Upgrade instructions versions 3.x
2.5.x to 3.0.0
Property changes
The credential configuration for token validation and the payload encryption policy have been replaced with a single set of credential properties.
The following properties have been replaced:
Old property name | New property name |
---|---|
SECURITY_PROXY_ENGINE_ENCRYPTION_POLICY_USERNAME | SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_ID |
SECURITY_PROXY_ENGINE_ENCRYPTION_POLICY_PASSWORD | SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_SECRET |
SECURITY_PROXY_TOKEN_VALIDATION_SERVICE_CLIENT_ID | SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_ID |
SECURITY_PROXY_TOKEN_VALIDATION_SERVICE_CLIENT_SECRET | SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_SECRET |
Embedded Resource gateway migration
If you are using The embedded resource gateway functionality you must update your Token Server configuration and Request mapper implementation.
Token Server configuration
Since version 3.0.0 of the Security Proxy it uses the Token introspection API of the Token Server to validate an access
token. You must update your Token Server configuration to ensure the Security Proxy can still validate access tokens. The Token Server documentation describes
how to configure an API client as resource server. Since you probably already have an API client configured for the
payload encryption policy you only need to add Token introspection
as one of the allowed Token Server API's to the existing API client that was previously
only used to fetch the payload encryption policy.
Request mapper implementation
A request mapper implementation is used to map an access token into something
that your back-end understands. Since the Security Proxy now uses the Token Introspection API of the Token Server to get all information about an access token
the response containing the Access token metadata give to your request mapper implementation is also changed. The token_validation_result
implementation
returns the sub
property instead of the reference_id
which contains the user id.