Upgrade instructions 5.x

NEXT VERSION

LinkedIn API update

LinkedIn API has been updated to version 2 which means that applications created before January 14, 2019 may not work. Because of that please update LinkedIn application configuration if needed.

Quote from LinkedIn page:

All developer applications created on the LinkedIn Developer Portal after January 14, 2019 have access to the LinkedIn v2 API by default. 
Alternatively, if your developer application has made a successful LinkedIn v1 API request from September 1, 2018 to December 17, 2018, your developer 
application has immediate access to the v2 API.

Google Authentication API update

As Google is turning off Google Plus authentication, identity provider OAuth scope attributes for Google authentication have been renamed: plus.login is now profile

5.0.1

Features

New configurable callback property has been moved to appropriate section in Admin panel.

Changes in API

API responsible for verifying if person is coupled used wrong error code 1027 which has been replaced with 1030.

Persons partitioning

For customers, who have a large databases, a migration will be performed that potentially takes a while to complete. The migrations recreate indexes for the following tables: usernames, failed_password_logins, phone_numbers, custom_attributes. In order to avoid timeout errors during the migration:

  • for MySQL please execute set global wait_timeout=28800 before running the migration;
  • for Oracle please run the Onegini IDP with the JAVA_OPTS environment variable that contains the value -Doracle.net.keepAlive=true (it prevents breaking off TCP connections in an environment with firewalls).

5.0.0

New required properties

2 new required properties have been added for the SAML assertion encryption feature. Please define the following properties in the extension configuration.

 - IDP_SAML_ENCRYPTION_CERTIFICATE=<ENCRYPTION_CERTIFICATE>
 - IDP_SAML_ENCRYPTION_PRIVATEKEY=<ENCRYPTION_PRIVATE_KEY>

Note: For security reasons it is strongly advised to use a separate key for SAML signing and encryption.

Google IdP configuration changes

We are moving to new Google API endpoints. Because of that Google IdP requires additional configuration after update. Additional required field is scope. To get all the person related data this field must be configured with value https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/user.addresses.read https://www.googleapis.com/auth/user.birthday.read https://www.googleapis.com/auth/user.phonenumbers.read

For information related to mapping attributes please see the topic guide Configuring Google IdP

Removed keystore password configuration property

The IDP_SAML_KEYSTORE_PASSWORD configuration property is no longer required by the Onegini IDP. Please remove it from your configuration.