Upgrade instructions versions 7.x

7.2.1 to 7.2.2

The default value of ANSI_PADDING for MS SQL database is changed to ON. See MS SQL documentation for further details.

General Instructions

  • When using automatic migrations (TOKEN_SERVER_COMMON_DB_MIGRATION_ENABLED=true) make sure TOKEN_SERVER_COMMON_DB_MIGRATION_OUT_OF_ORDER is set to true to ensure V2_02_17_01__fix_ansi_padding.sql is applied.

Run all database scripts

  • V2_02_17_01__fix_ansi_padding.sql (MS SQL only)

7.1.0 to 7.2.0

General Instructions

  • Some objects that are stored in cache have been modified. To ensure consistency, it is advised to restart Redis during the upgrade process.

Run all database scripts

  • V5_08_01_00__drop_unique_constraint_on_user_id_for_user_client_keys.sql (Oracle and MSSQL only)

Update package names for custom Token Server plugins

The interface com.onegini.tokenserver.oauth.model.EventType has been moved to com.onegini.tokenserver.core.model.log.EventType. You may need to update any Token Server plugins that import com.onegini.tokenserver.oauth.model.EventType.

7.0.0 to 7.1.0

SAML Service Provider configuration

The Signing credentials and Keystore password must be configured via the admin console when using SAML. Populate these fields via the SAML Service provider section in the Admin console.

Update Thymleaf templates

  • consent.html
  • sms-step-up.html

6.x.x to 7.0.0

A few major changes have been made to the Token Server:

  • The cache mechanism has changed from EHCache to Redis. The Token Server no longer uses JGroups for cache replication in a clustered environment.
  • The Token Server does not use etcd as configuration / discovery service anymore

Adapt Docker Compose variables

Remove the following variables:

  • TOKEN_SERVER_ENGINE_CLUSTER_OPERATIONAL_MODE
  • TOKEN_SERVER_DISCOVERY_BACKEND
  • TOKEN_SERVER_PROVISIONING_ENABLED

Adapt Environment variables

Remove the following environment variables:

  • HOST_IP
  • HOSTNAME
  • JGROUPS_REPLICATION_PORT
  • JGROUPS_FAILURE_DETECTION_PORT

Install Redis

In order to run the Token Server you must have Redis configured and running. See the Redis configuration chapter for more info.

Support for Token Server extensions via etcd is dropped

Since etcd is no longer used as configuration service, the support for Token Server extensions via etcd is also dropped. You can still add extensions to the Token Server via a Docker volume mount. The volume must be mounted to the /opt/token-server/engine/lib/ folder inside the Docker container. You can place any jar files that you wish to add to the Token Server classpath in this folder.

Migration for SQL Server

There is one column that could not automatically be dropped with the migration scripts due to an automatically generated default constraint name. You can run the SQL below to properly remove the constraint and the column.

--dynamically find the constraint name for CLIENT_CONFIGS.FIDO_ENABLED' Column and drop it.
DECLARE @var0 nvarchar(128)
SELECT @var0 = name
FROM sys.default_constraints
WHERE parent_object_id = object_id(N'dbo.CLIENT_CONFIGS')
      AND col_name(parent_object_id, parent_column_id) = 'FIDO_ENABLED';
IF @var0 IS NOT NULL
  EXECUTE('ALTER TABLE [dbo].[CLIENT_CONFIGS] DROP CONSTRAINT [' + @var0 + ']');

 ALTER TABLE [dbo].CLIENT_CONFIGS DROP COLUMN [FIDO_ENABLED];

Admin authentication with multiple LDAP servers

The character to separate multiple LDAP server URLs in the property TOKEN_SERVER_ADMIN_LDAP_SERVER_URLS has changed from space to comma.