Upgrade Instructions 2.x

2.8.0

API

Due to a changes in core it's necessery to update environment variables for API authorisation. Currently we're heading towards solution of one set of credentials for all endpoints. To achieve that new pair has to be configured: IDP_API_SECURITY_USERNAME
IDP_API_SECURITY_PASSWORD
IDP_CREDENTIALSAPI_SECURITY_USERNAME IDP_CREDENTIALSAPI_SECURITY_PASSWORD

2.5.0

Configuration API

Due to the bug in UMA 2.4.0 the properties for providing the Configuration API credentials were not in line with the documentation. If you're upgrading from 2.4.0 make sure you are using the correct environment properties:

UMA ver. 2.4.0 UMA ver. >2.4.0
ONEGINI_IDP_CCC_IDP_CONFIGURATIONAPI_USERNAME ONEGINI_IDP_CCC_IDP_CONFIGURATION_API_USERNAME
ONEGINI_IDP_CCC_IDP_CONFIGURATIONAPI_PASSWORD ONEGINI_IDP_CCC_IDP_CONFIGURATION_API_PASSWORD

2.4.0

Events API usage

Because of changes in usage of events API, latest UMA requires IDP 6.0.0 (or newer) to work.

Device Management

From this version it is possible to manage devices of a user. Configure the connection to Onegini Token Server to use this functionality.

Spring Boot update

Because of SB update we had to update all properties which were not in kebab-case. ie.

oneginiIdpCcc.idp.protocol=http
oneginiIdpCcc.idp.host=idp-core.dev.onegini.me
oneginiIdpCcc.port=8081

are now:

onegini-idp-ccc.idp.protocol=http
onegini-idp-ccc.idp.host=idp-core.dev.onegini.me
onegini-idp-ccc.idp.port=8081

because of that also environment variables have to be updated from:

    - SECURITY_USER_NAME=user
    - SECURITY_USER_PASSWORD=password
    ...
    - ONEGINIIDPCCC_IDP_PERSONAPI_USERNAME=api_username
    - ONEGINIIDPCCC_IDP_PERSONAPI_PASSWORD=api_password

to:

    - SPRING_SECURITY_USER_NAME=user
    - SPRING_SECURITY_USER_PASSWORD=password
    ...
    - ONEGINI_IDP_CCC_IDP_PERSON_API_USERNAME=api_username
    - ONEGINI_IDP_CCC_IDP_PERSON_API_PASSWORD=api_password

Properties related with security have to be prefixed with "spring", example:

spring.security.user.name=user
spring.security.user.password=password
spring.security.user.roles[0]=USERS_ALL
spring.security.user.roles[1]=AGENTS_READ
spring.security.user.roles[2]=STATISTICS_READ

Property security.enable-csrf has been renamed to onegini-idp-ccc.enable-csrf

For all the changes please see updates in appropriate section in Configuration documentation.

2.0.0

If you wish to see profile information your extension must provide additional configuration

Those extension points must be implemented

com.onegini.sdk.extension.ccc.ModulesConfigExtension
com.onegini.sdk.extension.ccc.PersonDetailsExtension
com.onegini.sdk.extension.ccc.PersonSearchExtension

In addition, special messages file must be created under ccc-resources/messages/messages.properties

There is a list of required properties to be passed

ccc.modules.person.defaultSearchKey=urn #default search key for users

#list of possible search keys for users
ccc.modules.person.searchKeys[0].attributeName=naam 
ccc.modules.person.searchKeys[0].labelMessageCode=sk_label_message_code_01
ccc.modules.person.searchKeys[1].attributeName=geboortedatum
ccc.modules.person.searchKeys[1].labelMessageCode=sk_label_message_code_11
ccc.modules.person.searchKeys[2].attributeName=urn
ccc.modules.person.searchKeys[2].labelMessageCode=sk_label_message_code_01
ccc.modules.person.searchKeys[3].attributeName=reset_password_date
ccc.modules.person.searchKeys[3].labelMessageCode=sk_label_message_code_11
ccc.modules.person.searchKeys[4].attributeName=agreed_to_terms
ccc.modules.person.searchKeys[4].labelMessageCode=sk_label_message_code_11

#list of possible extended search keys for users
ccc.modules.person.extendedSearchConfig.emailSearch=true
ccc.modules.person.extendedSearchConfig.phoneSearch=true
ccc.modules.person.extendedSearchConfig.customAttributeSearch=true

#list of possible profile attributes from CIM to be displayed and their labels
ccc.modules.person.cim.detailProfileAttributes[0].attributeName=PREFERRED_LOCALE
ccc.modules.person.cim.detailProfileAttributes[1].attributeName=PHONE_NUMBERS
ccc.modules.person.cim.detailProfileAttributes[2].attributeName=ResetPasswordDate
ccc.modules.person.cim.detailProfileAttributes[3].attributeName=EMAIL_ADDRESSES
ccc.modules.person.cim.detailProfileAttributes[4].attributeName=AkkoordMetVoorwaarden
ccc.modules.person.cim.detailProfileAttributes[5].attributeName=DISPLAY_NAME
ccc.modules.person.cim.detailProfileAttributes[6].attributeName=Urn
ccc.modules.person.cim.detailProfileAttributes[7].attributeName=ID

Configuration of SAML authorities has changed

The prefix has been changed from oneginiIdpCcc.saml. to saml.sp.. Authorities' names has been renamed to underscore case. The following properties has been renamed:

oneginiIdpCcc.saml.authorities.fullAccessGranted -> saml.sp.fullAccessGranted
oneginiIdpCcc.saml.authorities.attributeName -> saml.sp.attributeName

Please consider the following examples. Old configuration example:

oneginiIdpCcc.saml.authorities.fullAccessGranted=false
oneginiIdpCcc.saml.authorities.attributeName=urn:oid:1.3.6.1.4.1.5923.1.5.1.1
oneginiIdpCcc.saml.authorities.usersAll[0]=CustomerSupport
oneginiIdpCcc.saml.authorities.usersAll[1]=Supervisor
oneginiIdpCcc.saml.authorities.usersAll[2]=SysAdmin
oneginiIdpCcc.saml.authorities.agentsRead[0]=Supervisor
oneginiIdpCcc.saml.authorities.agentsRead[1]=SysAdmin
oneginiIdpCcc.saml.authorities.statisticsRead[0]=SysAdmin

oneginiIdpCcc.saml.idpMetadata.base64
oneginiIdpCcc.saml.idpMetadata.file

Corresponding new configuration example:

saml.sp.fullAccessGranted=false
saml.sp.attributeName=urn:oid:1.3.6.1.4.1.5923.1.5.1.1
saml.sp.authorities.USERS_ALL[0]=CustomerSupport
saml.sp.authorities.USERS_ALL[1]=Supervisor
saml.sp.authorities.USERS_ALL[2]=SysAdmin
saml.sp.authorities.AGENTS_READ[0]=Supervisor
saml.sp.authorities.AGENTS_READ[1]=SysAdmin
saml.sp.authorities.STATISTICS_READ[0]=SysAdmin

saml.sp.idpMetadata.base64
saml.sp.idpMetadata.file