What's new - iCIS On-Prem v4.2.5
This topic provides an overview of the more significant changes in the "on-premise" release of iCore Integration Suite v4.2.5.
This release includes all changes in iCIS Cloud version v4.2.0 - v4.2.5.
Updated technical requirements
iCore Integration Suite now requires .NET 4.8.
For more information, see Technical requirements.
Administrator
Large Event / Job argument values
Large Event / Job argument values can now be displayed in the Administrator tool. See View the arguments of a Job.
Authentication and authorization
Enable/Disable authentication with Open ID Connect (OIDC)
Authentication with Open ID Connect (OIDC) can now be enabled or disabled for the iCore system. This can be done in System settings in the Administrator or with the Set-iCoreAuthenticationProvider cmdlet.
User authorization with Azure AD
Users can now be authorized via Azure AD instead of via User groups in the iCore system. Users and their group memberships can be administered directly in Azure. In order to use authorization with Azure AD, the iCore system has to be configured with an Azure AD provider. Authorization in Azure AD requires that authentication is set up with OpenID Connect in Azure.
For more information, see Authorization with Azure AD.
User authorization with Azure AD for Administrator
The Administrator now supports user authorization via Azure AD by managing users and groups in Azure instead of in the local configuration. Using this feature requires that you configure an Azure AD as OpenID Connect provider, as well as an Azure AD provider, in combination with role mappings against Azure AD groups.
For more information, see Configuring authorization using an Azure AD provider.
Runtime
New System Event type – ServerPartFaulted
A new System Event type (__iCore_ServerPartFaulted) is now available. An Event of this type is created when a Server part enters a faulted state, and can be used to set up alarms that notify the administrator of the system.
Categories
The Categories property is no longer visible in the entity properties view in the Administrator GUI. To ensure backwards compatibility, it is still available as a read-only property on the entity in the iCore Public API.
- Entities can be added to or removed from a Category in the entity details view (as before).
- Adding or removing an entity from a Category no longer affects the modified date of the entity.
User management & security
Multiple User group memberships
It is now possible for a User to belong to more than one User group. The access rights for a User is the sum of all granted permissions that it receives through its User group memberships.
Authentication with Open ID Connect (OIDC)
System login now supports Open ID Connect (OIDC). There are several well-known authentication providers that support OIDC, for example Microsoft Azure, Google and SalesForce. Note that OIDC System login does not (currently) imply that OAuth authorization is supported. Authorization in an iCore system is handled via User groups that specify what a User is allowed to do in a System.
For more information, see User authentication.
New permissions on iCore systems
The Security Administrator, Administrator, and Developer User group can now set the following permissions on the iCore system level:
- Export – Users with this permission can export all entities in a system (regardless of other permissions).
- Import – Users with this permission can import any entities to a system (regardless of other permissions).
- Attach/Detach – Users with this permission can attach or detach a system (regardless of other permissions).
- Upgrade – Users with this permission can upgrade a system (regardless of other permissions).
- Edit tracking page – Users with this permission can edit tracking page in a system (regardless of other permissions).
- Set Default filter – Users with this permission can set default filter in a system (regardless of other permissions).
These above permissions are granted to the Administrator and Developer User groups by default when you create a new iCore system. However, if you upgrade an existing system, the permissions will be granted to all existing User groups.
The Restricted operations property has been removed from the User entity, and access rights are now instead controlled by the following new permissions:
- Protected data access – Users with this permission are allowed to view or update the values of a protected entity.
- Modify protectable – User with this permission are allowed to modify the protected property of a protectable entity. This implies permission "Protected data access".
- System protection – Users with this permission are allowed to update the Data protection setting of a system.
- User password policy – User with this permission are allowed to modify the User password policy of the system.
For more information about how these permissions are managed when an iCore system is created or upgraded, see Backwards compatibility.
New permission on Component definition
The Administrator and Developer User group have a new permission on Component definition:
- Execute – Users with this permission can Execute a Component in the Run Component tool (regardless of other permissions).
The Execute permission is granted to the Administrator and Developer User groups by default when you create a new iCore system. However, if you update an existing system the permission is added to all existing User groups.
New User group in new iCore systems
When a new iCore system is created, a User group called "Security administrator" is now added to the system. The new permissions that replace the previous Restricted operations (see New permissions on iCore systems) will be granted this User group and the User "Admin" will be added as a member. "Security administrator" replaces the User "SecAdm" which is no longer added to the system.
Entity references
- User-defined entity references no longer explicitly prevents deletion of a referred entity. Deletion is now allowed after manual confirmation.
- User-defined entity references and Category memberships no longer require the referred entity to be exported or imported. These entities will be included by default, but can now be deselected if desired.
- The Import-Export Tool has new visualizations of the various selection statuses to make it easier for the user to determine the state of a particular entity and what that state it may be changed to.
Component definitions
Component definition locks
Component definitions can now be locked to prevent other Users from making changes to it. The feature is a useful for example when you want to prevent multiple Users from simultaneously editing the same Component definition. A locked Component definition cannot be edited, overwritten (through an import or otherwise), or compiled and can only be unlocked by the User who locked it or an Administrator with the “Release other User’s lock” permission.
For more information, see Component definitions.
SSL/TLS configuration
Sending and receiving email now has added configuration options for SSL/TLS. You can specify which SSL/TLS versions to support when establishing secure connections to SMTP and POP3 servers in the following objects / activities:
- SMTP Object (Script)
- POP3 Object (Script) - Configuration of Start TLS option has also been added.
- Send e-mail (Adapterflow)
- Send Mail (Workflow)
TLS 1.3
TLS 1.3 is now available as an option when configuring an SSL connection in the following objects / activities:
- HTTP Client Object (Script)
- iCore HTTP Server Object (Script)
- SMTP Object (Script)
- POP3 Object (Script)
- FTP(S) reader (Adapterflow)
- FTP(S) writer (Adapterflow)
- Send e-mail (Adapterflow)
- Create FTP Connection Configuration (Workflow)
- Send AS2 Message (Workflow)
- Send AS2 MDN (Workflow)
- Send Mail (Workflow)
After upgrading to version 4.2.5, there is a risk that existing mail and http clients that use SSL/TLS will stop working. For more information, see Backwards compatibility.
SFTP Key Exchange (KEX)
A new parameter Initialize KEX
is available that can be used to resolve issues with some SFTP servers which expect the client to initialize the key exchange (KEX). Applies to:
- Adapterflow activities SFTP Reader and SFTP Writer
- Workflow activity Create SFTP Connection Configuration
Web service client – enable/disable XML schema
When adding a new Web service client, there is now an option to enable/disable XML schema generation.
Web service client – Improved options to configure bindings
In Workflows
The options to configure an Endpoint have been improved, which provides the user with new options to configure bindings.
- In Workflows that use a SOAP-based web service client, it is now possible to create an Endpoint from a VB expression directly in the web service consumer activity. For more information, see Web services.
- A new Workflow activity, Create Endpoint from Configuration, is automatically added when a new web service consumer activity is created. The activity can also be added manually.
- During system upgrade, all existing Workflows that use a SOAP web service will be updated with the new activity.
In Adapterflows
A CustomBinding can now be configured in the generated Web service consumer activities, in addition to the existing binding types. The custom binding can only be configured in code expressions. The use of a CustomBinding gives the user improved possibilities to configure the binding for the Endpoint.
For more information, see:
Enable/disable Write To Log activity
A new property ("Enabled") has been added to the Write To Log activity, which lets you enable or disable the activity dynamically for example via a Setting.
Entity filters available in Web APIs
It is now possible to programmatically execute Entity filter queries from a Web API, with support for caching and strongly typed result rows and parameters. For more information, see Using Entity filters in Web APIs.
SFTP support UTF8 in filename
Workflow and Adapterflow activities now have a new parameter, Use UTF8
, for parsing filename in UTF8.
Applies to:
- Adapterflow activities SFTP Reader and SFTP Writer
- Workflow activity Create SFTP Connection Configuration
ConvertDate function renamed to FormatDate
The Script function ConvertDate has been renamed to FormatDate, but keeps the same functionality.
Execute Web API definition activity startup/shutdown timeouts
New arguments have been added to activity Execute Web API definition:
Startup timeout
Shutdown timeout
AS2 Keep alive and HTTP version
New arguments have been added to AS2 Workflow activities Send AS2 Message and Send AS2 MDN:
HTTP version
HTTP keep alive policy
Load certificates from file
It is now possible to create certificates from a file or stream using iCore coded API in Component definitions support coded API. For more information, see LoadCertificate method.
AS2 EDIINT
AS2 functionality has been re-worked to better follow the specification of the EDIINT-Features header
that was introduced in AS2 version 1.2. The header is included in AS2 messages and is a specification of the capabilities of the sending user agent, it is not an indication of message contents. Therefore, when using the AS2 activities you should set these arguments to indicate what features are implemented:
- Create AS2 Message activity - *EDIINT features header*
- Load AS2 Message activity - *Supported EDIINT features*
EDIINT features that can be implemented in iCore:
- AS2 reliability
- Multiple attachments
For more information, see:
- AS2 Overview
- RFC 6017 Electronic Data Interchange - Internet Integration (EDIINT) Features Header Field
AS2 Workflow activities for EDIINT
Workflow AS2 activities now support implementation of EDIINT features defined in AS2 version 1.2. The following features are supported:
- multiple-attachments
- AS2-Reliability
New Workflow activities to support multiple attachments in AS2 messages:
New types:
- IAS2Payload makes it possible to associate one or several attachments with an IAS2Message.
- AS2EDIINTFeatures supports specifying what AS2 EDIINT features are available.
Coordinated Universal Time (UTC)
All dates and times in an iCore system are now stored as UTC (Coordinated Universal Time). To handle the conversion, an iCore system time zone is defined for each iCore system. The iCore System time zone needs to be specified both when upgrading existing systems, as well as creating new ones.
- When you upgrade an iCore system, all dates and times in iCore entities (except tracking entities) are converted from the selected iCore System time zone to UTC. For more information, see Backwards compatibility for iCIS v4 updates.
For more information see Working with dates and times.
iCore Database
iCore Database Isolation now uses Read Committed Snapshot Isolation (RCSI), with the purpose to reduce deadlocks and blocking scenarios that can occur in Components during runtime. Note that using RCSI will also lead to increased database storage requirements.
See also Backwards compatibility for iCIS v4 updates.
Deprecated and removed tools
iCore Port Monitor
The iCore Port Monitor is no longer included in the iCIS installation, but is available as a separate install file. If you need access to iCore Port Monitor, contact us (support@icore.se). Documentation about Port monitor has also been removed from this help file.
iCore API Web Service
The iCore API Web Service feature has been removed and is no longer available.
CheckRefs
CheckRefs is now deprecated and will be removed in future versions of iCIS. We recommend that you use the Test-iCoreEntityReferences PowerShell cmdlet instead.
Administrator
The legacy Administrator tool is no longer available. Use the web-based Administrator instead.
iCoreTrig.exe
The iCoreTrig.exe application is now deprecated and will be removed in future versions of iCIS.
Build Component tool
The Build Component tool is now deprecated and will be removed in future versions of iCIS. We recommend that you use Build PowerShell cmdlets instead.
Run Component command line tool
The Run Component command line tool is now deprecated and will be removed in future versions of iCIS. We recommend that you use the Run Component tool instead.