Upgrade instructions 5.x
5.0.1
Features
New configurable callback property has been moved to appropriate section in Admin panel.
Changes in API
API responsible for verifying if person is coupled used wrong error code 1027
which has been replaced with 1030
.
Persons partitioning
For customers, who have a large databases, a migration will be performed that potentially takes a while to complete.
The migrations recreate indexes for the following tables: usernames
, failed_password_logins
, phone_numbers
, custom_attributes
.
In order to avoid timeout errors during the migration:
- for MySQL please execute
set global wait_timeout=28800
before running the migration; - for Oracle please run the Onegini IDP with the
JAVA_OPTS
environment variable that contains the value-Doracle.net.keepAlive=true
(it prevents breaking off TCP connections in an environment with firewalls).
5.0.0
New required properties
2 new required properties have been added for the SAML assertion encryption feature. Please define the following properties in the extension configuration.
- IDP_SAML_ENCRYPTION_CERTIFICATE=<ENCRYPTION_CERTIFICATE>
- IDP_SAML_ENCRYPTION_PRIVATEKEY=<ENCRYPTION_PRIVATE_KEY>
Note: For security reasons it is strongly advised to use a separate key for SAML signing and encryption.
Google IdP configuration changes
We are moving to new Google API endpoints. Because of that Google IdP requires additional configuration after update.
Additional required field is scope
. To get all the person related data this field must be configured with value https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/user.addresses.read https://www.googleapis.com/auth/user.birthday.read https://www.googleapis.com/auth/user.phonenumbers.read
For information related to mapping attributes please see the topic guide Configuring Google IdP
Removed keystore password configuration property
The IDP_SAML_KEYSTORE_PASSWORD
configuration property is no longer required by the Onegini IDP. Please remove it from your configuration.