Cirrus: Add sponsorUid to LDAP
CNR-1774 Cirrus: Need to pay attention to the guest end date in the Cirrus JSON
CNR-1763 Cirrus: Add Cirrus SORObject processing to registry-provisioning-scripts
CNR-1766 Cirrus: Add an Identifier type for the Cirrus primary key
CNR-1767 Cirrus: Add an IdentifierType for the Cirrus accepted invitation ID
CNR-1765 Cirrus: Add an IdentifierType for Cirrus Guest Sponsor UID
CNR-1718 Cirrus can't provide sponsorUid, only sponsorEppn (calnetId), in the messages they pass back -- convert eppn to uid as early as possible on our end
CNR-1768 Cirrus: Add an IdentifierType for Cirrus Guest Sponsor EPPN
CNR-1769 Cirrus: Add a cirrusGuest role
CNR-1770 Cirrus: Set primaryOU to ou=Guests
CNR-1772 Cirrus: Add person name from Cirrus JSON to PersonName table
CNR-1773 Cirrus: Add personal (social) email address to Email table
CNR-1722 Latest Apache HttpClient versions, included in recent Grails/SpringBoot apps, break REST HTTP Digest authentication
CNR-1622 Remove commas from the calnet sor person identifier in the CalNet SOR Person tool for a better copy and paste experience
CNR-1782 Create a batch job to reprovision people where current date > ASGN_END_DT
CNR-1784 AD: In-grace people should be disabled in AD, not deleted
CNR-1781 Upgrade SGS to Atomikos 4.0.6
CNR-1780 Upgrade to Camel 2.21.2 and ActiveMQ 5.15.5 within Grails plugins for BIDMS
CNR-1727 Create spa registry account/credentials and grant role to sorObjects endpoint for SPA SOR
CNR-1786 UC Path: Add support to SGS for querying multiple DDODS instances
CNR-1787 UC Path: Add support to SGS to listen on multiple UC Path real time message queues
CNR-1788 Make best effort in determining if person has employee or student in-grace roles during IdentifierBuilder phase and mark identifier as active if so
CNR-1790 In registry-provisioning-scripts legacy SIS role builder, remove anything looking at stale legacy SIS term data
CNR-1791 Confirm a legacy guest can use CAM to change or reset passphrase once legacy system has provisioned Guest to LDAP
CNR-1792 Get CAM forgot passphrase working for legacy guests
CNR-1793 Remove Change Personal Email Address functionality for legacy guests in CAM
CNR-1794 Remove Change CalnetId functionality in CAM for legacy guests
CNR-1783 registry-provisioning needs Spring Security authn/authz added for url protection

October 31, 2018, 6:00am

This release is a migration of the ldap.berkeley.edu LDAP service to DS 6.0.  This is a major upgrade to the LDAP server software and will complete our migration to the latest version.  In addition to this upgrade the LDAP SSL public certificate will change.  It will be important for developers whose applications do not trust the Comodo root CA to update their applications manually.  We will post the new certificate ahead of the upgrade. CMR: CHG0032027

Services Affected

  • LDAP

October 24, 2018, 6:00am

This release is a migration of the dir.calnet.berkeley.edu LDAP service to DS 6.0.  This is a prerequisite step to change CHG0032027.  This upgrade will allow us to implement the updated certificate and test the latest LDAP server software upgrade on the cluster that will become ldap.berkeley.edu on October 31. CMR: CHG0032031

Services Affected

  • LDAP

October 18, 2018, 9:30pm

Users going in to grace starting will continue to be required to 2-Step until they expire or move to ADVCON. Users in ADVCON who are currently doing the 2-Step will no longer be required. CMR: CHG0032049

Services Affected

  • CalGroups
  • 2-Step

October 1, 2018, 10:00am

The Access Control Instruction (ACI) for the anonymous bind account will be changing starting on October 1, 2018. Currently the ACI permits access to many attributes [1] anonymously, but starting October 1, 2018, access to the berkeleyEduAffiliations attribute will be removed. After further review by various campus security and functional units, further access restrictions are likely to happen at a later date. See Changes to LDAP Binds for more information. CMR: CHG0031961

Services Affected

  • LDAP

September 30, 2018, 8:00am

This release is to upgrade the nodes behind the dir-auth LDAP cluster to DS 6.0, apply OS security patches, and apply a new SSL certificate.  These nodes support CAS and Shibboleth. CMR: CHG0032023

Services Affected

  • LDAP
  • CAS
  • Shibboleth

September 28, 2018, 7:30am

This release fixes a bug that is causing accounts in grace to be deleted in AD. This will require a Tomcat restart, which will result in an outage of appox. 30 seconds. CMR: CHG0032030

Services Affected

  • Active Directory
  • Registry-p1
  • SOR Gateway Service
  • Berkeley Person Registry

September 26, 2018, 9:oopm

This release is a routine patch of the OS/JVM on the CalNet Grouper and Shibboleth VMs. CMR: CHG0032009

Services Affected

  • CalGroups
  • Shibboleth

September 25, 2018, 7:00am

This release is a change to the CAS screen for students not enrolled in 2-Step, and changes to CalGroups to support the last step of the Student 2-Step project. CMR: CHG0032016

Services Affected

  • CalGroups
  • CAS

September 20, 2018, 6:30am

This release is an upgrade to the nodes behind the dir-bpr LDAP and application of OS security patches. CMR: CHG0032001

Services Affected

  • LDAP
  • Berkeley Person Registry

September 19, 2018, 8:30am

This release is a routine OS patching for RHEL for dir-os-p* VMs at SDSC. CMR: CHG0032007

Services Affected

  • LDAP

September 5, 2018, 6:00pm

This release is a reboot of calnet-p2/net-auth-p2 to install a new OS kernel. It will primarily impact users of the krbsync pw sync to AD tool. A brief (< 5 min) outage will occur. Any adverse risk is low since the change can be reverted quickly if needed. CMR: CHG0031976

Services Affected

  • Active Directory

August 30, 2018, 8:30pm

We will apply OS patches and also apply a required certificate update on the Apache ActiveMQ server used by CalGroups and the Berkeley Person Registry. - Changes made to CalGroups during this maintenance window may be slightly delayed to downstream systems (eg AD, Google).  Changes will resume after AMQ is back up. CMR: CHG0031963

Services Affected

  • CalGroups
  • Berkeley Person Registry
  • Downstream systems

August 26, 2018, 9:00pm

This release updates  2-Step notification CAS UI for students not enrolled in 2-Step. CMR: CHG0031967

Services Affected

  • CAS Login Screen

August 24, 2018, 3:30pm

This emergency release includes security patches for the OS as well as a revised krbsync app. CMR: CHG0031962

Services Affected

  • Active Directory

August 9, 2018, 6:30am

This substantial release includes updates and bug fixes to many CalNet services, as well as updates to CalNet's UC Path development. CMR: CHG0031910

Services Affected

  • Active Directory
  • CalNet Account Manager
  • CalNet Admin Tool
  • Berkeley Person Registry
  • Registry Service
  • SOR Gateway Service
  • UC Path

Tickets Resolved

Ticket Comment
CNR-1515 Modify registry-service to call bidms-downstream AD change password REST endpoint at the same time it calls krbservice to set Kerberos password
CNR-1591 Resolve all duplicate calnetIds in our systems
CNR-1598 There may be reg-serv, CAM or CAT Quartz jobs that need to be disabled on bpr-t2
CNR-1623 Upgrade everything to Grails 3.3.x
CNR-1631 merge delete SORObject cascade exception
CNR-1647 Sync BPR display name changes to AD
CNR-1653 no more ou=students, send students to fsa
CNR-1654 ActiveMQ Derby transaction log is growing beyond what it should
CNR-1658 For ActiveMQ, get embedded Derby listening on a network port so we can connect to it externally with the Derby client
CNR-1659 delete expired people out of AD
CNR-1660 UC Path: Build UC Path DDODS queries
CNR-1661 UC Path: Add UC Path DDODS queries to Sor Gateway Service
CNR-1668 UC Path: Once HCM identifier name becomes known in external_identifiers, modify sor-key-data-extractor to parse out
CNR-1670 UC Path: Create IdentifierTypes for different UCPath environment EMPLIDs
CNR-1671 UC Path: Add berkeleyEduUCPathID and berkeleyEduUCPathDevID to dev LDAP schema
CNR-1672 UC Path: Add UCPath EMPLID to identifiers (crosswalk) service for different UCPath environments
CNR-1673 UC Path: Modify registry-prov-scripts to provision UCPath EMPLID to Identifiers table
CNR-1674 UC Path: Modify reg-prov-scripts to add berkeleyEduUCPath<ENV>ID to the LDAP DownstreamObject JSON
CNR-1675 UC Path: Investigate which HCM table has values that end up in employee berkeleyEduAffiliations in LDAP
CNR-1678 UC Path: Add mock UCPath DDODS SORObjects to registry-mock
CNR-1679 UC Path: Need to add DDODS "source" to DDODS SORObjects
CNR-1680 UC Path: Find out how HCM APPT_TYPE and ORG_NODE are going to be converted in UC Path
CNR-1681 UC Path: Modify reg-prov-scripts to add ucPathIds to Identifiers table
CNR-1682 UC Path: Figure out overall isActive logic for the UC Path Identifier
CNR-1683 UC Path: Figure out primary job logic
CNR-1684 UC Path: Add PS_UC_LL_EMPL_DTL to query for UC_HOME_DEPT_CD
CNR-1685 UC Path: Add PS_UC_JOB_CODES to query for UC_FACULTY_INDC
CNR-1686 UC Path: Replicate the EDW CUR_REC_FLAG for UC Path JOBS by adding an IS_EFFECTIVE flag
CNR-1687 UC Path: Need to figure out how future-dated appointments are presented in UC Path: EFF_DT/EFFSEQ?
CNR-1688 UC Path: Possibly add PS_PRIMARY_JOBS to query for PRIMARY_FLAG
CNR-1689 UC Path: The methods in reg-prov-scripts UcPathUtil need to be extensively tested with UC Path sample data
CNR-1690 UC Path: Add a CAMPUS_SOLUTIONS_STUDENT_ID identifier to Identifiers table and to identifiers service
CNR-1693 Start-of-grace email that goes out is showing the start of grace date to be one day earlier than it should
CNR-1694 UC Path: Need to enable the isActive logic in registry-sor-key-data
CNR-1695 UC Path: Build list of tables being queried so that service acct access can be requested for these tables
CNR-1697 UC Path: rps DOB builder
CNR-1698 UC Path: rps job builder
CNR-1699 UC Path: rps role builder
CNR-1700 UC Path: Add employee class roles based on the EMPL_CLASS codes and descriptions
CNR-1701 UC Path: Logic to turn UC Path state into LDAP berkeleyEduAffiliations and part of masterAccountStatus calculation
CNR-1702 AD renaming errors on certain type of entries
CNR-1703 change log message when receiving a CS EMPLID change message and the SORObject remains unchanged
CNR-1704 UC Path: reg-prov-scripts UcPathTypeMapper needs to gain awareness of UCPath POI/CWR affiliate types
CNR-1705 UC Path: Add documenting comments to top of the UcPathRoleBuilder.build() method
CNR-1706 UC Path: reg-prov-scripts needs to set title code and deptartment attributes in LDAP sourced from UCPath
CNR-1708 UC Path: In reg-prov-scripts PersonRoleExecutorSpec there are some commented out ucpath test cases that need to be looked at
CNR-1715 bidms-downstream AD CANT_ON_RDN error
CNR-1716 reg-prov-scripts: Set samAccountName to uidUID# for anybody with "system" as calnetId as this is not an allowed samAccountName
CNR-1720

Suppress noisy "Purging orphaned entry" messages in sor-gateway-service log


August 8, 2018, 9am

Unneeded Access Control Instructions (ACIs) have a negative impact on performance, so we are removing several from the OpenDJ production LDAP tier. This requires no downtime for the affected hosts.

Services Affected

  • CalNet systems such as CAS and Shibboleth,and BPR

August 1, 2018, 7:00am

We will be removing access to affiliations from anonymous LDAP binds on August 1, 2018. This will improve the security of anonymous searches. Click here to find out how this impacts your service. CMR: CHG0031713

Services Affected

  • All campus applications that use an anonymous LDAP bind

Tickets Resolved

TicketComment

LDAP-3

Update ACI for anonymous binds


Jul 24, 2018, 4:30pm

This release is a patch to CalGroups. The service will remain up while the patching happens, since the servers are redundant. Potential affected users are campus employees. CMR: CHG0031888

Services Affected

  • CalGroups

Tickets Resolved

Ticket Comment
CG-168 Install CalGroups Patch

May 29, 2018, 6am

This release will update the OS and JVM for the BPR stack (registry-p1, amq-p1, bpr-p1). This will result in a brief 5-min outage for public CalNet applications such as  CalNet Account Manager (CAM). CMR: CHG0031688

Services Affected

  • Berkeley Person Registry
  • CalNet Account Manager
  • CalNet Admin Tool

May 23, 2018, 5:30pm

This release includes updates to language in account lock/unlock and new account/change ID screens in CalNet Admin Tool and CalNet Account Manager. CMR: CHG0031701

Services Affected

  • CalNet Admin Tool
  • CalNet Account Manager

TicketComment

CM-427

Update language in account lock/unlock messages

CM-424

Update account language in Create ID and Change ID screens to reflect auto bMail provisioning


May 21, 2018, 5:15pm

This release changes the way affiliations are filtered in CalNet Account Manager. CMR: CHG0031704

Services Affected

  • CalNet Account Manager

Tickets Resolved

TicketComment

CNR-1692

Filter affiliations list in CalNet Account Manager


April 4, 2018, 7am

This release includes bug fixes and upgrades to the CalNet stack and changes to AD provisioning scripts. CMR: CHG0031553

Services Affected

  • Berkeley Person Registry
  • Active Directory

Tickets Resolved

TicketComment

CNR-1650

Turn off ActiveMQ journal

CNR-1611

Fix regression on the performance of an individual ldapSync queue message consumption

CNR-1595

Fix bidms-downstream provision changed identities quartz job exception

CNR-1651

A registry-model uniqueness exception is now getting thrown

CNR-1644

Stop BPR provisioning of SPAs to AD


March 26, 2018, 5am

During the 5 to 5:15 am window a 5-min outage of all CalNet services (CAS, Shib, LDAP, etc.) will occur as firewall services are migrated. CMR: CHG0031513

Services Affected

  • CAS
  • Shibboleth
  • LDAP
  • Berkeley Person Registry

Tickets Resolved

Ticket Comment

OPS-401

Move CalNet networks from ASA to Palo Alto firewall service.


March 16, 2018, 6am

This release updates the target date on the 2-Step notification CAS UI. CMR: CHG0031507

Services Affected

  • CAS Login Screen

March 14, 2018, 5pm

This release was completed on March 15, at 7am. It included updates and new functionality to CalNet Account Manager and CalNet Admin Tool. CMR: CHG0031508.

Services Affected

  • CalNet Admin Tool
  • CalNet Account Manager
  • Berkeley Person Registry
  • bConnected

Tickets Resolved

Ticket Comment
CNR-1641 Add database constraint to enforce that CREDMGMT (and LDAP/AD) sorObjKeys must match the uid
CNR-1620 Modify CalNet SOR Person tool to trigger a provision for newly created or updated accounts
CAT-163 Call bConnected API to lock Google account when CalNet account is locked
CAT-165

Create new CAT User Role


March 7, 2018, 5pm

This release is a patch to the Active Directory provisioning code.  CMR: CHG0031506.

Services Affected

  • Active Directory

Tickets Resolved

Ticket Comment
CNR - 1640

AD provisioning change


March 4, 2018, 6am

This release contains regular updates for the nds-p* nodes in the ldap.b.e cluster, including patches for OpenDJ, OpenJDK, and RHEL. CMR: CHG0031454

Services Affected

  • Users of the ldap.b.e cluster

February 24, 2018, 6pm

This release resolves a known issue in which new AD accounts are not getting enabled when CalNet account is claimed. CMR: CHG0031477

Services Affected

  • Active Directory

Tickets Resolved

Ticket Comment
CNR - 1634 Reports of userAccountControl in AD not going active when account goes active

February 21, 2018, 6am

This release updates the URL for the sign-up link on the 2-Step notification CAS UI. CMR: CHG0031464

Services Affected

  • CAS Login Screen

February 15, 2018, 6am

This CAS release updates the notification message displayed by the auth.b.e cluster for 2-Step Cohort 1 not yet in CalNet 2-Step. CMR: CHG0031451

Services Affected

  • CAS Login Screen

February 13, 2018, 7am

A Tomcat restart is required to change configuration to enable Two-Step during account claim for anyone in the RequiredMinusExemptFromReq group. CMR: CHG0031456

Services Affected

  • CalNet Account Manager

February 06, 2018, 7am

In this release, Berkeley Person Registry will start provisioning records to CalNet Active Directory. CMR: CHG0031380

Services Affected

  • Berkeley Person Registry
  • All services that use CalNet Active Directory (AD)

February 03, 2018, 7pm

This release includes updates to CalNet Account Manager and Registry Service in support of the 2-Step project. CMR: CHG0031410

Services Affected

  • account-manager
  • bidms-downstream
  • calnet-admin-tool
  • calnet-people
  • registry-match-service
  • registry-provisioning
  • registry-service
  • registry-sor-gateway
  • ucb-match

Tickets Resolved

Ticket Comment
CM-403 Modify 2-Step page in CAM to remove opt-out
CM-404 Create workflow for requiring 2-Step of new employees during account claim process
CM-406 For a non-mandatory two-step enroller, the get backup passcodes button remains greyed out (disabled) even after adding a device
CM-408 Modify BPR QA environment to use group-test instead of production grouper
CM-409 Modify CAM to also consider HCM affiliations along with Allow2StepUserTest membership
CM-410 CAM two-step needs more complete audit logging
CM-411 CAM two-step needs to show end user decent error messages when duo or grouper services fail
CM-412 Unable to type in "Create your CalNet ID" field
CM-413 Ability in CAM to mock Grouper for test environments by bypassing it and going directly to LDAP
CM-415 Make requiring employees to two-step during claim configurable and turn it off for now
CNR-1369 Convert to using central Tomcat JNDI database connection pool to stay under our PostgreSQL connection limits
CNR-1589 bypass-the-match-engine queue is throwing exception in reg-prov
CNR-1629 Every project needs its version and group put into gradle.properties
CNR-1630 Publish WAR files to Maven repo for all BIDMS web applications
WA-55 Create a calnetSwitch to replace buggy bootstrapSwitch


February 1, 2018, 6am

The legacy auth-key.berkeley.edu (Second-level) CAS server will be turned off. This legacy server has been replaced by CalNet 2-Step Verification. CMR: CHG0031248.

Known Services Affected

  • OSCAR II

February 01, 2018, 6am

This release will be an upgrade to the CAS server cluster (auth.b.e) to the Apereo CAS release (5.0.10) with some custom UC Berkeley mods. This affects all CAS- and Shibboleth-integrated apps.

Update: The new version of CAS is now up in auth-test. It is a minor change that should not affect any existing integrations, but we recommend testing your applications well before February 1 to be certain it functions as anticipated. CMR: CHG0031216

Services Affected

  • CAS
  • Shibboleth

January 9, 2018, 9pm

This release is a patch of CalGroups servers. Since the servers are redundant, there will be no user level outage on CalGroups, however, there will be a brief lag in syncing updates to LDAP, AD, and Google. Affected user base will be employees. Affected systems are SPA Admin app and MyCalNet, related to CalNet 2-Step. CMR: CHG0031223

Services Affected

  • CalNet Account Manager
  • SPA Admin App
  • CalGroups

January 04, 2018, 7am

On 1/4/18, the reset passphrase token app will require CalNet 2-Step to log in. CMR: CHG0031275

Services Affected

  • Token app

December 13, 2017, 8am

In this release, the option to automatically send a push to a phone will be disabled since it prevents users from enabling the Remember Me option. CMR: CHG0031246

Services Affected

  • CalNet Account Manager
  • SPA Admin App
  • CalGroups

November 27, 2017, 6am

Apply security and other updates to the OS and JVM for the BPR prod tier (amq-p1, registry-p1, and bpr-p1). A brief outage while systems are restarted will be required during the maintenance window. CMR: CHG0031177

Services Affected

  • Berkeley Person Registry
  • CalNet Account Manager
  • CalNet Admin Tool

November 15, 2017, 5am

The Berkeley Person Registry postgres database will be upgraded on 11/15/17, 5am.  Outage expected from 5am-6am. Additional details forthcoming. CMR: CHG0031129

Services Affected

  • Berkeley Person Registry
  • CalNet Account Manager
  • CalNet Admin Tool
  • CalNet Crosswalk

November 6, 2017, 9pm

We will be upgrading the OS and the Shib-Cas plugin. It will be a rolling upgrade, so no downtime is expected. The Shibboleth IDP service is used by the entire campus for access to apps like Google, Box, and CalTime. CMR: CHG0031116.

Services Affected

  • Shibboleth

Tickets Resolved

TicketComment
OPS-385

Upgrade Production Shibboleth IDP


November 1, 2017, 7am

CalNet 2-Step required for all IST employees and users of CAT effective November 1, 2017. CMR: CHG0031128

Services Affected

  • CAS
  • CalNet Admin Tool

October 29, 2017, 6am

Perform a rolling patch and upgrade to the RHEL 7.x OS, OpenJDK JVM, and OpenDJ LDAP servers dedicated for use by CAS and Shibboleth. CMR: CHG0031096

Services Affected

  • CAS
  • Shibboleth

Tickets Resolved

TicketComment
OPS-384

Upgrade OS, JVM, and OpenDJ for dir-auth.calnet.1918.b.e cluster


October 25, 2017, 7am

This release includes upgrades to how CalNet sets passphrases, CalNet Account Manager, Grails 3.2.11, registry provisioning, work in support of a new AD structure, and changes to how records are consolidated. Changes released to QA 10/9/17.CMR: CHG0031112

Services Affected

  • CAS
  • CalNet Admin Tool
  • CalNet Account Manager
  • LDAP
  • Berkeley Person Registry
  • SOR Gateway Service
  • Registry Service

Tickets Resolved

Ticket Comment
CM-386 Passphrase work
CM-387 Modify CAM to use the new bidms-credential-policy plugin that centralizes passphrase validation
CM-389 Passphrase related to CAM
CM-391 CAM is giving generic "system error" 
CM-394 Change CAM Menu text
CM-395 CAM Lib update
CNR-1367 Provision from BPR to Active Directory
CNR-1415 SGS needs to set uid on LDAP and AD SORObjects rather than waiting until LdapSync does it
CNR-1497 Add a configuration item to enable/disable AD provisioning in bidms-downstream
CNR-1498 Add a configuration item to enable/disable creation of AD DownstreamObjects in registry-provisioning-scripts
CNR-1504 immediate entryUUID retrieval is not working in prod after an insert or rename
CNR-1518 Create "dynamic attribute" feature for bidms-connectors
CNR-1532 Bug in reg-prov-scripts for AD where dn.ONCREATE has "CN=null" in it for uids with no name
CNR-1536 bidms-downstream provision changed identities quartz job is throwing an exception
CNR-1537 Need ability in reg-prov to create AD downstreamobjects but not send messages to downstream AD queue
CNR-1538 When setting AD DownstreamObject userAccountControl DISABLE, TrackStatus lock flag is being checked, but what about Person.isLocked?
CNR-1540 Access to bidms-downstream quartz/list web page is being denied
CNR-1541 AD userAccountControl has to be 546, not 512, on CREATE for active users
CNR-1542 Check for invalid characters in AD CN since it's part of the DN
CNR-1544 Remove primaryGroupID from AD DownstreamObject
CNR-1545 Remove guests from list of users provisioned to AD
CNR-1546 Set AD CN to Display Name (UID)
CNR-1547 CS SORObjects have some badly-structured JSON in them
CNR-1548 CAT and CAM can no longer download Bower assets
CNR-1549 Improve the performance of CredentialTokenService
CNR-1551 CAT and CAM are trying to use same Greenmail ports in dev and test environments
CNR-1564 SGS REST endpoint that serves same purpose as JMS SORObjectJSONQueue
CNR-1569 Add audit logging support to registry-provisioning NewUidController and ProvisionController
CNR-1573 SGS endpoints need to be protected with spring security
CNR-1575 mleefers requesting AD street address go into a different attribute
CNR-1576 mleefers requesting two-letter instead of three-letter country code
CNR-1577 Modify registry-match-service triggerMatch endpoint to return uid if it's assigned
CNR-1578 need to proxy SGS sorConsume REST calls through registry-service for networking security reasons
CNR-1579 When deleting entries, bidms-connectors LDAP needs to check for and delete "subordinate" entries
CNR-1580 match-service triggerMatch endpoint needs to recognize synchronousDownstream=false
CNR-1581 Support sending uid in the JSON payload in the sorObjects controller to match new sorObjects with existing uids
n/a upgrade to Grails 3.2.11
n/a Passphrase work
CM-400 Updates to change ID email language

October 6, 2017, 7:30am

This release prevents enablement of CalNet 2-Step with a smart phone until after the Duo Mobile App has been verified to have been installed on the smart phone. CMR: CHG0031064

Services Affected

  • CalNet Account Manager
  • Duo 2-Step

Tickets Resolved

TicketComment
CM-399

Update hasDevices logic to make sure Duo account is active.


September 19, 2017, 6:00pm

This release updates the merge function in CalNet Admin Tool. CMR: CHG0031005

Services Affected

  • CalNet Account Manager
  • Registry Service

Tickets Resolved

TicketComment
CAT-169

During merges, don't copy delete.credmgmt.calnetId if keep.ldap.beKerbPrincStr is present


September 14, 2017, 6:00pm

This release fixes a bug and updates the CalNet Admin Tool. CMR: CHG0030992

Services Affected

  • CalNet Account Manager

Tickets Resolved

TicketComment
CAT-154

Enable X-FORWARDED-FOR header for auth.calnet.b.e

CAT-157

CAT needs modifications to work with latest ucb-spring-security-cas-ldap

CAT-158

Error when consolidating records in CAT


September 9, 2017, 9:00am

We will be changing our SLB config to allow HTTP templates for the Auth.b.e VIP. We will give ourselves a 30 min window to do the work, and there will be a few seconds downtime as the SLB saves and responds to the new configuration. The change will happen Saturday morning, September 9, from 9 - 9:30 am. This affects any server using the campus SSO and the entire campus population. This change was tested successfully with the SDSC DR and BR CAS cluster. CMR: CHG0030879

Services Affected

  • CAS

Tickets Resolved

TicketComment
CAS-5

Enable X-FORWARDED-FOR header for auth.calnet.b.e


August 26, 2017, 6:00am

To support new CalNet 2-Step users starting Monday, a new CAS server build with help text for Duo 2-Step is deployed. CMR: CHG0030956

Services Affected

  • This affects all CAS users, but the change is only additional help text show at the Duo 2-Step prompt.

August 10, 2017, 7:00pm

This release includes fixes and updates to CalNet Account Manager and CalNet Admin Tool as well as an upgrade to Grails 3.2.11. CMR: CHG0030913

Services Affected

  • CalNet Account Manager
  • CalNet Admin Tool

Tickets Resolved

TicketComment
CAT-154

CAT is displaying a "null" in the list of affiliations for all records.

CM-384

Update 2-Step Email notification to stop Google Phishing warning.

CNR-1454

New employee can't claim CalNet ID

N/A

Upgrade to Grails 3.2.11


July 28, 2017, 3:00pm

This release replaces the CalNet OpenIDM. OpenIDM will be turned off and Downstream Provisioner will write directly to LDAP. CMR: CHG0030864

Services Affected

  • SOR Gateway Service
  • Registry Provisioning
  • Registry Provisioning Scripts
  • Downstream Provisioner
  • OpenIDM
  • LDAP

Tickets Resolved

TicketComment
CNR-1419

Replace OpenIDM with a new downstream provisioning system

CNR-1490

If in grace but affiliations are unknown, set primaryOu to existing LDAP ou 

CNR-1493

DownstreamProvisioningRESTClientService.provisionUid is throwing exceptions 

CNR-1494

sor-gateway DailyHashAndQueryJob is throwing exception 

CNR-1492

bidms-downstream LDAP schema violation exceptions 

CNR-1495

Registry-d1 sor-gateway is throwing a start-up exception related to oracle db connection 

CNR-1489

Removal of calnetId is causing an exception in registry-provisioning-scripts 

CNR-1476

bidms-downstream is reporting bad avg batch time values in the timing statistics 

CNR-1477

bidms-downstream sometimes can't find uid in LDAP but when a LDAP write is attempted, NameAlreadyBoundException is seen 

CNR-1484

bidms-downstream seeing OpenDJ errors sometimes with namespace changes 

CNR-1464

Change capitalization to berkeleyEduUnitHRDeptName in DownstreamObject JSON 

CNR-1465

Don't send audit log entries to the app log, as it's already logged in audit log file 

 CNR-1466

Create DownstreamObjects for LDAP namespace entries 


July 26, 2017, 6:00am

This release will patch the production MIT Kerberos cluster. A brief outage of about 1 minute per node will occur. Some Kerberos clients will automatically fail over to the slave KDC when this happens. CMR: CHG0030836

Services Affected

  • CAS

July 19, 2017, 6:00am

This release will update OS to RHEL 7.x and latest application libraries on the calnet.b.e web server, which includes the Directory Update Application. CMR: CHG0030822

Services Affected

  • Directory Update Application

July 18, 2017, 7:00am

This release fixes an error in the CalNet Admin Tool and also changes what information is displayed in the tool. CMR: CHG0030863

Services Affected

  • CalNet Admin Tool

Tickets Resolved

TicketComment
CAT-133 
Delete "Empl ID" field from basic info
CAT-150 Remove OU from CAT
CAT-152 CAT Throwing a MissingProperty Error

July 12, 2017, 6:00am

This release will patch RHEL 6.x and the JVM for the idc.b.e application cluster. CMR: CHG0030818

Services Affected

  • CalNet self-service applications on the idc.b.edu cluster, such as Guests, SPAs, and Access Keys

June 28, 2017, 6:00am

This release reconfigures the CAS auth.b.e servers to not do SSO for the base /cas/login URL if no service parameter is provided. This change is considered a security best practice. CMR: CHG0030793

Services Affected

  • All campus CAS users, especially those using 2-Step Verification

June 21, 2017, 6:00am

This release is a rolling upgrade of the production CAS Server to fix intermittent degradation of service due to load and a known bug in the 5.0.4 server. CMR: CHG0030785

Services Affected

  • CAS

June 15, 2017, 6:00am

This release is a rolling upgrade of the production CAS Server cluster to release 5.0.6 with bug fixes and some additional custom UI fixes. CMR: CHG0030749

Services Affected

  • CAS
  • Shibboleth

June 12, 2017, 6:00am

In this release, CalNet will migrate net-auth.berkeley.edu to RHEL 7.x from 5.x. 15-min planned outage affecting campus customers of the Berkeley Person Registry identity management applications CalNet Admin Tool and CalNet Account Manager. CMR: CHG0030742

Services Affected

  • net-auth.berkeley.edu
  • Berkeley Person Registry
  • CalNet Account Manager
  • CalNet Admin Tool

June 8, 2017, 2:00am

This release includes updates to CalNet Account Manager. Changes to CAM will be visible only to users who have been granted access to CalNet Two-Step beta testing. CHG0030750.

Services Affected

  • CalNet Account Manager

Tickets Resolved

Ticket Comment
CM-344 2FA Login
CM-345 Pilot implementation of 2FA admin iFrame
CM-351 Add page headers to CAM pages
CM-352 2FA documentation
CM-353 Restrict who can see 2-Step Verf in the menu
CM-354 2-Step form edits for the instructions
CM-356 Changes to 2-Step Form Based on User Feedback
CM-357 Turn on 2-Step Switch Automatically
CM-358 Do not ask for pw on the 2-Step Switch
CM-359 Don't ask for pw on the Get Backup Passcodes request
CM-360 Get Backup Passcodes Screen Changes
CM-361 2FA Form Format and Color Changes
CM-362 Changes to New Enrollment Instructions
CM-363 Change 2-Step Switch Title
CM-364 Changes to Manage Your Devices - Help Text
CM-367 Send email when generating backup codes
CM-368 Add link to privacy statement in the footer
CM-370 Change language on passphrase reset screen
CM-371 reduce UC Berkeley logo
CM-372 Delete numbers on the items in the Help Section
CM-373 2 Step Switch Format Change
CM-374 Backup Passcodes Format Change
CM-375 Reduce Duo iFrame height
CM-376 Add line spaces
CM-377 2 Step Switch Confirmation Messages
CM-378 Changes to Get Backup Passcodes Page
CM-379 cross-site request forgery protection?
CM-381 Change font-size and weight in help headers
CM-382 Move on/off + passcode button closer to text

June 6, 2017, 9:00pm

This release is a minor upgrade of the Shibboleth IDP to version 3.3.1 and the Shibcas connector. There is no expected downtime, though we have an hour window to complete the work. Affected systems include any using the Shibboleth IDP for authentication. Students, staff, and faculty could potentially be affected. Site examples include most off-campus services like Google, ServiceNow, Learning Center, Salesforce, and Box.

The Shibcas connector upgrade will fix the error messages displayed to a user readable message rather than the current code dump. CMR CHG0030731.

Services Affected

  • Shibboleth
  • Any using the Shibboleth IDP for authentication

Tickets Resolved

TicketComment

SHIB-1

Minor Shibboleth IDP upgrade - 3.3.1, Shibcas

May 18, 2017, 10:00pm

This emergency CAS Server release fixes the regression affecting some campus applications using SPAs. No outage is expected as we will do a rolling restart of the cluster nodes. CMR: CHG0030704

Services Affected

  • CAS
  • Special Purpose Accounts

May 16, 2017, 10:00am

This release is a rolling restart for CAS, no outage expected. CMR: CHG0030697

Services Affected

  • CAS

May 15, 2017, 6:00am

Begin testing on April 7, 2017

This release is the final step in migration to CAS Server 5.0.4. We are upgrading the Apereo CAS servers at UC Berkeley from version 4.1.x to 5.0.4 with some additional features deployed, with the help of Unicon, one of the major contributors to the CAS project. CMR: CHG0030513

The QA tier will be updated on April 7 to allow for testing. To test, point your QA CAS client application at the auth-test.berkeley.edu DNS name. The previous QA nodes (cas-t1/t2) will remain available for a transition period as individual nodes. Please be sure to test your application before May 15.

Find additional details about this upgrade on our website: Migration to CAS Server 5.0.4

Services Affected

  • CAS

May 10, 2017, 6:00pm

This release provides improved audit logging of account events for integration with Security Operations monitoring. CMR CHG0030673.

Services Affected

  • Berkeley Person Registry
  • CalNet Admin Tool
  • CalNet Account Manager

Tickets Resolved

TicketComment

CNR-1416

CAM/CAT/reg-service events log


May 5, 2017, 4:15pm

This release fixes a condition that is causing SGS LDAP imports to fail and removes case-sensativity from email address field in CalNet Account Manager.

Services Affected

  • Berkeley Person Registry

Tickets Resolved

Ticket Comment

CNR-1462

OpenDJ objects that start with entryuuid= are causing SGS LDAP imports to fail

CM-342

Reset passphrase recovery case insensitive email lookup

May 5, 2017, 10:00am

This release changes the logic CalNet uses to determine expiration dates and fixes a condition that causes provisioning exceptions. CMR: CHG0030628

Services Affected

  • Berkeley Person Registry

Tickets Resolved

Ticket Comment
CNR-1451 Update expiry logic
CNR-1460 Provisioning exceptions

May 4, 2017, 5:00pm

This release fixed a bug in which stale cache was preventing new employees from claiming a CalNet account.

Services Affected

  • Berkeley Person Registry
  • CalNet Account Manager

Tickets Resolved

Ticket Comment
CNR-1454 Stale cache - production restart required

April 26, 2017, 5:15am

In this release a number of CalNet applications are being upgraded to use the Grails 3 framework. This release will be deployed to QA on April 10, 2017. CMR CHG0030578.

Services Affected

  • Berkeley Person Registry
  • CalNet Account Manager
  • SOR Gateway Service
  • Registry Provisioning
  • Registry Rest Service

Tickets Resolved

See April 19, 2017 release for complete list of ticket resolved.


April 19, 2017, 7am

In this release CalNet Admin Tool is being upgraded to use the Grails 3 framework. This release will be deployed to QA on April 10, 2017. A second release on April 25 will upgrade Berkeley Person Registry and CalNet Account Manager to use the Grails 3 framework. CMR CHG0030548.

Services Affected

  • CalNet Admin Tool

Tickets Resolved

Ticket Comment
CAT-134 Convert to Grails 3.x
CM-161             Upgrade CAM to Grails 3.x
CNR-1275 Migrate grails-external-groovy-plugin to Grails 3.x
CNR-1276 Regression: Between Groovy 2.4.4 and Groovy 2.4.5 (Grails 3 uses .7) a change was made that as reintroduced a memory leak to external-groovy
CNR-1277 Migrate sor-key-data plugin to Grails 3.x
CNR-1278 Migrate registry-provisioning-scripts to Grails 3.x
CNR-1280 Migrate registry-model plugin to Grails 3.x
CNR-1281 Migrate grails-gorm-util-plugin to Grails 3.x
CNR-1282 Migrate registry-commons to Grails 3.x
CNR-1283 Migrate grails-domain-utils-plugin to Grails 3.x
CNR-1286 Migrate groovy-hashchode-ast to Groovy 2.4.7
CNR-1296 Migrate grails-render-json-plugin to Grails 3.x
CNR-1316 Migrate groovy-sql-util to Grails 3
CNR-1347 Update sorQuery script to accept a SORObjectKey (Grails 3 branch)
CNR-1353 Migrate mock-registry to Grails 3
CNR-1360 Migrate ucb-messaging plugin to Grails 3.x
CNR-1361 Migrate the UCB fork of the grails-routing plugin to Grails 3.x
CNR-1363 Grails 3 registry-model jobAppointments collection not being persisted when person is saved and not being retrieved when person is loaded
CNR-1365 For registry-model Grails 3 branch, type: JSONBType, sqlType: 'jsonb' in mapping is not working
CNR-1368 Property injection into Provision object is not working on Grails 3 branch
CNR-1372 Migrate registry-provisioning to Grails 3.x
CNR-1373 Migrate rest-client-builder-digest-auth to Grails 3.x
CNR-1374 Grails 3 Spring Boot in conjunction with registry-settings is complaining of multiple jms connection factories
CNR-1375 Grails 3 registry-settings doesn't seem to be merging config correctly
CNR-1378 Grails 3 reg-prov: no log output is being produced
CNR-1382 Figure out why grails 3 reg-prov wiped out the database at start-up
CNR-1383 Grails 3 reg-settings needs to set dbCreate to not delete by default
CNR-1384 Migrate sor-gateway-service to Grails 3.x
CNR-1385 Migrate ucb-match to Grails 3.x
CNR-1386 Migrate registry-match service to Grails 3.x
CNR-1391 Migrate registry-rest-client to Grails 3.x
CNR-1393 Migrate registry-service to Grails 3.x
CNR-1394 Migrate rest-queryfilter-plugin to Grails 3.x
CNR-1397 Integration Hub is changing the development AMQ host
CNR-1399 Grails 3 reg-service is having odd transaction management problems
CNR-1401 Grails 3 reg-service doesn't need jmsTransactionManager/ChainedTransactionManager because it only produces JMS and JMS producers aren't transactional
CNR-1402 Grails 3 reg-settings: Add option to create JMS beans but skip the jmsTransactionManager if the app is only using JMS for producing messages
CNR-1403 Grails 3 reg-service still is using ChainedTransactionManager even after removing jmsTransactionManager
CNR-1404 Grails 3 reg-settings: Add an "enable multiple data source" option to reg-settings to work around a Grails 3 bug
CNR-1405 Grails 3 reg-prov's BootStrap.groovy isn't running
CNR-1407 Some Grails 3 registry-service integration tests aren't passing and have been @Ignored
CNR-1408 In order to get Grails 3 reg-service integration tests to pass, had to move setupSpec to setup, but this makes running tests very slow
CNR-1409 SorPeopleAssignmentServiceIntegrationSpec passing locally but is failing on Bamboo
CNR-1417 Grails 3 match-service isn't consuming the newUid queue
CNR-1420 Deadlock between match-service and call out to registry-provisioning's provisionUid in Grails 3 (but probably Grails 2 too)
WA-46 Move ucb-webapp-foundation to Grails 3.1.x
WA-49 Migrate ucb-twitter-bootstrap and ucb-twitter-bootstrap-fields plugins to Grails 3

April 4, 2017, 4:30pm

This release provides a fix so that alumni already in OU = ADVCON do not get grace notification emails. CMR: CHG0030512

Services Affected

  • Berkeley Person Registry
  • LDAP Provisioning

Tickets Resolved

Ticket

Comment

CNR-1412

Users in ADVCON receiving grace notification emails


March 15, 2017, 3:00am

This release resumes the CalNet account expiration process and implements grace period email notifications. This release requires a second restart at 6pm on March 16. CMR: CHG0030441.

Services Affected

  • Berkeley Person Registry
  • CalNet Account Manager
  • CalNet Admin Tool

March 14, 2017, 9:00pm

Upgrade production shibboleth IDP (shib.berkeley.edu) to version 3.3.0. The upgrade will bring us to the current release and allow us to use the consent model. The change will take place during a change window on Tuesday, March 14, from 9 - 11 pm. The actual change will be within that time and will be a brief, approximate 15 sec delay. The service affects most campus users. CMR: CHG0030422

Services Affected

  • Shibboleth IDP
  • Any system using the Shibboleth IDP for attribute release / authentication

March 9, 2017, 3:00am

This release includes work in support of the CalNet account expiration process, fixes a bug in CalNet consolidation and refines logic for changing CalNet IDs. This release was originally scheduled for March 8, 2017. CMR: CHG0030440

Services Affected

  • Berkeley Person Registry
  • LDAP Provisioning
  • CalNet Account Manager
  • CalNet Admin Tool

Tickets Resolved

Ticket

Comment

CNR-1371

Berkeley.edu email address should key of alternateIdEmailAddress

CNR-1366

Do not use BPR LDAP Display Name for full name

CNR-1364

Check hql in findPeopleExitingExpiry

CNR-1362

If a person does not have an @berkeley.edu account don't try to send additional emails.

CNR-1359

Registry Service gets wrong values from config in GraceServiceJob

CNR-1358

Refine logic for changing CalNet ID

CNR-1357

Grace Period Notify email still using calnet@berkeley.edu FROM address

CNR-1356

Cannot format given Object as a Date Error

CNR-1349

CNR-1169 Filter out people who does not have a calnetId

CNR-1325      

Disallow future-dated startOfRoleGraceTimes in PersonRoleArchive table
Update provisioning code to set start grace time to current time when source data has a future end date but goes inactive

CNR-1322

CNR-1167 Make adjustments to Grace period jobs

CNR-1308

UIDold and Consolidation date not being written during CAT consolidations

CNR-1302

Send email notification for expired accounts that have been activated again

CNR-1293

CNR-1167 Check if person has berkeley email address before sending email


March 1, 2017, 1:00am

This release includes minor edits and bug fixes for CalNet Account Manager and CalNet Admin Tool. Also introduces new features to CalNet Account Manager that display user's names and affiliations.  CMR: CHG0030408

Services Affected

  • CalNet Account Manager
  • CalNet Admin Tool

Tickets Resolved

Ticket

Comment

CM-334 

Edit CAM Footer

CM-333 

Edit CAM Account Info page

CM-331 

Re-enable change in CM-311

CM-311 

Show more info after user logs into CAM

CAT-118 

An Error Has Occurred message after consolidation in CAT

CAT-117 

Assigning someone SIS View privilege doesn't appear to work

CAT-44 

CAT-37 Make simple / advanced search

CAT-127 

Show more info for user

CAT-122 

CAT-118 Consolidation error bug


February 28, 2017, 5:30pm

A restart of the PostgreSQL DB behind the prod Berkeley Person Registry (BPR) to allow more active connections will result in a brief outage to allow reconfiguration. Outage anticipated from 5:30pm-5:35pm on Tuesday, February 28. CMR: CHG0030418

Services Affected

  • Berkeley Person Registry

February 27, 2017, 1:00am

Refining logic for CalNet ID change. Release is in support of new alumni email program.  CMR: CHG0030411

Services Affected

  • CalNet Account Manager

Tickets Resolved

Ticket

Comment

CNR-1358

Refine logic for changing CalNet ID


February 21, 2017, 6:00am

This release is to patch the OS and JVM for the four servers comprising the CalNet Berkeley Person Registry (BPR) prod tier (registry-p1, bpr-p1, amq-p1, and idm-p2). CMR: CHG0030335

Services Affected

  • CalNet Account Manager
  • CalNet Admin Tool
  • Berkeley Person Registry

February 14, 2017, 8:00pm

This release updates the production Grouper servers, which service calgroups.berkeley.edu, from version 2.2 to 2.3. The upgrade is a precursor to using a new provisioning UI.  CalGroups will be down during the upgrade due to a database upgrade.  CMR: CHG0030385

Services Affected

  • CalGroups
  • CalNet SPAs
  • LDAP Groups

Tickets Resolved

Ticket

Comment

CG-156

Upgrade production Grouper


February 1, 2017, 3:00pm

This release includes fixes to improve memory usage and upgrading of dependencies. CMR: CHG0030348

Services Affected

  • Berkeley Person Registry
  • Registry Service
  • LDAP

Tickets Resolved

Ticket                         

Comment

CAT-118

 An Error Has Occurred message after consolidation in CAT

CNR-1311

Convert bad HCM job-end dates that are set to 9999-12-31 to be null, which causes the Registry to write the current date as the start-of-grace-time when it encounters such a bad end date. 

CNR-1291

Don't write legacy guest system accounts to LDAP

CNR-1262

New ou determination logic based on roles (but back-port the "don't move to a lesser OU" work-around that was in the old code into the new code)

CNR-1197

Don't provision (IGNORE) to LDAP any new uid missing at least one-LDAP affiliation

CNR-1262

Fixes CNR-1193 and CNR-1256 (dupe of CNR-1193): Records in presir when they should be in ADVCON

CNR-1197

Fixes CNR-1184: Employee Only CS Record provisioned to presir ou because of partial HCM record

CNR-1262

Rewrite OU determination logic to key off of roles instead of identifiers


January 25, 2017, 5:00am

This release was completed on January 26, 2017, and made additional changes to CalNet ID changing logic and enabled account expiration processes. CHG0030323

Services Affected

  • CalNet Account Manager
  • Berkeley Person Registry
  • LDAP

Tickets Resolved

Ticket

Comment

CNR-1285

Changing recoveryEmailAddress after changing calnetId should not rewrite calnetId

CNR-1267

When setting recovery email address, the oldCalnetId is overwritten with current calnetId in CREDMGMT SOR Object

CNR-1265

Prevent claiming CalNet IDs only defined in KDC

CNR-1239

Send a message to people who are in grace but never received an email

CNR-1217, CNR-1167 

Make cron job to send grace emails

CNR-1213

Track status object must have metadata field to store extra info

CNR-1191, CNR-1167

Create rest endpoint to send email

CNR-1169

Disable account when an account has expired

CNR-1298

LdapInformation endpoint

CNR-1304

Password error in account locking

CM-319

Users not able to claim CalNet IDs they already own in namespace

CM-323

Add custom link in full text to passphrase reset button

CM-327

Fix CalNet ID change screen

January 25, 2017, 3:00pm

This release implements new Campus Solutions update code to accept real time messages via JMS queue and make database queries on demand for individual student records. It should allow new CalNet accounts to be created in near real time once all the appropriate record creation has been completed in Campus Solutions. Release also includes updates to Registry provisioning logic to support en- of-life account handling. CMR: CHG0030328

Services Affected

  • Berkeley Person Registry
  • Registry Service
  • LDAP

Tickets Resolved

Ticket

Comment

(no CNR)

Fix setting a proper grace start date for the aggregate roles: masterAccountActive and ldapNoExpDate.

CNR-1287

Fix no students in Dev marked as registered

CNR-1292

Close out new Sql instances in an attempt to fix connection pool leak in SGS

CNR-1273

Upgrade SOR Gateway Service to Grails 2.5.5 

CNR-1272

Convert the Camel routes in SGS to use reliable-tx-camel 

CNR-1031

Convert sor-gateway-service to use JTA Transaction Manager 

CNR-1266

Consume CS "person basic sync" messages from IHub to trigger 'real-time' SGS EMPLID querying 

CNR-1297

Replace special 07/28/16 CS affiliation end dates with 01/01/1901 so real dates used instead from other SOR data 

CNR-1289

Create an expirationNotify role

January 8, 2017, 11:45am

This release fixes a bug in the CalNet Account Manager, in which a CalNet ID change reverts if the user sets their recovery email address in the same session. CHG0030266. (This release rescheduled from 1/6/17, 5:00am).

Services Affected

  • CalNet Account Manager
  • Berkeley Person Registry
  • LDAP

Tickets Resolved

Ticket

Comment

CM-321

Change CalNet ID bug


January 6, 2017, 6:40am

This Emergency SOR Gateway Service patch deploys a one-liner patch that adds 14 days to the calculation of last semester end date because Campus Solutions indicates the spring semester has started but they have not yet updated the registration service indicators to show spring instead of fall. This affects the berkeleyEduAffiliation: STUDENT-TYPE-REGISTERED value in LDAP.  Tomcat restart on registry-p1 is required. CMR: CHG0030268. (This relesase rescheduled from 1/6/16, 5pm).

Services Affected

  • Berkeley Person Registry
  • LDAP

Tickets Resolved

Ticket

Comment

CNR-1287

No students in Dev marked as registered