PingAuthorize

Upgrade considerations introduced in PingAuthorize 10.0

Camel upgrade

PingAuthorize 10.0 now supports Apache Camel 3.21.2. The limitations on using Apache Camel to connect policy information points (PIP) introduced in PingAuthorize 9.3 still apply. For more information on working around these limitations, see Enabling Camel service connections. For details on upgrading from Apache Camel 2.x to 3.0, see Apache’s migration guide.

SNI hostname checking disabled by default

If you are upgrading to PingAuthorize 10.0 with an existing configuration that has SNI hostname checks enabled, you might encounter an issue when using a host name not found in the key store. To migrate an existing configuration from an earlier version of PingAuthorize and disable SNI host name checks, add the following to your configuration.yml file:

server:
  ...
  applicationConnectors:
  - type: "https"
    ...
    disableSniHostCheck: "${PING_DISABLE_SNI_HOSTNAME_CHECKS:-true}"

This change also introduces a new setup option, --disableSniHostnameChecks, that you can set to false to enable SNI hostname checks.

Upgrading a PingAuthorize server running Java 8 to version 10.0

Support for Java 8 has been deprecated, and upgrading to Version 10.0 of PingAuthorize will fail unless you are running Java 11 or 17.

If you are upgrading a server running Java 11 or 17 to version 10.0, you can proceed with the server upgrade after confirming one of the following:

  • Your default Java installation is a supported version.

  • You are pointing one of the following environment variables to a supported version of Java:

    • JAVA_HOME

    • UNBOUNDID_JAVA_HOME

The java.properties configuration file won’t be modified if you upgrade the server to version 10.0 under the previous conditions.

The upgrade process from a server instance running Java 8 is not automatic and will fail. Java 8 is no longer supported.
Updating to a supported Java version before upgrading the server

Before upgrading the server to version 10.0, you must install either Java 11 or 17. For more information, see System requirements. Upgrading to version 10.0 after updating Java requires changes to the java.properties file.

Select one of the following options for handling how java.properties gets modified. Where a Java version is specified, substitute your installed, supported Java version.

  • Before updating the server, convert the file manually:

    1. Edit config/java.properties file to convert the JVM parameters to be specific to Java 11.

    2. Run bin/jds/javaproperties to make the changes go into effect.

  • Before upgrading the server, create a new file:

    1. Rename the old java.properties file.

    2. Run the bin/dsjavaproperties command to initialize a new Java 11 java.properties file.

      For this option, run the following command:

      bin/dsjavaproperties --initialize

    3. Use the generated file as a reference for converting the original java.properties file. Alternatively, upgrade the server using the generated file, and then restore your customized settings afterward.

  • Allow the upgrade to replace the file:

    1. Upgrade the server to version 10.0.

      The upgrade process will overwrite the java.properties file and the original file will be saved as java.properties.old. A java.properties.change file will also be created, containing the diff output between the new and old java.properties files.

    2. Restore or convert the JVM settings that were overwritten during the upgrade process.

Upgrading a PingAuthorize Policy Editor running Java 8 to version 10.0

If you are upgrading from a PingAuthorize Policy Editor instance running Java 8, you must export the JAVA_HOME environment variable by running the following command:

export JAVA_HOME=$JAVA11_HOME

You must perform this export before running any scripts in PingAuthorize 10.0, including bin/setup and bin/start-server.