PingAuthorize

Upgrade considerations

When upgrading, you must consider factors such as the scope of the update, the PingAuthorize or PingDataGovernance version from which you are upgrading, and if you are not using Docker, your installed version of Java.

The 8.3.0.0 release is the first release of PingAuthorize. Previously, the product was known as PingDataGovernance.

General considerations

For Docker deployments, the upgrade process involves downloading and deploying the latest containers.

For manual installations, the upgrade process involves downloading and extracting a new version of the PingAuthorize Server .zip file on the server and running the update utility with the --serverRoot or -R option value from the new root server pointing to the installation.

Consider the following when upgrading:

  • If you are upgrading from a PingAuthorize Early Access release to a PingAuthorize General Availability release, you must upgrade both the PingAuthorize Server and the Policy Editor before you use the Policy Decision Service in external mode. Upgrading only one component results in this error: Please upgrade to PingAuthorize Policy Editor version <X.X.X.X>.

  • The update affects only the server being upgraded. The process does not alter the configuration of other servers, so you must update those servers separately.

  • The update tool verifies that the installed version of Java meets the new server requirements. To simplify the process, install the version of Java that is supported by the new server before running the tool.

  • Upgrades for PingDataGovernance Server are only supported from versions 7.0.0.0 or later. If upgrading from a version of PingDataGovernance prior to 7.3.0.0, configuration loss will occur. The update tool has a warning message about this.

For additional considerations, see Planning your upgrade.

For information about important fixes made over several releases, see Critical Fixes.

Considerations introduced in PingAuthorize 9.3.0.0

PingAuthorize no longer supports policy deployment packages with Apache Camel policy information point (PIP) services. If you’re running PingAuthorize in embedded policy decision point (PDP) mode using deployment packages containing Camel PIPs, you can’t upgrade to PingAuthorize 9.3 without additional action. See Enabling Camel service connections for more information.

Considerations introduced in PingAuthorize 9.0.0.0

Keep in mind the following important upgrade considerations introduced in this version of PingAuthorize Server.

General

Peer server setup has been removed. To manage server configuration, use server profiles instead of peer setup. Server profiles support deployment best practices such as automation and Infrastructure-as-Code (IaC). For more information about server profiles, see Deployment automation and server profiles.

Spring compatibility

Spring configuration properties in PingAuthorize administrative console configuration files prior to version 9.0.0.0 are not compatible with the administrative console bundled with PingAuthorize 9.0.0.0 and later. This incompatibility is caused by major updates to Spring dependencies. Attempting to use these older configuration files will result in the administrative console failing to start.

If you are using older PingAuthorize administrative console configuration files, these should be updated. Replace the following excerpt in the old application.yml file:

spring:
  profiles.active: default
  main.show-banner: false
  thymeleaf.cache: true
  thymeleaf.prefix: classpath:/public/app/

with the following:

spring:
  profiles.active: default
  web.resources:
    # 1 year. Update the corresponding value in MvcConfig if this changes.
    cache.period: 31536000
    add-mappings: false # use our custom mappings instead of the defaults
  main:
    banner-mode: "OFF"
  thymeleaf:
    prefix: classpath:/public/app/