Upgrade instructions versions 9.x

9.1.0

Zip archive handling

Zip files are now by default limited to 10MB and/or 100 files. This includes message and template zip files. These limits can be modified via environment properties as described in Zip archive handling.

Run all database scripts

  • V9_01_00_02__add_additional_audiences_client_config.sql
  • V9_01_00_03__add_user_info_source_attribute_to_idp_attribute_mapping.sql

9.0.2

Run all database scripts

Warning: The migration V9_01_00_00__access_token_as_jwt.sql will take some extra time if the access_tokens table is large.

  • V9_00_02_00__mobile_app_events_client_type_column.sql
  • V9_00_02_01__rename_events_mobile_apps_table.sql
  • V9_01_00_00__access_token_as_jwt.sql
  • V9_01_00_01__add_max_simultaneous_sessions_to_clients.sql

9.0.1

Database migration V9_00_00_12__additional_mobile_event_table_columns.sql has been fixed.

8.x.x to 9.0.0

The default value of ANSI_PADDING for Microsoft SQL Server database is changed to ON. See SET ANSI_PADDING documentation for further details.

If you are using Microsoft SQL Server as your database, you should upgrade to 9.0.1.

General Instructions

When using automatic migrations (TOKEN_SERVER_COMMON_DB_MIGRATION_ENABLED=true) make sure TOKEN_SERVER_COMMON_DB_MIGRATION_OUT_OF_ORDER is set to true to ensure that the V2_02_17_01__fix_ansi_padding.sql is applied. This migration is only needed for Microsoft SQL Server.

Run all database scripts

Warning: The migration V9_00_00_01__add_idp_to_tokens.sql will take some extra time if the access_tokens table is large. It adds an idp column which has a foreign key to the identity_providers table.

  • V2_02_17_01__fix_ansi_padding.sql (Microsoft SQL Server only)
  • V8_02_00_00__cleanup_oidc_config.sql
  • V8_02_00_01__add_oidc_signature_shared_secret.sql
  • V8_02_00_02__add_user_info_config.sql
  • V9_00_00_00__create_table_for_additional_aud_oidc.sql
  • V9_00_00_01__add_idp_to_tokens.sql
  • V9_00_00_02__move_some_oidc_config_to_system_level_table.sql
  • V9_00_00_03__add_multiple_redirect_url_client_config.sql
  • V9_00_00_04__add_open_id_redirect_urls.sql
  • V9_00_00_06__add_mobile_app_statistics.sql
  • V9_00_00_07__create_id_token_references_table.sql
  • V9_00_00_08__remove_usage_statistics.sql
  • V9_00_00_09__add_api_admin_scope.sql
  • V9_00_00_10__persist_default_api_scope_statistics_value.sql
  • V9_00_00_11__rename_open_id_keys_to_jwt_keys.sql
  • V9_00_00_12__additional_mobile_event_table_columns.sql

Java database migration

V9_00_00_05__add_multiple_device_support_properties.sql

If you are not using automatic migrations, you will need to reconfigure the Push Enrollment Mode on the Mobile Authentication config tab in the Admin Console.

First execute the following query:

SELECT property_value FROM application_properties WHERE property_name = 'PUSH-AUTH--USER-ENROLLMENT-OVERRIDE-ENABLED';

If the result of this query is true, you should set the configuration as Override allowed. If false, set it as Single device.

After you have fixed the configuration, you can clean up the following properties:

DELETE FROM application_properties WHERE property_name = 'PUSH-AUTH--USER-ENROLLMENT-OVERRIDE-ENABLED';
DELETE FROM application_properties WHERE property_name = 'KEY-ENROLLMENT-UPDATE-ENABLED';

Property Updates

TOKEN_SERVER_ENGINE_MOBILE_AUTHENTICATION_DEPRECATED_API_ENABLED has been removed. The APIs it was covering (Mobile Authentication v1) have been removed.

Mobile Authentication

Mobile Authentication is now possible on multiple devices for the same app. If you wish to take advantage of this new functionality, You should update the Push Enrollment Mode setting in the Mobile Authentication config and also update your use of the APIs to use version 4. If Multiple devices is configured, version 2 and 3 will be disabled.

Statistics become Insights

The Statistics section in the Admin Console as well as the Statistics Engine have been replaced with Onegini Insights. You can shut down running instances of the Statistics Engine and should start installing Onegini Insights. Please consult the Insights configuration to set up your environment.