Upgrade considerations
When upgrading, you must consider factors such as the scope of the update, the PingAuthorize or PingDataGovernance version from which you are upgrading, and if you are not using Docker, your installed version of Java.
The 8.3.0.0 release is the first release of PingAuthorize. Previously, the product was known as PingDataGovernance. |
General considerations
For Docker deployments, the upgrade process involves downloading and deploying the latest containers.
For manual installations, the upgrade process involves downloading and extracting a new version of the PingAuthorize Server .zip
file on the server and running the update utility with the --serverRoot
or -R
option value from the new root server pointing to the installation.
Consider the following when upgrading:
-
If you are upgrading from a PingAuthorize Early Access release to a PingAuthorize General Availability release, you must upgrade both the PingAuthorize Server and the Policy Editor before you use the Policy Decision Service in external mode. Upgrading only one component results in this error:
Please upgrade to PingAuthorize Policy Editor version <X.X.X.X>
. -
The update affects only the server being upgraded. The process does not alter the configuration of other servers, so you must update those servers separately.
-
The update tool verifies that the installed version of Java meets the new server requirements. To simplify the process, install the version of Java that is supported by the new server before running the tool.
-
Upgrades for PingDataGovernance Server are only supported from versions 7.0.0.0 or later. If upgrading from a version of PingDataGovernance prior to 7.3.0.0, configuration loss will occur. The update tool has a warning message about this.
For additional considerations, see Planning your upgrade. |
Upgrade considerations introduced in PingAuthorize 10.1
Resolving issues with copying policy elements
After upgrading from a version of PingAuthorize earlier than 10.1 and attempting to delete a copy of a Policy Editor element, that copy might persist in the UI and return an error when selected. To completely remove deleted copies from the Policy Editor, follow the steps in Deleting persistent copies.
Upgrade considerations introduced in PingAuthorize 10.0
Camel upgrade
PingAuthorize 10.0 now supports Apache Camel 3.21.2. The limitations on using Apache Camel to connect policy information points (PIP) introduced in PingAuthorize 9.3 still apply. For more information on working around these limitations, see Enabling Camel service connections. For details on upgrading from Apache Camel 2.x to 3.0, see Apache’s migration guide.
SNI hostname checking disabled by default
If you are upgrading to PingAuthorize 10.0 with an existing configuration that has SNI hostname checks enabled, you might encounter an issue when using a host name not found in the key store. To migrate an existing configuration from an earlier version of PingAuthorize and disable SNI host name checks, add the following to your configuration.yml
file:
server: ... applicationConnectors: - type: "https" ... disableSniHostCheck: "${PING_DISABLE_SNI_HOSTNAME_CHECKS:-true}"
This change also introduces a new setup
option, --disableSniHostnameChecks
, that you can set to false
to enable SNI hostname checks.
Upgrading a PingAuthorize server running Java 8 to version 10.0
Support for Java 8 has been deprecated, and upgrading to Version 10.0 of PingAuthorize will fail unless you are running Java 11 or 17.
If you are upgrading a server running Java 11 or 17 to version 10.0, you can proceed with the server upgrade after confirming one of the following:
-
Your default Java installation is a supported version.
-
You are pointing one of the following environment variables to a supported version of Java:
-
JAVA_HOME
-
UNBOUNDID_JAVA_HOME
-
The java.properties
configuration file won’t be modified if you upgrade the server to version 10.0 under the previous conditions.
The upgrade process from a server instance running Java 8 is not automatic and will fail. Java 8 is no longer supported. |
- Updating to a supported Java version before upgrading the server
-
Before upgrading the server to version 10.0, you must install either Java 11 or 17. For more information, see System requirements. Upgrading to version 10.0 after updating Java requires changes to the
java.properties
file.Select one of the following options for handling how
java.properties
gets modified. Where a Java version is specified, substitute your installed, supported Java version.-
Before updating the server, convert the file manually:
-
Edit
config/java.properties
file to convert the JVM parameters to be specific to Java 11. -
Run
bin/jds/javaproperties
to make the changes go into effect.
-
-
Before upgrading the server, create a new file:
-
Rename the old
java.properties
file. -
Run the
bin/dsjavaproperties
command to initialize a new Java 11java.properties
file.For this option, run the following command:
bin/dsjavaproperties --initialize
-
Use the generated file as a reference for converting the original
java.properties
file. Alternatively, upgrade the server using the generated file, and then restore your customized settings afterward.
-
-
Allow the upgrade to replace the file:
-
Upgrade the server to version 10.0.
The upgrade process will overwrite the
java.properties
file and the original file will be saved asjava.properties.old
. Ajava.properties.change
file will also be created, containing the diff output between the new and oldjava.properties
files. -
Restore or convert the JVM settings that were overwritten during the upgrade process.
-
-
Upgrading a PingAuthorize Policy Editor running Java 8 to version 10.0
If you are upgrading from a PingAuthorize Policy Editor instance running Java 8, you must export the JAVA_HOME
environment variable by running the following command:
export JAVA_HOME=$JAVA11_HOME
You must perform this export before running any scripts in PingAuthorize 10.0, including |