Upgrade instructions 5.x

5.0.1

Features

New configurable callback property has been moved to appropriate section in Admin panel.

Changes in API

API responsible for verifying if person is coupled used wrong error code 1027 which has been replaced with 1030.

Persons partitioning

For customers, who have a large databases, a migration will be performed that potentially takes a while to complete. The migrations recreate indexes for the following tables: usernames, failed_password_logins, phone_numbers, custom_attributes. In order to avoid timeout errors during the migration:

  • for MySQL please execute set global wait_timeout=28800 before running the migration;
  • for Oracle please run the Onegini IDP with the JAVA_OPTS environment variable that contains the value -Doracle.net.keepAlive=true (it prevents breaking off TCP connections in an environment with firewalls).

5.0.0

New required properties

2 new required properties have been added for the SAML assertion encryption feature. Please define the following properties in the extension configuration.

 - IDP_SAML_ENCRYPTION_CERTIFICATE=<ENCRYPTION_CERTIFICATE>
 - IDP_SAML_ENCRYPTION_PRIVATEKEY=<ENCRYPTION_PRIVATE_KEY>

Note: For security reasons it is strongly advised to use a separate key for SAML signing and encryption.

Google IdP configuration changes

We are moving to new Google API endpoints. Because of that Google IdP requires additional configuration after update. Additional required field is scope. To get all the person related data this field must be configured with value https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/user.addresses.read https://www.googleapis.com/auth/user.birthday.read https://www.googleapis.com/auth/user.phonenumbers.read

For information related to mapping attributes please see the topic guide Configuring Google IdP

Removed keystore password configuration property

The IDP_SAML_KEYSTORE_PASSWORD configuration property is no longer required by the Onegini IDP. Please remove it from your configuration.