This documentation is for WSO2 Identity Server 5.6.0. View documentation for the latest release.
Page Comparison - Upgrading from the Previous Release (v.31 vs v.32) - WSO2 Identity Server 5.6.0 - WSO2 Documentation

All docs This doc

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The following instructions guide you through upgrading from WSO2 Identity Server 5.5.0 to WSO2 Identity Server 5.6.0. In this topic, <OLD_IS_HOME> is the directory that Identity Server 5.5.0 resides in and <NEW_IS_HOME> is the directory that Identity Server 5.6.0 resides in.

Tip
titleBefore you begin

This release is a WUM-only release. This means that there are no manual patches. Any further fixes or latest updates for this release can be updated through the WSO2 Update Manager (WUM).

  • If you are upgrading to this version to use this version in your production environment, use the WSO2 Update Manager and get the latest available updates for WSO2 IS 5.6.0. For more information on how to do this, see Updating WSO2 Products.
Info
titleMigrating the embedded LDAP user store

It is not generally recommended to use the embedded LDAP user store that is shipped with WSO2 Identity Server in production setups. However, if migration of the embedded LDAP is required, follow the instructions below to migrate the existing IS 5.5.0 LDAP user store to IS 5.6.0.

  • Copy the <OLD_IS_HOME>/repository/data folder to <NEW_IS_HOME>/repository/data folder.
  • Restart the server to save the changes.

To upgrade the version of WSO2 Identity Server, the user store database should be upgraded. Note that there are no registry schema changes between versions. 

Follow the steps below as needed to complete the migration process.

  1. Download Identity Server 5.6.0 and unzip it in the <NEW_IS_HOME> directory.
  2. Take a backup of the existing database used by Identity Server 5.5.0. This backup is necessary in case the migration causes issues in the existing database.
  3. Make the following database updates as indicated below.
    1. Download the migration resources and unzip it to a local directory. This folder is referred to as <IS5.6.0_MIGRATION_TOOL_HOME>.

    2. Copy the org.wso2.carbon.is.migration-1.x.x.jar and the snakeyaml-1.16.0.wso2v1.jar found in the <IS5.6.0_MIGRATION_TOOL_HOME>/dropins folder, and paste it in the <NEW_IS_HOME>/repository/components/dropins directory. 

    3. Copy migration-resources folder to the <NEW_IS_HOME> root folder. 

    4. Ensure that the following property values are as follows in the migration-config.yaml file found in the <NEW_IS_HOME>/migration-resources folder. 

      Code Block
      migrationEnable: "true"
      
      currentVersion: "5.5.0"
      
      migrateVersion: "5.6.0"
  4. Copy any custom OSGI bundles that were added manually from the <OLD_IS_HOME>/repository/components/dropins folder and paste it in the <NEW_IS_HOME>/repository/components/dropins folder. 
  5. Copy any added JAR files from the <OLD_IS_HOME>/repository/components/lib folder and paste it in the <NEW_IS_HOME>/repository/components/lib folder. 

  6. Copy the .jks files from the <OLD_IS_HOME>/repository/resources/security folder and paste them in <NEW_IS_HOME>/repository/resources/security folder. 

  7. If you have created tenants in the previous WSO2 Identity Server version and if there are any resources in the <OLD_IS_HOME>/repository/tenants directory, copy the content to the <NEW_IS_HOME>/repository/tenants directory.
  8. If you have created secondary user stores in the previous WSO2 IS version, copy the content in the <OLD_IS_HOME>/repository/deployment/server/userstores directory to the <NEW_IS_HOME>/repository/deployment/server/userstores directory.

  9. You can use one of the following approaches to migrate depending on your production evironment. 

    • Migrate by applying custom configurations to 5.6.0

      Panel

      This approach is recommended if:

      • You have done very few configuration changes in your previous version of WSO2 IS. These configuration changes have been tracked and are easy to redo.  

      Steps:

      1. If you have made configuration changes to the config files in your previous version of WSO2 IS, update the files in the <NEW_IS_HOME>/repository/conf folder with your own configurations. 
      2. Proceed to step 10 to run the migration client.
    • Migrate by updating existing configurations with what's new in 5.6.0 

      Panel

      This approach is recommended if:

      • You have done many configuration changes in your previous version of WSO2 IS.
      • These configurations have not been tracked completely and/or are difficult to redo.  

      Steps:

      1. Make a copy of the <OLD_IS_HOME>/repository/conf folder. (Do not change the original configs. You may use it as a backup in case there are any issues)
      2. The table below lists out all the configuration changes from IS 5.5.0 to IS 5.6.0. You can scroll through the table and change the relevant configurations according to the features you are using.

        Tip

        Tip: Scroll left/right to view the entire table below.

        Note: The configuration changes listed below will not affect the existing system because these configurations are applied only at first start up and new tenant creation.
        If you wish to change the configurations for the existing tenants, configure it through the management console user interface.

        Panel
        borderColorblack
        bgColorwhite
        colorwhite
        borderWidth2
        borderStylesolid
        Multiexcerpt
        MultiExcerptNameconfigs
        Expand
        titleConfiguration changes: Click here to view the table..
        Configuration FileChanges
        carbon.xml file stored in the <IS_HOME>/repository/conf folder.

        Change the version property value to 5.6.0.

        Code Block
        <Version>5.6.0</Version>

        Add the following new property within the <cache> tag. Setting this property to true enables local cache invalidation for clustered nodes.

        Code Block
        <ForceLocalCache>false</ForceLocalCache>
        axis2.xml file stored in the <IS_HOME>/repository/conf/axis2 folder.

        Change the following property values to 5.6.0.

        Code Block
        <parameter name="userAgent" locked="true">
                WSO2 Identity Server-5.6.0
        </parameter>
        <parameter name="server" locked="true">
            WSO2 Identity Server-5.6.0
        </parameter>

        application-authentication.xml file stored in the <IS_HOME>/repository/conf/identity folder.

        Add the following new property within the root tag.

        Code Block
        <AuthenticationEndpointMissingClaimsURL>/authenticationendpoint/claims.do</AuthenticationEndpointMissingClaimsURL>
        entitlement.properties file stored in the <IS_HOME>/repository/conf/identity folder.

        Add the following property. Setting this property to true will shorten the SAML JSON response format.

        Code Block
        JSON.Shorten.Form.Enabled=false
        identity.xml file stored in the <IS_HOME>/repository/conf/identity folder.

        Add the following properties within the <JDBCPersistenceManager><SessionDataPersist> tag. These configurations are relevant for cleaning
        temporary authentication context data after each authentication flow.

        Code Block
        <TempDataCleanup>
            <!-- Enabling separated cleanup for temporary authentication context data -->
            <Enable>true</Enable>
            <!-- When PoolZize > 0, temporary data which have no usage after the authentication flow will be deleted immediately
                         When PoolZise = 0, data will be deleted only by the scheduled cleanup task-->
            <PoolSize>20</PoolSize>
            <!-- All temporary authentication context data older than CleanUpTimeout value are considered as expired
                        and would be deleted during cleanup task -->
            <CleanUpTimeout>40</CleanUpTimeout>
        </TempDataCleanup>

        Add the following property within the <OAuth> tag for OAuth key hashing. For more information, see Setting Up OAuth Token Hashing.

        Code Block
        <!-- This should be true if the oauth keys (consumer secret, access token, refresh token and authorization code) need to be hashed,before storing them in the database. If the value is false, the oauth keys will be saved in a plain text format.
        By default : false.
        Supported versions: IS 5.6.0 onwards.
           -->
        <EnableClientSecretHash>false</EnableClientSecretHash>
        Tip

        Tip: Use a fresh server to enable hashing.

        Add the following configurations within the <EventListeners> tag.

        Code Block
        <!-- Audit Loggers -->
        <!-- Old Audit Logger -->
        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
                               name="org.wso2.carbon.user.mgt.listeners.UserMgtAuditLogger"
                               orderId="0" enable="false"/>
        <!-- New Audit Loggers-->
        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
                               name="org.wso2.carbon.user.mgt.listeners.UserManagementAuditLogger"
                               orderId="1" enable="true"/>
        <EventListener type="org.wso2.carbon.user.core.listener.UserManagementErrorEventListener"
                               name="org.wso2.carbon.user.mgt.listeners.UserMgtFailureAuditLogger"
                               orderId="0" enable="true"/>
        Excerpt
        hiddentrue

        Add the following resources within the <ResourceAccessControl> tag to support the User Managed Access (UMA) feature.

        For more information about UMA with WSO2 Identity Server, see User Managed Access - 2.0.

        Code Block
        <Resource context="(.*)/api/identity/oauth2/uma/resourceregistration/v1.0/(.*)" secured="true" http-method="all"/>
        <Resource context="(.*)/api/identity/oauth2/uma/permission/v1.0/(.*)" secured="true" http-method="all"/>

        Add the following properties related to the validitating JWT based on JWKS capability. For more information, see Validating JWT based on JWKS.

        Code Block
        <!-- JWT validator configurations -->
        <JWTValidatorConfigs>
            <Enable>true</Enable>
            <JWKSEndpoint>
                <HTTPConnectionTimeout>1000</HTTPConnectionTimeout>
                <HTTPReadTimeout>1000</HTTPReadTimeout>
                <HTTPSizeLimit>51200</HTTPSizeLimit>
            </JWKSEndpoint>
        </JWTValidatorConfigs>

        If you are using SCIM 1.1, disable the following SCIM 2.0 event listener.

        Code Block
        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
                                name="org.wso2.carbon.identity.scim2.common.listener.SCIMUserOperationListener"
                                orderId="93" enable="false"/>

        If you are using SCIM 2.0, disable the following SCIM 1.1 event listener (this listener is disabled by default in 5.6.0).

        Code Block
        <EventListener type="org.wso2.carbon.user.core.listener.UserOperationEventListener"
                                name="org.wso2.carbon.identity.scim.common.listener.SCIMUserOperationListener"
                                orderId="90" enable="false"/>
        Excerpt
        hiddentrue

        Add the following properties to enable calling external endpoints for conditional authentication.

        Code Block
        <AdaptiveAuth>
            <EventPublisher>
                <receiverURL>http://localhost:8280/</receiverURL>
            </EventPublisher>
            <AsyncSequenceExecutorPoolSize>5</AsyncSequenceExecutorPoolSize>
        </AdaptiveAuth>
        oidc-scope-config.xml file stored in the <IS_HOME>/repository/conf/identity folder.

        Append the values "upn" and "groups" to the comma separated list within the <Scope id="openid"><Claim> element.

        Code Block
        <Claim>
        sub,email,email_verified,name,family_name,given_name,middle_name,nickname,preferred_username,upn,groups,profile,picture,website,gender,birthdate,zoneinfo,locale,updated_at,phone_number,phone_number_verified,address,street_address,country,formatted,postal_code,locality,region
        </Claim>

        These are MP-JWT supported claims. The MP-JWT 1.0 specification has introduced two claims; namely "upn" and "groups", which are mandatory to generate a JWT token that is supported by the MicroProfile JWT authentication framework.

        Excerpt
        hiddentrue

        email-admin-config.xml file stored in the <IS_HOME>/repository/conf/email folder.

        Excerpt
        hiddentrue

        Add the following configuration block, which specifies the unseen device notification template for conditional authentication.

        Code Block
        <configuration type="UnseenDeviceLogin" display="UnseenDeviceLogin" locale="en_US" emailContentType="text/html">
            <subject>WSO2 - Login from a New Device</subject>
            <body>
                <![CDATA[<table align="center" cellpadding="0" cellspacing="0" border="0" width="100%"bgcolor="#f0f0f0"><tr><td style="padding: 30px 30px 20px 30px;"><table cellpadding="0" cellspacing="0" border="0" width="100%" bgcolor="#ffffff" style="max-width: 650px; margin: auto;"><tr><td colspan="2" align="center" style="background-color: #333; padding: 40px;"><a href="http://wso2.com/" target="_blank"><img src="http://cdn.wso2.com/wso2/newsletter/images/nl-2017/wso2-logo-transparent.png" border="0"/></a></td></tr><tr><td colspan="2" align="center" style="padding: 50px 50px 0px 50px;"><h1 style="padding-right: 0em; margin: 0; line-height: 40px; font-weight:300; font-family: 'Nunito Sans', Arial, Verdana, Helvetica, sans-serif; color: #666; text-align: left; padding-bottom: 1em;">
                                    Login from a New Device
                                </h1></td></tr><tr><td style="text-align: left; padding: 0px 50px;" valign="top"><p style="font-size: 18px; margin: 0; line-height: 24px; font-family: 'Nunito Sans', Arial, Verdana, Helvetica, sans-serif; color: #666; text-align: left; padding-bottom: 3%;">
                                    Hi {{user.claim.givenname}},
                                </p><p style="font-size: 18px; margin: 0; line-height: 24px; font-family: 'Nunito Sans', Arial, Verdana, Helvetica, sans-serif; color: #666; text-align: left; padding-bottom: 3%;">
                                    We detected a login to your account({{username}}) from a new device on {{login-time}}.<br>
                                    If it is not you, contact the administrator immediately.
                                </p></td></tr><tr><td style="text-align: left; padding: 30px 50px 50px 50px" valign="top"><p style="font-size: 18px; margin: 0; line-height: 24px; font-family: 'Nunito Sans', Arial, Verdana, Helvetica, sans-serif; color: #505050; text-align: left;">
                                    Thanks,<br/>WSO2 Identity Server Team
                                </p></td></tr><tr><td colspan="2" align="center" style="padding: 20px 40px 40px 40px;" bgcolor="#f0f0f0"><p style="font-size: 12px; margin: 0; line-height: 24px; font-family: 'Nunito Sans', Arial, Verdana, Helvetica, sans-serif; color: #777;">
                                    &copy; 2018
                                    <a href="http://wso2.com/" target="_blank" style="color: #777; text-decoration: none">WSO2</a><br>
                                    787 Castro Street, Mountain View, CA 94041.
                                </p></td></tr></table></td></tr></table>]]>
            </body>
            <footer>---</footer>
        </configuration>
        catalina-server.xml file stored in the <IS_HOME>/repository/conf/tomcat folder.

        Disable the following properties by setting the relevant properties to false to avoid displaying unneccessary information.

        Code Block
        <!--Error pages -->
        <Valve className="org.apache.catalina.valves.ErrorReportValve" showServerInfo="false" showReport="false"/>
        claim-config.xml file stored in the <IS_HOME>/repository/conf/ folder.

        Add the following claims within the <Dialect dialectURI="http://wso2.org/claims"> dialect tag.

        Code Block
        <Claim>
            <ClaimURI>http://wso2.org/claims/userprincipal</ClaimURI>
            <DisplayName>User Principal</DisplayName>
            <AttributeID>uid</AttributeID>
            <Description>User Principal</Description>
        </Claim>
        <Claim>
            <ClaimURI>http://wso2.org/claims/extendedRef</ClaimURI>
            <DisplayName>Extended Ref</DisplayName>
            <!-- Proper attribute Id in your user store must be configured for this -->
            <AttributeID>extendedRef</AttributeID>
            <Description>Extended Ref</Description>
        </Claim>
        <Claim>
            <ClaimURI>http://wso2.org/claims/extendedDisplayName</ClaimURI>
            <DisplayName>Extended Display Name</DisplayName>
            <!-- Proper attribute Id in your user store must be configured for this -->
            <AttributeID>extendedDisplayName</AttributeID>
            <Description>Extended Display Name</Description>
        </Claim>
        <Claim>
            <ClaimURI>http://wso2.org/claims/costCenter</ClaimURI>
            <DisplayName>Cost Center</DisplayName>
            <!-- Proper attribute Id in your user store must be configured for this -->
            <AttributeID>costCenter</AttributeID>
            <Description>Cost Center</Description>
        </Claim>
        <Claim>
            <ClaimURI>http://wso2.org/claims/extendedExternalId</ClaimURI>
            <DisplayName>Extended External ID</DisplayName>
            <!-- Proper attribute Id in your user store must be configured for this -->
            <AttributeID>extendedExternalId</AttributeID>
            <Description>Extended External ID</Description>
        </Claim>

        Add the following claims within the <Dialect dialectURI="http://wso2.org/oidc/claim"> dialect tag.

        Code Block
        <Claim>
            <ClaimURI>upn</ClaimURI>
            <DisplayName>User Principal</DisplayName>
            <AttributeID>uid</AttributeID>
            <Description>The user principal name</Description>
            <DisplayOrder>11</DisplayOrder>
            <SupportedByDefault />
            <MappedLocalClaim>http://wso2.org/claims/userprincipal</MappedLocalClaim>
        </Claim>
        <Claim>
            <ClaimURI>groups</ClaimURI>
            <DisplayName>User Groups</DisplayName>
            <AttributeID>role</AttributeID>
            <Description>List of group names that have been assigned to the principal. This typically will require a mapping at the application container level to application deployment roles.</Description>
            <DisplayOrder>12</DisplayOrder>
            <SupportedByDefault />
            <MappedLocalClaim>http://wso2.org/claims/role</MappedLocalClaim>
        </Claim>

        Add the following claims within the <Dialect dialectURI="urn:ietf:params:scim:schemas:core:2.0:User"> dialect tag.

        Code Block
        <Claim>
            <ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:emails</ClaimURI>
            <DisplayName>Emails</DisplayName>
            <AttributeID>mail</AttributeID>
            <Description>Email Addresses</Description>
            <DisplayOrder>5</DisplayOrder>
            <SupportedByDefault />
            <RegEx>^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$</RegEx>
            <MappedLocalClaim>http://wso2.org/claims/emailaddress</MappedLocalClaim>
        </Claim>
        <Claim>
            <ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:phoneNumbers</ClaimURI>
            <DisplayName>Phone Numbers</DisplayName>
            <AttributeID>phoneNumbers</AttributeID>
            <Description>Phone Numbers</Description>
            <DisplayOrder>5</DisplayOrder>
            <SupportedByDefault/>
            <RegEx>^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$</RegEx>
            <MappedLocalClaim>http://wso2.org/claims/phoneNumbers</MappedLocalClaim>
        </Claim>
        <Claim>
            <ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:photos</ClaimURI>
            <DisplayName>Photo</DisplayName>
            <AttributeID>photos</AttributeID>
            <Description>Photo</Description>
            <DisplayOrder>5</DisplayOrder>
            <SupportedByDefault />
            <MappedLocalClaim>http://wso2.org/claims/photos</MappedLocalClaim>
        </Claim>
        <Claim>
            <ClaimURI>urn:ietf:params:scim:schemas:core:2.0:User:addresses</ClaimURI>
            <DisplayName>Address</DisplayName>
            <AttributeID>addresses</AttributeID>
            <Description>Address</Description>
            <DisplayOrder>5</DisplayOrder>
            <SupportedByDefault />
            <MappedLocalClaim>http://wso2.org/claims/addresses</MappedLocalClaim>
        </Claim>

        Replace the following property values within the urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber claim URI.

        Code Block
        <Claim>
            <ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeNumber</ClaimURI>
            <DisplayName>Employee Number</DisplayName>
            <AttributeID>extendedExternalId</AttributeID>
            <Description>Employee Number</Description>
            <Required />
            <DisplayOrder>1</DisplayOrder>
            <SupportedByDefault />
            <MappedLocalClaim>http://wso2.org/claims/extendedExternalId</MappedLocalClaim>
        </Claim>

        Replace the following property values within the urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:costCenter claim URI.

        Code Block
        <Claim>
            <ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:costCenter</ClaimURI>
            <DisplayName>Cost Center</DisplayName>
            <AttributeID>costCenter</AttributeID>
            <Description>Cost Center</Description>
            <Required />
            <DisplayOrder>1</DisplayOrder>
            <SupportedByDefault />
            <MappedLocalClaim>http://wso2.org/claims/costCenter</MappedLocalClaim>
        </Claim>

        Replace the following property values within the urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.$ref claim URI.


        Code Block
        <Claim>
            <ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.$ref</ClaimURI>
            <DisplayName>Manager - home</DisplayName>
            <AttributeID>extendedRef</AttributeID>
            <Description>Manager - home</Description>
            <Required />
            <DisplayOrder>1</DisplayOrder>
            <SupportedByDefault />
            <MappedLocalClaim>http://wso2.org/claims/extendedRef</MappedLocalClaim>
        </Claim> 

        Replace the following property values within the urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.displayName claim URI.

        Code Block
        <Claim>
            <ClaimURI>urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.displayName</ClaimURI>
            <DisplayName>Manager - Display Name</DisplayName>
            <AttributeID>extendedDisplayName</AttributeID>
            <Description>Manager - Display Name</Description>
            <Required />
            <DisplayOrder>1</DisplayOrder>
            <SupportedByDefault />
            <MappedLocalClaim>http://wso2.org/claims/extendedDisplayName</MappedLocalClaim>
        </Claim>

        Add the following claims within the root tag. This new claim dialect and the claims within it are required for eiDAS.

        For more information, see eIDAS SAML Attribute Profile Support via WSO2 Identity Server.

        Expand
        titleClick to view the claims
        Code Block
        <Dialect dialectURI="http://eidas.europa.eu/attributes/naturalperson">
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier</ClaimURI>
                <DisplayName>Person Identifier</DisplayName>
                <AttributeID>scimId</AttributeID>
                <Description>Person Identifier</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/userid</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName</ClaimURI>
                <DisplayName>Current Family Name</DisplayName>
                <AttributeID>sn</AttributeID>
                <Description>Current Family Name</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/lastname</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName</ClaimURI>
                <DisplayName>Current Given Name</DisplayName>
                <AttributeID>givenName</AttributeID>
                <Description>Current Given Name</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/givenname</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/naturalperson/DateOfBirth</ClaimURI>
                <DisplayName>Date of birth</DisplayName>
                <AttributeID>dateOfBirth</AttributeID>
                <Description>Date of birth</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/dob</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/naturalperson/BirthName</ClaimURI>
                <DisplayName>Birth Name</DisplayName>
                <AttributeID>uid</AttributeID>
                <Description>Birth Name</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/username</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth</ClaimURI>
                <DisplayName>Place of Birth</DisplayName>
                <AttributeID>country</AttributeID>
                <Description>Place of Birth</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/naturalperson/CurrentAddress</ClaimURI>
                <DisplayName>Current Address</DisplayName>
                <AttributeID>localityAddress</AttributeID>
                <Description>Current Address</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/addresses</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/naturalperson/Gender</ClaimURI>
                <DisplayName>Gender</DisplayName>
                <AttributeID>gender</AttributeID>
                <Description>Gender</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/gender</MappedLocalClaim>
            </Claim>
        </Dialect>
        <Dialect dialectURI="http://eidas.europa.eu/attributes/legalperson">
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier</ClaimURI>
                <DisplayName>Legal Person Identifier</DisplayName>
                <AttributeID>extendedExternalId</AttributeID>
                <Description>Legal Person Identifier</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/extendedExternalId</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/legalperson/LegalName</ClaimURI>
                <DisplayName>Legal Person Name</DisplayName>
                <AttributeID>extendedDisplayName</AttributeID>
                <Description>Legal Person Name</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/extendedDisplayName</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/legalperson/LegalPersonAddress</ClaimURI>
                <DisplayName>Legal Person Address</DisplayName>
                <AttributeID>localityAddress</AttributeID>
                <Description>Legal Person Address</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/addresses</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/legalperson/VATRegistrationNumber</ClaimURI>
                <DisplayName>VAT Registration Number</DisplayName>
                <AttributeID>im</AttributeID>
                <Description>VAT Registration Number</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/im</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/legalperson/TaxReference</ClaimURI>
                <DisplayName>Tax Reference</DisplayName>
                <AttributeID>postalcode</AttributeID>
                <Description>Tax Reference</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/postalcode</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier</ClaimURI>
                <DisplayName>EU Identifier</DisplayName>
                <AttributeID>externalId</AttributeID>
                <Description>EU Identifier</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/externalid</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/legalperson/LEI</ClaimURI>
                <DisplayName>LEI</DisplayName>
                <AttributeID>extendedRef</AttributeID>
                <Description>LEI</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/extendedRef</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/legalperson/EORI</ClaimURI>
                <DisplayName>Economic Operator Registration and Identification</DisplayName>
                <AttributeID>departmentNumber</AttributeID>
                <Description>Economic Operator Registration and Identification</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/department</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/legalperson/SEED</ClaimURI>
                <DisplayName>System for Exchange of Excise Data Identifier</DisplayName>
                <AttributeID>nickName</AttributeID>
                <Description>System for Exchange of Excise Data Identifier</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/nickname</MappedLocalClaim>
            </Claim>
            <Claim>
                <ClaimURI>http://eidas.europa.eu/attributes/legalperson/SIC</ClaimURI>
                <DisplayName>Standard Industrial Classification</DisplayName>
                <AttributeID>nickName</AttributeID>
                <Description>Standard Industrial Classification</Description>
                <Required/>
                <DisplayOrder>1</DisplayOrder>
                <SupportedByDefault/>
                <MappedLocalClaim>http://wso2.org/claims/nickname</MappedLocalClaim>
            </Claim>
        </Dialect>
      3. Replace the <NEW_IS_HOME>/repository/conf folder with the modified copy of the <OLD_IS_HOME>/repository/conf folder.

      4. Proceed to step 10 to run the migration client.

      Anchor
      step11
      step11

  10. Start the Identity Server 5.6.0 with the following command to perform the data migration for all components. 

    1. Linux/Unix:

      Code Block
      languagebash
      sh wso2server.sh -Dmigrate -Dcomponent=identity
    2. Windows:

      Code Block
      languagebash
      wso2server.bat -Dmigrate -Dcomponent=identity
  11. Once the migration is successful, stop the server and start using the appropriate command.
    1. Linux/Unix:

      Code Block
      languagexml
      sh wso2server.sh
    2. Windows:

      Code Block
      languagexml
      wso2server.bat