Release notes old versions

3.16 to 3.17

Run all database scripts

  • V3_17_00_00__add_fido_authenticators.sql
  • V3_17_02_00__make_client_pk_non_clustered.sql (only MSSQL)
  • V3_17_03_00__make_auth_prop_fallback_nullable.sql (only MSSQL)

3.15 to 3.16

Run all database scripts

  • V3_16_00_00__add_callback_uri_config.sql

3.14 to 3.15

Changed environment variables

In version 3.15 The embedded ldap server is removed. So the environmental variables for ldap are not needed anymore. Also the way to configure etcd is changed.

New environment variables

  • CONFIG_BACKEND
  • CONFIG_PREFIX

Removed environment variables

  • TOKENSERVER_LDAP_ENABLED
  • ETCD_PORT
  • ETCD_HOST
  • ETCD_URI
  • ETCD_PREFIX

Environment variable that became mandatory

  • TOKENSERVER_ENGINE_ENABLED
  • TOKENSERVER_CLIENT_ENABLED
  • TOKENSERVER_ADMIN_ENABLED

Run all database scripts

  • V3_15_00_00__add_statistics.sql
  • V3_15_00_01__migrate_idp_attributes_to_separate_table.sql
  • V3_15_00_02__add_fido_enable_column.sql
  • V3_15_00_03__add_secret_to_identity_providers.sql

Changed mandatory etcd parameters

Move

  • /token-server/admin/general/app-config/token-server-engine/base-uri to /token-server/common/engine-base-uri

Remove

  • /token-server/engine/authentication/onegini

3.13 to 3.14

End user api upgrade

In version 3.14 a new version of the device api was introduced. It is mandatory to use this api version when using the multiple profiles feature.

3.12 to 3.13

Run all database scripts

  • V3_13_00_00__add_profile_id_to_access_tokens.sql
  • V3_13_00_01__add_token_attempt_failure_count.sql
  • V3_13_00_02__make_name_field_in_pin_policy_longer.sql (only MSSQL)
  • V3_13_00_03__remove_push_token_unique.sql
  • V3_13_00_04__add_profile_id_to_application_instance.sql

New mandatory etcd parameters

  • /token-server/client/client/profileId
  • /token-server/client/client/testUserId

3.11 to 3.12

Run all database scripts (only MSSQL)

  • V3_12_01_00__certificates_uniqueidentifier.sql
  • V3_12_01_01__events_uniqueidentifier.sql
  • V3_12_01_02__access_grant_uniqueidentifier.sql
  • V3_12_01_03__access_tokens_uniqueidentifier.sql
  • V3_12_01_04__application_instances_uniqueidentifier.sql
  • V3_12_01_05__auth_properties_uniqueidentifier.sql
  • V3_12_01_06__auth_property_messages_uniqueidentifier.sql
  • V3_12_01_07__client_config_uniqueidentifier.sql
  • V3_12_01_08__mobile_platform_version_uniqueidentifier.sql
  • V3_12_01_09__pin_policy_uniqueidentifier.sql
  • V3_12_01_10__clients_uniqueidentifier.sql
  • V3_12_01_11__mobile_platforms_uniqueidentifier.sql
  • V3_12_01_12__identity_providers_uniqueidentifier.sql
  • V3_12_01_13__idp_attribute_mapping_uniqueidentifier.sql
  • V3_12_01_14__consents_uniqueidentifier.sql
  • V3_12_01_15__add_missing_indices.sql
  • V3_12_01_16__remove_idp_entity_id_unique_index.sql

New mandatory etcd parameters

  • /token-server/client/dynamic/register/os/version
  • /token-server/client/dynamic/register/client/architecture

3.09 to 3.10

Run all database scripts

  • V3_10_00_00__add_pin_retry_counter.sql

3.08 to 3.09

Run all database scripts

  • V3_09_00_00__certificates.sql
  • V3_09_00_01__add_public_base_uri_to_client_config.sql
  • V3_09_00_02__add_certificates_to_client_config.sql
  • V3_09_00_03__add_client_resource_gateway.sql

3.07 to 3.08

Run all database scripts

  • V3_08_00_00__add_non_persistent_scope_type.sql
  • V3_08_00_01__add_api_version_to_oauth_client.sql
  • V3_08_00_02__add_apns_environment.sql
  • V3_08_00_03__remove_unused_auth_props.sql

Adapt config params in ETCD:

New:

  • /token-server/engine/header-auth/parameters/white-list
  • /token-server/common/app-config/apns/production/host
  • /token-server/common/app-config/apns/production/port
  • /token-server/common/app-config/apns/sandbox/host
  • /token-server/common/app-config/apns/sandbox/port
  • /token-server/common/app-config/apns-feedback/production/host
  • /token-server/common/app-config/apns-feedback/production/port
  • /token-server/common/app-config/apns-feedback/sandbox/host
  • /token-server/common/app-config/apns-feedback/sandbox/port

Removed:

  • /token-server/engine/mobile-authentication/pgp/disabled-boolean

3.06 to 3.07

Run all database scripts

  • V3_07_00_00__add_type_to_access_tokens.sql
  • V3_07_00_01__add_index_on_access_tokens_for_type.sql

3.05 to 3.06

There are no specific actions necessary to upgrade from version 3.05 to 3.06.

3.04 to 3.05

Run all database scripts

  • V3_05_00_01__add_mobile_platforms.sql
  • V3_05_00_02__add_development_mode_to_client_config.sql
  • V3_05_00_03__platform_version_add_payload_encryption_flag.sql

3.03 to 3.04

Run all database scripts

  • V3_03_03_00__added_architecture_to_clients.sql

3.02 to 3.03

Automatic schema migrations

  • If you want to use the automatic flyway database schema migrations the database schema needs to be up-to-date (schema version: 3.02.00.01) before you start the 3.03.xx version of the TS.
  • If you do not want to use the automatic schema migrations you need to disable this option. Please have a look at the database paragraph in the Token Server configuration section.

Change templates

  • New template two-way-otp-cancel.html
  • The two-way-otp-dead-end.html page has an extra parameter ${redirectUri} which can be used to send the client back to the app.
<a th:href="${redirectUri}" href="about:blank"><p th:text="#{twoWayOtp.deadEnd.body}">
     _Your authentication session timed out. Please return to the APP to authenticate again.
</p></a>

Run all database scripts

  • V3_03_00_00__added_wns_properties_to_mobile_platform_versions.sql

3.00 to 3.02

Change endpoints in use

  • If you are using the client validation endpoint /validation/client you should now switch to /client/validate
  • Add X-Onegini-App-.. headers to the request

Change templates

  • All templates named authorization_complete.html should now be named authorization-complete.html

Change properties

A new property is introduced for retrieving data from Elasticsearch. Add the base URI of Elasticsearch to the etcd configuration:

curl 'http://127.0.0.1:4001/v2/keys/token-server/admin/managementinfo/data-server/base-uri' -XPUT -d value=http://localhost:9200

Run all database scripts

  • V3_02_00_00__platform_version_force_upgrade_support.sql
  • V3_02_00_01__platform_version_add_tampering_protection_flag.sql

2.04.05 to 3.00

Change properties

Move all properties to etcd. Onegini will help you with that migration.

Run database scripts

  • V3_00_00_00__added_additional_authenticator_type.sql

2.04.04 to 2.04.05

Run:

  • V2_04_04_05__add_complete_page_disabled_to_client_config.sql

2.03.x to 2.04.04

Run database scripts

Run the following database scripts in the given order

  • V2_04_00_00__renamed_meta_data_uri_in_identity_providers.sql
  • V2_04_00_01__add_metadata_to_identity_providers.sql
  • V2_04_00_02__add_pin_policies.sql
  • V2_04_00_03__add_fingerprint_to_client.sql
  • V2_04_00_04__openid_scope_to_scopes.sql
  • V2_04_03_00__added_openid_attribute_mapping.sql
  • V2_04_03_01__inserted_openid_user_info_scopes.sql
  • V2_04_03_02__added_signature_and_encryption_to_client_config.sql
  • V2_04_04_00__added_push_server_endpoint.sql
  • V2_04_04_02__added_expiration_to_openid_client_config.sql
  • V2_04_04_03__added_public_private_key_column_to_open_id_config.sql
  • V2_04_04_04__added_on_delete_cascade_to_application_related_constraints.sql