Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To upgrade the version of WSO2 Identity Server, the user store database should be upgraded. Note that there are no registry schema changes between versions. This topic provides instructions on how you can upgrade (the data and configurations) from WSO2 Identity Server 4.1.0 to WSO2 Identity Server 4.6.0. 

Table of Contents

...

  • Before you upgrade to the latest version of WSO2 Identity Server, you create a staging database, which is essentially an empty database. Note that you should NOT connect a new version of WSO2 IS to an older database that has not been migrated.
  • Make backups of the database and the WSO2 product prior to upgrading the database. The backup can be taken by copying the home folder of the product.
  • Stop all the WSO2 products that are connected to the database.
  • If any files/folders are changing in the product pack to which you are upgrading, you need to make a backup of the relevant files/folders prior to changes.

...

  1. Stop the current WSO2 Identity Server 4.1.0.

  2. Select the relevant script for the upgrade from here on the production database. The script you use will depend on the type of database you are using, for instance, if your database is MySQL you need to run the execute mysql-migration.sql command in MySQL (you would use Oracle or MSSQL to run the script if that is the database you are using). Running this script will ensure that the database is upgraded with the additional tables and schemas which are required for IS 4.6.0.

    Info

    There are three migration scripts available: migration-service-provider.sqlmigration-identity.sql and migration.sql. However, for all Carbon products except WSO2 IS, only the migration.sql script is required to be executed. In the case of IS, all three scripts need to be run.

  3. Once you run the migration script on the production database, copy your configurations to the staging database you created. This becomes the new database for your new version of IS.
  4. Download WSO2 Identity Server 4.6.0 from http://wso2.com/products/identity-server/
  5. To connect the new product version to the upgraded database, configure the following files:  
    1. Configure <PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml. See here for more information on how to do this for your database.
    2. Go to the <PRODUCT _HOME>/repository/conf directory and update the datasource references in user-mgt.xml and registry.xml to match the updated configurations in the master-datasources.xml file which you made in the above step. The following are sample configurations if the datasource is jdbc/WSO2CarbonDB.

      Code Block
      languagehtml/xml
      titleregistry.xml
      <dbConfig name="wso2registry">
          <dataSource>jdbc/WSO2CarbonDB</dataSource>
      </dbConfig> 
      Code Block
      languagehtml/xml
      titleuser-mgt.xml
      <UserManager>
        <Realm>
        <Configuration>
        ...
        <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
        </Configuration>
        ...
        </Realm>
      </UserManager>

...

  1. Log in to the new Identity Server and go to the entitlement management console. Note that the XACML policies are not visible in this screen.

  2. To perform the migration of XACML policies, download this migration tool.
  3. In the migration tool you downloaded, set up the configuration parameters using the config.properties file which can be found in the <ROOT>/resources directory.

  4. Execute the following command to start the migration.

    On Windows

    Code Block
    migratePolicies.bat


    On Linux

    Code Block
    ./migratePolicies.sh
    Note

    OAuth applications, which were created in the tenants are also created inside the super admin space. This is because, IS 4.1.0 did not support tenant partitioning for OAuth applications. If there are OAuth apps available in the tenant space, you have to manually include them inside the tenant space once the migration process is done.

Recommended checkpoints

The databases should contain the newly added tables, which are namely as follows:

  • UM_ACCOUNT_MAPPING 

  • UM_DOMAINDOMAIN 

  • UM_MODULE 

  • UM_MODULE_ACTIONS 

  • UM_SYSTEMSHARED_USER_ROLE 

  • UM_SYSTEM_ROLEROLE 

  • UM_SYSTEM_USER_ROLEIDP_BASE_TABLEUSER 

  • UM_SYSTEM_USER_ROLE 

  • UM_TENANT_IDPIDP 

  • UM_TENANT_IDP_ROLESROLES 

  • UM_TENANT_IDP_ROLE_MAPPINGSMAPPINGS 

  • IDP_BASE_TABLE 

  • IDN_THRIFTIDENTITY_META_SESSIONDATA 

  • IDN_IDENTITY_USER_DATADATA 

  • IDN_IDENTITYTHRIFT_META_DATASESSION

Going into production

The following are recommended tests to run on the staging system. 

...