To upgrade the version of WSO2 Identity Server, the user store database should be upgraded. Note that there are no registry schema changes between versions. This topic provides instructions on how you can upgrade (the data and configurations) from WSO2 Identity Server 4.1.0 to WSO2 Identity Server 4.6.0.
Table of Contents |
---|
...
- Before you upgrade to the latest version of WSO2 Identity Server, you create a staging database, which is essentially an empty database. Note that you should NOT connect a new version of WSO2 IS to an older database that has not been migrated.
- Make backups of the database and the WSO2 product prior to upgrading the database. The backup can be taken by copying the home folder of the product.
- Stop all the WSO2 products that are connected to the database.
If any files/folders are changing in the product pack to which you are upgrading, you need to make a backup of the relevant files/folders prior to changes.
...
Stop the current WSO2 Identity Server 4.1.0.
Select the relevant script for the upgrade from here on the production database. The script you use will depend on the type of database you are using, for instance, if your database is MySQL you need to run the
execute mysql-migration.sql
command in MySQL (you would use Oracle or MSSQL to run the script if that is the database you are using). Running this script will ensure that the database is upgraded with the additional tables and schemas which are required for IS 4.6.0.Info There are three migration scripts available:
migration-service-provider.sql
,migration-identity.sql
andmigration.sql
. However, for all Carbon products except WSO2 IS, only themigration.sql
script is required to be executed. In the case of IS, all three scripts need to be run.- Once you run the migration script on the production database, copy your configurations to the staging database you created. This becomes the new database for your new version of IS.
- Download WSO2 Identity Server 4.6.0 from http://wso2.com/products/identity-server/.
- To connect the new product version to the upgraded database, configure the following files:
- Configure
<PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml
. See here for more information on how to do this for your database. Go to the
<PRODUCT
_HOME>/repository/conf
directory and update the datasource references in user-mgt.xml and registry.xml to match the updated configurations in the master-datasources.xml file which you made in the above step. The following are sample configurations if the datasource isjdbc/WSO2CarbonDB
.Code Block language html/xml title registry.xml <dbConfig name="wso2registry"> <dataSource>jdbc/WSO2CarbonDB</dataSource> </dbConfig>
Code Block language html/xml title user-mgt.xml <UserManager> <Realm> <Configuration> ... <Property name="dataSource">jdbc/WSO2CarbonDB</Property> </Configuration> ... </Realm> </UserManager>
- Configure
...
Log in to the new Identity Server and go to the entitlement management console. Note that the XACML policies are not visible in this screen.
- To perform the migration of XACML policies, download this migration tool.
In the migration tool you downloaded, set up the configuration parameters using the
config.properties
file which can be found in the<ROOT>/resources
directory.Execute the following command to start the migration.
On Windows
Code Block migratePolicies.bat
On LinuxCode Block ./migratePolicies.sh
Note OAuth applications, which were created in the tenants are also created inside the super admin space. This is because, IS 4.1.0 did not support tenant partitioning for OAuth applications. If there are OAuth apps available in the tenant space, you have to manually include them inside the tenant space once the migration process is done.
Recommended checkpoints
The databases should contain the newly added tables, which are namely as follows:
UM_ACCOUNT_MAPPING
UM_DOMAINDOMAIN
UM_MODULE
UM_MODULE_ACTIONS
UM_SYSTEMSHARED_USER_ROLE
UM_SYSTEM_ROLEROLE
UM_SYSTEM_USER_ROLE
IDP_BASE_TABLEUSER
UM_SYSTEM_USER_ROLE
UM_TENANT_IDPIDP
UM_TENANT_IDP_ROLESROLES
UM_TENANT_IDP_ROLE_MAPPINGSMAPPINGS
IDP_BASE_TABLE
IDN_THRIFTIDENTITY_META_SESSIONDATA
IDN_IDENTITY_USER_DATADATA
IDN_IDENTITYTHRIFT_META_DATASESSION
Going into production
The following are recommended tests to run on the staging system.
...