Upgrade instructions versions 7.x
7.2.1 to 7.2.2
The default value of ANSI_PADDING for MS SQL database is changed to ON. See MS SQL documentation for further details.
- When using automatic migrations (
TOKEN_SERVER_COMMON_DB_MIGRATION_ENABLED=true) make sure
TOKEN_SERVER_COMMON_DB_MIGRATION_OUT_OF_ORDERis set to
Run all database scripts
- V2_02_17_01__fix_ansi_padding.sql (MS SQL only)
7.1.0 to 7.2.0
- Some objects that are stored in cache have been modified. To ensure consistency, it is advised to restart Redis during the upgrade process.
Run all database scripts
- V5_08_01_00__drop_unique_constraint_on_user_id_for_user_client_keys.sql (Oracle and MSSQL only)
Update package names for custom Token Server plugins
com.onegini.tokenserver.oauth.model.EventType has been moved to
com.onegini.tokenserver.core.model.log.EventType. You may need to update
any Token Server plugins that import
7.0.0 to 7.1.0
SAML Service Provider configuration
The Signing credentials and Keystore password must be configured via the admin console when using SAML. Populate these fields via the SAML Service provider section in the Admin console.
Update Thymleaf templates
6.x.x to 7.0.0
A few major changes have been made to the Token Server:
- The cache mechanism has changed from EHCache to Redis. The Token Server no longer uses JGroups for cache replication in a clustered environment.
- The Token Server does not use etcd as configuration / discovery service anymore
Adapt Docker Compose variables
Remove the following variables:
Adapt Environment variables
Remove the following environment variables:
In order to run the Token Server you must have Redis configured and running. See the Redis configuration chapter for more info.
Support for Token Server extensions via etcd is dropped
Since etcd is no longer used as configuration service, the support for Token Server extensions via etcd is also dropped. You can still add extensions to the
Token Server via a Docker volume mount. The volume must be mounted to the
/opt/token-server/engine/lib/ folder inside the Docker container. You can place any jar files that you wish to add to the Token Server classpath in this folder.
Migration for SQL Server
There is one column that could not automatically be dropped with the migration scripts due to an automatically generated default constraint name. You can run the SQL below to properly remove the constraint and the column.
--dynamically find the constraint name for CLIENT_CONFIGS.FIDO_ENABLED' Column and drop it. DECLARE @var0 nvarchar(128) SELECT @var0 = name FROM sys.default_constraints WHERE parent_object_id = object_id(N'dbo.CLIENT_CONFIGS') AND col_name(parent_object_id, parent_column_id) = 'FIDO_ENABLED'; IF @var0 IS NOT NULL EXECUTE('ALTER TABLE [dbo].[CLIENT_CONFIGS] DROP CONSTRAINT [' + @var0 + ']'); ALTER TABLE [dbo].CLIENT_CONFIGS DROP COLUMN [FIDO_ENABLED];
Admin authentication with multiple LDAP servers
The character to separate multiple LDAP server URLs in the property
TOKEN_SERVER_ADMIN_LDAP_SERVER_URLS has changed from space to comma.