Upgrade considerations introduced in PingAuthorize 10.0
Camel upgrade
PingAuthorize 10.0 now supports Apache Camel 3.21.2. The limitations on using Apache Camel to connect policy information points (PIP) introduced in PingAuthorize 9.3 still apply. For more information on working around these limitations, see Enabling Camel service connections. For details on upgrading from Apache Camel 2.x to 3.0, see Apache’s migration guide.
SNI hostname checking disabled by default
If you are upgrading to PingAuthorize 10.0 with an existing configuration that has SNI hostname checks enabled, you might encounter an issue when using a host name not found in the key store. To migrate an existing configuration from an earlier version of PingAuthorize and disable SNI host name checks, add the following to your configuration.yml
file:
server: ... applicationConnectors: - type: "https" ... disableSniHostCheck: "${PING_DISABLE_SNI_HOSTNAME_CHECKS:-true}"
This change also introduces a new setup
option, --disableSniHostnameChecks
, that you can set to false
to enable SNI hostname checks.
Upgrading a PingAuthorize server running Java 8 to version 10.0
Support for Java 8 has been deprecated, and upgrading to Version 10.0 of PingAuthorize will fail unless you are running Java 11 or 17.
If you are upgrading a server running Java 11 or 17 to version 10.0, you can proceed with the server upgrade after confirming one of the following:
-
Your default Java installation is a supported version.
-
You are pointing one of the following environment variables to a supported version of Java:
-
JAVA_HOME
-
UNBOUNDID_JAVA_HOME
-
The java.properties
configuration file won’t be modified if you upgrade the server to version 10.0 under the previous conditions.
The upgrade process from a server instance running Java 8 is not automatic and will fail. Java 8 is no longer supported. |
- Updating to a supported Java version before upgrading the server
-
Before upgrading the server to version 10.0, you must install either Java 11 or 17. For more information, see System requirements. Upgrading to version 10.0 after updating Java requires changes to the
java.properties
file.Select one of the following options for handling how
java.properties
gets modified. Where a Java version is specified, substitute your installed, supported Java version.-
Before updating the server, convert the file manually:
-
Edit
config/java.properties
file to convert the JVM parameters to be specific to Java 11. -
Run
bin/jds/javaproperties
to make the changes go into effect.
-
-
Before upgrading the server, create a new file:
-
Rename the old
java.properties
file. -
Run the
bin/dsjavaproperties
command to initialize a new Java 11java.properties
file.For this option, run the following command:
bin/dsjavaproperties --initialize
-
Use the generated file as a reference for converting the original
java.properties
file. Alternatively, upgrade the server using the generated file, and then restore your customized settings afterward.
-
-
Allow the upgrade to replace the file:
-
Upgrade the server to version 10.0.
The upgrade process will overwrite the
java.properties
file and the original file will be saved asjava.properties.old
. Ajava.properties.change
file will also be created, containing the diff output between the new and oldjava.properties
files. -
Restore or convert the JVM settings that were overwritten during the upgrade process.
-
-
Upgrading a PingAuthorize Policy Editor running Java 8 to version 10.0
If you are upgrading from a PingAuthorize Policy Editor instance running Java 8, you must export the JAVA_HOME
environment variable by running the following command:
export JAVA_HOME=$JAVA11_HOME
You must perform this export before running any scripts in PingAuthorize 10.0, including |