The following sections provide instructions on how you can upgrade (the data and configurations) from WSO2 Identity Server 5.0.0 to WSO2 Identity Server 5.1.0.
Upgrading the database
Migrating the embedded LDAP user store
It is not generally recommended to use the embedded LDAP user store that is shipped with WSO2 Identity Server in production setups. However, if migration of the embedded LDAP is required, follow the instructions below to migrate the existing IS 5.0.0 LDAP user store to IS 5.1.0.
- Copy the
- Restart the server to save the changes.
To upgrade the version of WSO2 Identity Server, the user store database should be upgraded. Note that there are no registry schema changes between versions.
In this topic,
<OLD_IS_HOME> is the directory that Identity Server 5.0.0 resides in and
<NEW_IS_HOME> is the directory that Identity Server 5.1.0 resides in.
- Download Identity Server 5.1.0 and unzip it in the
- Take a backup of the existing database used by Identity Server 5.0.0. This backup is necessary in case the migration causes issues in the existing database.
- Configure the
<NEW_IS_HOME>/repository/conf/datasources/master-datasources.xmlfile in Identity Server 5.1.0 by pointing to the same databases used by Identity Server 5.0.0.
- Configure the
<NEW_IS_HOME>/repository/conf/identity/identity.xmlfile with the same configurations made in the
<NEW_IS_HOME>/repository/conf/identity/identity-mgt.propertiesfile with the same configurations made in the
Identity.Listener.Enableproperty is no longer available in this file in Identity Server 5.1.0. You can enable
<NEW_IS_HOME>/repository/conf/identity/identity.xmlfile as indicated below.
Configure the primary user store in
MultiAttributeSeparatorproperty found in the
user-mgt.xmlfile is used to define a character to separate multiple attributes. If a claim value has a comma there may be issues that arise. To overcome this, configure the
MultiAttributeSeparatorproperty in the relevant UserStoreManager to something other than ",". For example, you can use ",,," or "..." or a similar character sequence. This ensures that it will not appear as part of a claim value. The default is ",".
- If you have created tenants in the previous Identity Server copy content in the
- If you have created secondary user stores in the previous Identity Server copy content in the
- Copy the content in the
If you have edited
<OLD_IS_HOME>/repository/resources/security/sso_redirect.htmlfile, copy the content in the
<OLD_IS_HOME>/repository/resources/security/sso_redirect.htmlfile to the
<NEW_IS_HOME>/repository/resources/identity/pages/samlsso_response.htmlfile. Then replace
- Make the database script updates as indicated below.
Download the migration resources and unzip it to a local directory. This folder is referred to as
<IS5.1.0_MIGRATION_TOOL_HOME>/dbscripts/migration5.0.0_to_5.1.0directory to the
<IS5.1.0_MIGRATION_TOOL_HOME>/dbscripts/identity/migration5.0.0_to_5.0.0SP1directory to the
<IS5.1.0_MIGRATION_TOOL_HOME>/dropins/org.wso2.carbon.is.migrate.client5.1.0.jarfile to the
- Alternatively, if you are using Oracle, you can either provide the database owner credentials in the datasource configurations (identity and user management databases) or pass the identity database owner name with -
DidentityOracleUserand user management database owner name with -
To migrate the identity database only (without migrating the user management database):
-DmigrateIdentity JVMparameter to the startup command as well.
<NEW_IS_HOME>/repository/conf/user-mgt.xmlfile and set the value of the
<isCascadeDeleteEnabled>property to false.
- Start the Identity Server 5.1.0 using the appropriate command.
Configuration changes in Carbon 4.4.x
WSO2 Identity Server 5.1.0 runs on Carbon Kernel 4.4.x. The configuration options listed below are new in Carbon 4.4.x. Follow the given links for more details about configurations.
|axis2.xml file stored in the ||The following new parameter was added: |
|identity.xml file stored in the |
|tenant-axis2.xml stored in the ||The default value for the "httpContentNegotiation" parameter is set to 'true': |
|catalina-server.xml file stored in the |
|master-datasources.xml file stored in the ||Default auto-commit setting for a data source is set to false: |
|carbon.xml file stored in the |
user-mgt.xml file stored in the<PRODUCT_HOME>/repository/conf/ directory.
The following property was added under the
The following properties under the <UserStoreManager> tag were changed as follows:
|registry.xml file stored in the ||The default value was changed to 'false' for the following setting: |
|authenticators.xml file stored in the |
The following parameter was added under the <Authenticator> element to specify the AssertionConsumerServiceURL. This is an optional parameter and is used by the requesting party to build the request. For more information, see Authenticators Configuration.