This documentation is for WSO2 Identity Server 5.4.0. View documentation for the latest release.
Upgrading from a Previous Release - Identity Server 5.4.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »

This document is work in progress and will be released with the 5.4.0 GA release.

The following instructions guide you through upgrading from WSO2 Identity Server 5.3.0 to WSO2 Identity Server 5.4.0. In this topic, <OLD_IS_HOME> is the directory that Identity Server 5.3.0 resides in and <NEW_IS_HOME> is the directory that Identity Server 5.4.0 resides in.

Before you begin

  1. This release is a WUM-only release. This means that there are no manual patches and any further fixes or latest updates for this release can be updated through the WSO2 Update Manager (WUM).

    • If you are upgrading to this version to use this version in your production environment, use the WSO2 Update Manager and get the latest available updates for WSO2 IS 5.4.0. For more information on how to do this, see Updating WSO2 Products.

    • If you are upgrading to this version only to do an incremental upgrade to the next available version (e.g., if you are upgrading from WSO2 IS 5.3.0 - 5.5.0), you can skip this step and migrate to 5.4.0 by following the steps given in this document. You do not need to use WUM in this instance because the WUM updates available for this version will be included in the WSO2 IS pack of the next version.
  2. If you have added any custom claims, expand the section below and follow the steps before migrating to WSO2 IS 5.3.0.

     Click to view vital information about custom claims

    This is required because all claims external to the WSO2 dialect in WSO2 IS 5.4.0 are mapped to the relevant claim in the WSO2 dialect and not to the underlying attribute in the user store. When there are custom claims, there is no claim in the WSO2 dialect that is mapped to that attribute. Therefore, follow the steps below to create a new claim in the WSO2 dialect and map your custom claim to the local claim (i.e., the new claim created in the WSO2 dialect).

    1. Start the WSO2 IS server of IS 5.3.0 and login to the management console.
    2. Click on Add under Claims on the Main tab of the management console.
    3. Click Add New Claim and select the http://wso2.org/claims dialect.

    4. Enter the required information of the custom claim. For more information, see Adding Claim Mapping in IS 5.3.0.

    5. Click Add. The claim you created will be listed.
    6. Click on List under Claims on the Main tab of the management console again.
    7. Click on the claim dialect where you have your custom claim, and click on the Edit button of your custom claim.
    8. Map the local claim you just created to the custom claim by editing the Mapped Attribute(s) field.
    9. Click Update.

    Note: Repeat the steps above for every custom claim you have created.

Migrating the embedded LDAP user store

It is not generally recommended to use the embedded LDAP user store that is shipped with WSO2 Identity Server in production setups. However, if migration of the embedded LDAP is required, follow the instructions below to migrate the existing IS 5.3.0 LDAP user store to IS 5.4.0.

  1. Copy the <OLD_IS_HOME>/repository/data folder to <NEW_IS_HOME>/repository/data folder.
  2. Restart the server to save the changes. 

To upgrade the version of WSO2 Identity Server, the user store database should be upgraded. Note that there are no registry schema changes between versions. 

Follow the steps below as needed to complete the migration process.

  1. Download Identity Server 5.4.0 and unzip it in the <NEW_IS_HOME> directory.
  2. Take a backup of the existing database used by Identity Server 5.3.0. This backup is necessary in case the migration causes issues in the existing database.
  3. Make the database script updates as indicated below.
      1. Download the migration resources and unzip it to a local directory. This folder is referred to as <IS5.4.0_MIGRATION_TOOL_HOME>.

      2. Copy the db script files in the <IS5.4.0_MIGRATION_TOOL_HOME>/dbscripts/identity/ directory to the <NEW_IS_HOME>/dbscripts/identity/migration-5.3.0_to_5.4.0/ directory.

      3. Copy the org.wso2.carbon.is.migrate.client-5.4.0.jar file in the  <IS5.4.0_MIGRATION_TOOL_HOME>/dropins directory to the <NEW_IS_HOME>/repository/components/dropins directory. 
      4. Alternatively, if you are using Oracle database, you can either provide the database owner credentials in the datasource configurations (identity and user management databases) or pass the identity database owner name with -DidentityOracleUser and user management database owner name with ­-DumOracleUser.
  4. Copy any custom OSGI bundles that were added manually from the <OLD_IS_HOME>/repository/components/dropins folder and paste it in the <NEW_IS_HOME>/repository/components/dropins folder. 
  5. Copy any added JAR files from the <OLD_IS_HOME>/repository/components/lib folder and paste it in the <NEW_IS_HOME>/repository/components/lib folder. 

  6. Copy the .jks files from the <OLD_IS_HOME>/repository/resources/security folder and paste them in <NEW_IS_HOME>/repository/resources/security folder. 

  7. If you have created tenants in the previous WSO2 Identity Server version and if there are any resources in the <OLD_IS_HOME>/repository/tenants directory, copy the content to the <NEW_IS_HOME>/repository/tenants directory.
  8. If you have created secondary user stores in the previous WSO2 IS version, copy the content in the <OLD_IS_HOME>/repository/deployment/server/userstores directory to the <NEW_IS_HOME>/repository/deployment/server/userstores directory.

  9. The ClaimManagementService API is not recommended for use with WSO2 IS 5.3.0. If you are using the ClaimManagementService API and have written any clients using the service, convert the clients to the new and improved ClaimMetaDataManagementService API that is packaged with WSO2 IS 5.3.0. 

  10. You can use one of the following approaches to migrate depending on your production evironment. 

    • Migrating by updating the custom configurations

      This approach is recommended if:

      • You have done no custom changes in your previous version of WSO2 IS.
      • You have done very few custom changes in your previous version of WSO2 IS. These custom changes have been tracked and are easy to redo.  


      Steps:

      1. If you have done custom changes to the config files in your previous version of WSO2 IS, update the files in the <NEW_IS_HOME>/repository/conf folder with your custom configurations. 
      2. Proceed to step 11 to run the migration client.
    • Migrating by updating the new configurations in 5.4.0 

      This approach is recommended if:

      • You have done many custom changes in your previous version of WSO2 IS.
      • These custom changes have not been tracked completely and/or are difficult to redo.  

      Steps:

      1. Make a copy of the <OLD_IS_HOME>/repository/conf folder. (Do not change the original configs. You may use it as a backup in case there are any issues)
      2. The table below lists out all the configuration changes from IS 5.3.0 to IS 5.4.0. You can scroll through the table and change the relevant configurations according to the features you are using.

        Tip: Scroll left/right to view the entire table below.

         Mandatory configuration changes: Click here to view the table..
        Configuration FileChanges

        identity-event.properties file stored in the <IS_HOME>/repository/conf/identity folder.

        Add the property shown at line number 2.

        module.name.5=account.disable.handler
        account.disable.handler.enable=false
        account.disable.handler.subscription.1=PRE_AUTHENTICATION
         Click for more information about the account.disable.handler.enable property

        To disable or switch off the account disable feature in WSO2 IS 5.3.0, the following code block has to be removed from the identity-event.properties file. Removing this disables the feature from all tenants.

        account.disable.handler.subscription.1=PRE_AUTHENTICATION
        account.disable.handler.subscription.2=PRE_SET_USER_CLAIMS
        account.disable.handler.subscription.3=POST_SET_USER_CLAIMS

        In WSO2 IS 5.4.0, the account.disable.handler.enable property has been added to enable/disable the feature. Setting this to true/false will enable/disable it only in the super tenant. To disable/enable it in other tenants, do the following:

        1. Start WSO2 Identity Server and login to the management console.
        2. Click List under Identity Providers and then click Resident Identity Provider.

        3. Expand Login Policies>Account Disabling and select/unselect the Enable Account Disbabling checkbox accordingly. account-disable.png

        identity.xml file stored in the <IS_HOME>/repository/conf/identity folder.

        Add the following property within the <SessionDataCleanUp> tag.

        <DeleteChunkSize>50000</DeleteChunkSize>
         Click for more information about the DeleteChunkSize property

        In a production environment, there is a possibility for a deadlock/database lock to occur when running a session data cleanup task in high load scenarios. To mitigate this, the property given above was introduced to clean data in chunks. Configure this property with the required chunk size.

        Remove the following property found within the <OperationDataCleanUp> tag.

         <CleanUpPeriod>720</CleanUpPeriod>
         Click for more information about the CleanUpPeriod property

        WSO2 IS 5.3.0 had two separate tasks for session data cleanup and operation data cleanup. This is now combined and done through one task. Therefore the property given above is no longer needed and can be removed. You can still configure the <CleanUpPeriod> property within the <SessionDataCleanUp> tag to specify the cleanup period for the combined task.

        Change the default value of the following property from 300 to 0.

        You can skip this step if you have already configured the <TimestampSkew> property with your own value.

        <TimestampSkew>0</TimestampSkew>
         Click for more information about the TimestampSkew property

        The property given above specifies the maximum tolerance limit for the clock skewed between the sender and recipient. The default value was changed to 0 as the best practice is to assume that the sender and recipient clocks are synchronized and are in the same time stamp. Configure this accordingly if the clocks are not in the same timestamp.

        Add the following JWT bearer grant type.

        <SupportedGrantType>
        <GrantTypeName>urn:ietf:params:oauth:grant-type:jwt-bearer</GrantTypeName>
        <GrantTypeHandlerImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTBearerGrantHandler</GrantTypeHandlerImplClass>
        <GrantTypeValidatorImplClass>org.wso2.carbon.identity.oauth2.grant.jwt.JWTGrantValidator</GrantTypeValidatorImplClass>
        </SupportedGrantType>
         Click for more information about the JWT bearer grant type

        The JWT bearer grant type is supported out-of-the-box with WSO2 IS 5.4.0. For more information, see Configuring JWT Grant Type in the ISConnectors documentation.

        Update the <EmailVerification> code block with the following code.

        The properties shown below at line numbers 3,8,9 & 10 were added in 5.4.0.

        <EmailVerification>
            <Enable>false</Enable>
            <ExpiryTime>1440</ExpiryTime>
            <LockOnCreation>true</LockOnCreation>
            <Notification>
                <InternallyManage>true</InternallyManage>
            </Notification>
            <AskPassword>
                <ExpiryTime>1440</ExpiryTime>
            </AskPassword>
        </EmailVerification>

        Update the following property found within the <SelfRegistration> tag to true.

        <LockOnCreation>true</LockOnCreation>

        Add the following properties within the <SelfRegistration> tag.

        <VerificationCode>
          <ExpiryTime>1440</ExpiryTime>
        </VerificationCode>

        Change the default values within the <CacheManager> tag.

        • If you have already configured all the properties within the <CacheManager> tag with your own values, skip this step.

        • If you have only configured some properties within the <CacheManager> tag with your own values, replace the properties that are not been changed/configured with the relevant default values shown below.

        • If you have not configured or changed any of the properties within the <CacheManager> tag with your own values, copy the entire code block below and replace the <CacheManager> tag in the identity.xml file with the code block given below.
        <CacheManager name="IdentityApplicationManagementCacheManager">
            <Cache name="AppAuthFrameworkSessionContextCache" enable="false" timeout="300" capacity="5000" isDistributed="false" />
            <Cache name="AuthenticationContextCache" enable="false" timeout="300" capacity="5000" isDistributed="false" />
            <Cache name="AuthenticationRequestCache" enable="false" timeout="300" capacity="5000" isDistributed="false" />
            <Cache name="AuthenticationResultCache" enable="false" timeout="300" capacity="5000" isDistributed="false" />
            <Cache name="AppInfoCache" enable="true" timeout="900" capacity="5000" isDistributed="false" />
            <Cache name="AuthorizationGrantCache" enable="false" timeout="300" capacity="5000" isDistributed="false" />
            <Cache name="OAuthCache" enable="false" timeout="300" capacity="5000" isDistributed="false" />
            <Cache name="OAuthSessionDataCache" enable="false" timeout="300" capacity="5000" isDistributed="false" />
            <Cache name="SAMLSSOParticipantCache" enable="false" timeout="300" capacity="5000" isDistributed="false" />
            <Cache name="SAMLSSOSessionIndexCache" enable="false" timeout="300" capacity="5000" isDistributed="false" />
            <Cache name="SAMLSSOSessionDataCache" enable="false" timeout="300" capacity="5000" isDistributed="false" />
            <Cache name="ServiceProviderCache" enable="true" timeout="900" capacity="5000" isDistributed="false" />
            <Cache name="ProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false" />
            <Cache name="ProvisioningEntityCache" enable="false" timeout="900" capacity="5000" isDistributed="false" />
            <Cache name="ServiceProviderProvisioningConnectorCache" enable="true" timeout="900" capacity="5000" isDistributed="false" />
            <Cache name="IdPCacheByAuthProperty" enable="true" timeout="900" capacity="5000" isDistributed="false" />
            <Cache name="IdPCacheByHRI" enable="true" timeout="900" capacity="5000" isDistributed="false" />
            <Cache name="IdPCacheByName" enable="true" timeout="900" capacity="5000" isDistributed="false" />
        </CacheManager>

        Add the following property within the <CacheManager> tag.

        <Cache name="OAuthScopeCache" enable="true"  timeout="300" capacity="5000" isDistributed="false"/>
        authenticators.xml file stored in the <IS_HOME>/repository/conf/security folder.

        Update the parameter name of the JITUserProvisioning parameter to the following.

        <Parameter name="JITUserProvisioningEnabled">true</Parameter>
        web.xml file stored in the <IS_HOME>/repository/conf/tomcat folder.

        Add the following property under the <session-config> tag.

        <tracking-mode>COOKIE</tracking-mode>
        user-mgt.xml file stored in the <IS_HOME>/repository/conf folder.

        Update the default value of the following properties found under the ReadOnlyLDAPUserStoreManager as follows.

        You can skip this step if you have already configured these properties with your own RegEx.

        <Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
        <Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
        claim-config.xml file stored in the <IS_HOME>/repository/conf folder.

        Add the following claim.

        <Claim>
        	<ClaimURI>http://wso2.org/claims/identity/phoneVerified</ClaimURI>
        	<DisplayName>Phone Verified</DisplayName>
        	<!-- Proper attribute Id in your user store must be configured for this -->
        	<AttributeID>imSkype</AttributeID>
        	<Description>Phone Verified</Description>
        </Claim>

        Change the following claim mappings.

        You can skip modifying the claims that you have already mapped with your own claim mapping.

         Click to see the modified claim mappings
        1. Remove the property at line number 7 and add in the property at line number 8.

          <Claim>	
          	<ClaimURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone</ClaimURI>
          	<DisplayName>Home Phone</DisplayName>
          	<AttributeID>homePhone</AttributeID>
          	<Description>Home Phone</Description>
          	<SupportedByDefault />
          	<MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
          	<MappedLocalClaim>http://wso2.org/claims/phoneNumbers.home</MappedLocalClaim>
          </Claim>
        2. Remove the property at line number 7 and add in the property at line number 8.

          <Claim>
          	<ClaimURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier</ClaimURI>
          	<AttributeID>privatePersonalIdentifier</AttributeID>
          	<Description>PPID</Description>
          	<Required />
          	<SupportedByDefault />
          	<MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
          	<MappedLocalClaim>http://wso2.org/claims/im</MappedLocalClaim>
          </Claim>
        3. Remove the property at line number 8 and add in the property at line number 9.

          <Claim>
          	<ClaimURI>timezone</ClaimURI>
          	<DisplayName>Time Zone</DisplayName>
          	<AttributeID>timeZone</AttributeID>
          	<Description>Time Zone</Description>
          	<DisplayOrder>9</DisplayOrder>
          	<SupportedByDefault />
          	<MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
          	<MappedLocalClaim>http://wso2.org/claims/timeZone</MappedLocalClaim>
          </Claim>
        4. Remove the property at line number 8 and add in the property at line number 9.

          <Claim>
              <ClaimURI>postcode</ClaimURI>
              <DisplayName>Postalcode</DisplayName>
              <AttributeID>postalCode</AttributeID>
              <Description>Postalcode</Description>
              <DisplayOrder>4</DisplayOrder>
              <SupportedByDefault />
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/postalcode</MappedLocalClaim>
          </Claim>
        5. Remove the property at line number 8 and add in the property at line number 9.

          <Claim>
              <ClaimURI>language</ClaimURI>
              <DisplayName>Language</DisplayName>
              <AttributeID>prefferedLanguage</AttributeID>
              <Description>Language</Description>
              <DisplayOrder>7</DisplayOrder>
              <SupportedByDefault />
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/preferredLanguage</MappedLocalClaim>
          </Claim>
        6. Remove the property at line number 6 and add in the property at line number 7.

          <Claim>
              <ClaimURI>http://axschema.org/pref/timezone</ClaimURI>
              <DisplayName>Time Zone</DisplayName>
              <AttributeID>timeZone</AttributeID>
              <Description>Time Zone</Description>
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/timeZone</MappedLocalClaim>
          </Claim>
        7. Remove the property at line number 6 and add in the property at line number 7.

          <Claim>
              <ClaimURI>http://axschema.org/contact/postalCode/home</ClaimURI>
              <DisplayName>Postalcode</DisplayName>
              <AttributeID>postalCode</AttributeID>
              <Description>Postalcode</Description>
              <SupportedByDefault />
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/postalcode</MappedLocalClaim>
          </Claim>
        8. Remove the property at line number 7 and add in the property at line number 8.


          <Claim>
              <ClaimURI>http://axschema.org/pref/language</ClaimURI>
              <DisplayName>Language</DisplayName>
              <AttributeID>prefferedLanguage</AttributeID>
              <Description>Language</Description>
              <SupportedByDefault />
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/preferredLanguage</MappedLocalClaim>
          </Claim
        9. Remove the property at line number 9 and add in the property at line number 10.

          <Claim>
              <ClaimURI>given_name</ClaimURI>
              <DisplayName>Given Name</DisplayName>
              <AttributeID>cn</AttributeID>
              <AttributeID>givenName</AttributeID>
              <Description>Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have         multiple given names; all can be present, with the names being separated by space characters.</Description>
              <DisplayOrder>3</DisplayOrder>
              <SupportedByDefault />
              <MappedLocalClaim>http://wso2.org/claims/fullname</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/givenname</MappedLocalClaim>
          </Claim>
        10. Remove the property at line number 8 and add in the property at line number 9.

          <Claim>
              <ClaimURI>middle_name</ClaimURI>
              <DisplayName>Middle Name</DisplayName>
              <AttributeID>middleName</AttributeID>
              <Description>Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.</Description>
              <DisplayOrder>5</DisplayOrder>
              <SupportedByDefault />
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/middleName</MappedLocalClaim>
          </Claim>
        11. Remove the property at line number 8 and add in the property at line number 9.

          <Claim>
              <ClaimURI>preferred_username</ClaimURI>
              <DisplayName>Preferred Username</DisplayName>
              <AttributeID>cn</AttributeID>
              <Description>Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe.</Description>
              <DisplayOrder>7</DisplayOrder>
              <SupportedByDefault />
              <MappedLocalClaim>http://wso2.org/claims/fullname</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/displayName</MappedLocalClaim>
          </Claim>
        12. Remove the property at line number 8 and add in the property at line number 9.

          <Claim>
              <ClaimURI>picture</ClaimURI>
              <DisplayName>Picture</DisplayName>
              <AttributeID>image</AttributeID>
              <Description>URL of the End-User's profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file)</Description>
              <DisplayOrder>9</DisplayOrder>
              <SupportedByDefault />
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/photourl</MappedLocalClaim>
          </Claim>
        13. Remove the property at line number 6 and add in the property at line number 7.

          <Claim>
              <ClaimURI>email_verified</ClaimURI>
              <DisplayName>Email Verified</DisplayName>
              <AttributeID>emailVerified</AttributeID>
              <Description>True if the End-User's e-mail address has been verified; otherwise false. </Description>
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/identity/emailVerified</MappedLocalClaim>
          </Claim>
        14. Remove the property at line number 6 and add in the property at line number 7.

          <Claim>
              <ClaimURI>birthdate</ClaimURI>
              <DisplayName>Birth Date</DisplayName>
              <AttributeID>birthDate</AttributeID>
              <Description>End-User's birthday, represented as an ISO 8601:2004 [ISO8601-2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed.</Description>
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/dob</MappedLocalClaim>
          </Claim>
        15. Remove the property at line number 6 and add in the property at line number 7.

          <Claim>
              <ClaimURI>zoneinfo</ClaimURI>
              <DisplayName>Zone Info</DisplayName>
              <AttributeID>zone</AttributeID>
              <Description>String from zoneinfo time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.</Description>
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/timeZone</MappedLocalClaim>
          </Claim>
        16. Remove the property at line number 6 and add in the property at line number 7.

          <Claim>
              <ClaimURI>locale</ClaimURI>
              <DisplayName>Locale</DisplayName>
              <AttributeID>locale</AttributeID>
              <Description>End-User's locale, For example, en-US or fr-CA, en_US</Description>
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/local</MappedLocalClaim>
          </Claim>
        17. Remove the property at line number 6 and add in the property at line number 7.

          <Claim>
              <ClaimURI>phone_number_verified</ClaimURI>
              <DisplayName>Phone Number Verified</DisplayName>
              <AttributeID>phoneVerififed</AttributeID>
              <Description>True if the End-User's phone number has been verified; otherwise false.</Description>
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/identity/phoneVerified</MappedLocalClaim>
          </Claim>
        18. Remove the property at line number 6 and add in the property at line number 7.

          <Claim>
              <ClaimURI>address</ClaimURI>
              <DisplayName>Address</DisplayName>
              <AttributeID>address</AttributeID>
              <Description>True if the End-User's phone number has been verified; otherwise false. </Description>
              <MappedLocalClaim>http://wso2.org/claims/country</MappedLocalClaim>
              <MappedLocalClaim>http://wso2.org/claims/addresses</MappedLocalClaim>
          </Claim>

  11. Replace the <NEW_IS_HOME>/repository/conf folder with the modified copy of the <OLD_IS_HOME>/repository/conf folder.

  12. Start the Identity Server 5.4.0 with the following command to perform the data migration for all components. 

    See the notes below to perform migration for individual components or for active tenants only. 

    1. Linux/Unix:

      sh wso2server.sh -Dmigrate -Dcomponent=identity 
    2. Windows:

      wso2server.bat -Dmigrate -Dcomponent=identity 

      Migrate individual components

      Optional: To migrate certain components only, use the relevant commands in the table below.

      Warning! Unless specifically required, it is recommended to perform the full data migration by executing the command given above. Component migration is intended for certain special cases only, and may cause errors due to incomplete migration, if done incorrectly.

       Click here to view the commands
      ComponentLinux/UnixWindows
      Identity Database Schema
      sh wso2server.sh -Dmigrate -Dcomponent
      =identity -DmigrateIdentityDB
      wso2server.bat -Dmigrate -Dcomponent
      =identity -DmigrateIdentityDB
      Claim Data
      sh wso2server.sh -Dmigrate -Dcomponent
      =identity -DmigrateClaimData
      wso2server.bat -Dmigrate -Dcomponent=
      identity -DmigrateClaimData
      Email Template Data
      sh wso2server.sh -Dmigrate -Dcomponent
      =identity -DmigrateEmailTemplateData
      wso2server.bat -Dmigrate -Dcomponent
      =identity -DmigrateEmailTemplateData
      Permission Data
      sh wso2server.sh -Dmigrate -Dcomponent
      =identity -DmigratePermissionData
      wso2server.bat -Dmigrate -Dcomponent
      =identity -DmigratePermissionData
      Challenge Question Data
      sh wso2server.sh -Dmigrate -Dcomponent
      =identity -DmigrateChallengeQuestionData
      wso2server.bat -Dmigrate -Dcomponent
      =identity -DmigrateChallengeQuestionData
      Resident IdP MetaData
      sh wso2server.sh -Dmigrate -Dcomponent
      =identity -DmigrateResidentIdpMetaData
      wso2server.bat -Dmigrate -Dcomponent
      =identity -DmigrateResidentIdpMetaData
      OIDC Scope Data
      sh wso2server.sh -Dmigrate -Dcomponent
      =identity -DmigrateOIDCScopeData
      wso2server.bat -Dmigrate -Dcomponent
      =identity -DmigrateOIDCScopeData

      Migrate active tenants only

      Optional: If you have any disabled/inactive tenants in your previous version of WSO2 IS that you do not want to bring forward to the next version, do a complete migration for all components with active tenants only.

       Click here to view the command

      Start the server against the migration client jar located in the <IS_HOME>/repository/components/dropins directory using the -DmigrateActiveTenantsOnly flag, as shown below.

      sh wso2server.sh -Dmigrate -Dcomponent=identity -DmigrateActiveTenantsOnly
  13. Once the migration is successful, stop the server and start using the appropriate command.
    1. Linux/Unix:

      sh wso2server.sh
    2. Windows:

      wso2server.bat

  • No labels