Upgrade Instructions 2.x¶

2.18.1¶

X-Frame-Options header control¶

The ONEGINI_IDP_CCC_ENABLE_IFRAME configuration property has been replaced with ONEGINI_IDP_CCC_X_FRAME_OPTIONS which accepts the following options DENY ( default), SAMEORIGIN or NONE instead.

2.16.0¶

Device verification¶

The new property TOKEN_SERVER_DEVICE_VERIFICATION_APP_URL_FOR_CALLBACK needs to be specified if device management feature is enabled in order to build callback URL, which is sent to the Token Server. It must be UMA base URL that is accessible from the Token Server. The old property (APPLICATION_URL) used for creating a callback URL should not be used anymore.

2.13.0¶

Resend verification email and Decouple actions¶

This version of Onegini Customer Service introduces new actions for the user: Resend verification email and Decouple external identity provider from a person. It is required to use at least 7.22.0 version of the Onegini CIM to make it work correctly.

2.12.0¶

Device API¶

This version of Onegini Customer Service uses Device API v4 of the Onegini Token Server which has been introduced in Onegini Token Server version 12.5.0. If you are unable to install this version of the Onegini Token Server, set the environment variable TOKEN_SERVER_API_DEVICE_API_VERSION=v3.

2.8.0¶

API¶

Due to a changes in core, it's necessary to update environment variables for API authorisation. Currently, we're heading towards solution of one set of credentials for all endpoints. To achieve that new pair has to be configured:

IDP_API_SECURITY_USERNAME   
IDP_API_SECURITY_PASSWORD  
IDP_CREDENTIALSAPI_SECURITY_USERNAME
IDP_CREDENTIALSAPI_SECURITY_PASSWORD

2.5.0¶

Configuration API¶

Due to a bug in Onegini Customer Service 2.4.0, the properties for providing the Configuration API credentials were not in line with the documentation. If you're upgrading from 2.4.0 make sure you are using the correct environment properties:

Onegini Customer Service version 2.4.0	Onegini Customer Service version 2.5.0 and above
`ONEGINI_IDP_CCC_IDP_CONFIGURATIONAPI_USERNAME`	`ONEGINI_IDP_CCC_IDP_CONFIGURATION_API_USERNAME`
`ONEGINI_IDP_CCC_IDP_CONFIGURATIONAPI_PASSWORD`	`ONEGINI_IDP_CCC_IDP_CONFIGURATION_API_PASSWORD`

2.4.0¶

Events API usage¶

Because of changes in usage of events API, the latest Onegini Customer Service requires Onegini CIM 6.0.0 (or newer) to work.

Device Management¶

From this version it is possible to manage devices of a user. Configure the connection to Onegini Token Server to use this functionality.

Spring Boot update¶

Because of an update in Spring Boot, we had to update all properties which were not in kebab-case, i.e.

oneginiIdpCcc.idp.protocol=http
oneginiIdpCcc.idp.host=idp-core.dev.onegini.me
oneginiIdpCcc.port=8081

are now:

onegini-idp-ccc.idp.protocol=http
onegini-idp-ccc.idp.host=idp-core.dev.onegini.me
onegini-idp-ccc.idp.port=8081

because of that also environment variables have to be updated from:

    - SECURITY_USER_NAME=user
    - SECURITY_USER_PASSWORD=password
      ...
    - ONEGINIIDPCCC_IDP_PERSONAPI_USERNAME=api_username
    - ONEGINIIDPCCC_IDP_PERSONAPI_PASSWORD=api_password

to:

    - SPRING_SECURITY_USER_NAME=user
    - SPRING_SECURITY_USER_PASSWORD=password
      ...
    - ONEGINI_IDP_CCC_IDP_PERSON_API_USERNAME=api_username
    - ONEGINI_IDP_CCC_IDP_PERSON_API_PASSWORD=api_password

Properties related with security have to be prefixed with "spring", example:

spring.security.user.name=user
spring.security.user.password=password
spring.security.user.roles[0]=USERS_ALL
spring.security.user.roles[1]=AGENTS_READ
spring.security.user.roles[2]=STATISTICS_READ

Property security.enable-csrf has been renamed to onegini-idp-ccc.enable-csrf

For all the changes please see updates in appropriate section in Configuration documentation.

2.0.0¶

If you wish to see profile information your extension must provide additional configuration

Those extension points must be implemented

com.onegini.sdk.extension.ccc.ModulesConfigExtension
com.onegini.sdk.extension.ccc.PersonDetailsExtension
com.onegini.sdk.extension.ccc.PersonSearchExtension

In addition, special messages file must be created under ccc-resources/messages/messages.properties

There is a list of required properties to be passed

ccc.modules.person.defaultSearchKey=urn #default search key for users

#list of possible search keys for users
ccc.modules.person.searchKeys[0].attributeName=naam
ccc.modules.person.searchKeys[0].labelMessageCode=sk_label_message_code_01
ccc.modules.person.searchKeys[1].attributeName=geboortedatum
ccc.modules.person.searchKeys[1].labelMessageCode=sk_label_message_code_11
ccc.modules.person.searchKeys[2].attributeName=urn
ccc.modules.person.searchKeys[2].labelMessageCode=sk_label_message_code_01
ccc.modules.person.searchKeys[3].attributeName=reset_password_date
ccc.modules.person.searchKeys[3].labelMessageCode=sk_label_message_code_11
ccc.modules.person.searchKeys[4].attributeName=agreed_to_terms
ccc.modules.person.searchKeys[4].labelMessageCode=sk_label_message_code_11

#list of possible extended search keys for users
ccc.modules.person.extendedSearchConfig.emailSearch=true
ccc.modules.person.extendedSearchConfig.phoneSearch=true
ccc.modules.person.extendedSearchConfig.customAttributeSearch=true

#list of possible profile attributes from CIM to be displayed and their labels
ccc.modules.person.cim.detailProfileAttributes[0].attributeName=PREFERRED_LOCALE
ccc.modules.person.cim.detailProfileAttributes[1].attributeName=PHONE_NUMBERS
ccc.modules.person.cim.detailProfileAttributes[2].attributeName=ResetPasswordDate
ccc.modules.person.cim.detailProfileAttributes[3].attributeName=EMAIL_ADDRESSES
ccc.modules.person.cim.detailProfileAttributes[4].attributeName=AkkoordMetVoorwaarden
ccc.modules.person.cim.detailProfileAttributes[5].attributeName=DISPLAY_NAME
ccc.modules.person.cim.detailProfileAttributes[6].attributeName=Urn
ccc.modules.person.cim.detailProfileAttributes[7].attributeName=ID

Configuration of SAML authorities has changed

The prefix has been changed from oneginiIdpCcc.saml. to saml.sp.. Authorities' names has been renamed to underscore case. The following properties has been renamed:

oneginiIdpCcc.saml.authorities.fullAccessGranted -> saml.sp.fullAccessGranted
oneginiIdpCcc.saml.authorities.attributeName -> saml.sp.attributeName

Example of the old configuration:

oneginiIdpCcc.saml.authorities.fullAccessGranted=false
oneginiIdpCcc.saml.authorities.attributeName=urn:oid:1.3.6.1.4.1.5923.1.5.1.1
oneginiIdpCcc.saml.authorities.usersAll[0]=CustomerSupport
oneginiIdpCcc.saml.authorities.usersAll[1]=Supervisor
oneginiIdpCcc.saml.authorities.usersAll[2]=SysAdmin
oneginiIdpCcc.saml.authorities.agentsRead[0]=Supervisor
oneginiIdpCcc.saml.authorities.agentsRead[1]=SysAdmin
oneginiIdpCcc.saml.authorities.statisticsRead[0]=SysAdmin
oneginiIdpCcc.saml.idpMetadata.base64=
oneginiIdpCcc.saml.idpMetadata.file=/path/to/metadata.xml

Corresponding example of the new configuration:

saml.sp.fullAccessGranted=false
saml.sp.attributeName=urn:oid:1.3.6.1.4.1.5923.1.5.1.1
saml.sp.authorities.USERS_ALL[0]=CustomerSupport
saml.sp.authorities.USERS_ALL[1]=Supervisor
saml.sp.authorities.USERS_ALL[2]=SysAdmin
saml.sp.authorities.AGENTS_READ[0]=Supervisor
saml.sp.authorities.AGENTS_READ[1]=SysAdmin
saml.sp.authorities.STATISTICS_READ[0]=SysAdmin
saml.sp.idpMetadata.base64=
saml.sp.idpMetadata.file=/path/to/metadata.xml