---
title: Migrating other components
description: Some custom and integrated components might require additional steps after upgrading PingFederate.
component: pingfederate
version: 13.1
page_id: pingfederate:upgrading_pingfederate:pf_migrate_other_componen
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/upgrading_pingfederate/pf_migrate_other_componen.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  updating-the-custom-authentication-selector: Updating the custom authentication selector
  migrating-to-the-integrated-ldap-username-pcv: Migrating to the integrated LDAP Username PCV
  about-this-task: About this task
  steps: Steps
  related-links: Related links
  migrating-to-the-integrated-username-token-processor: Migrating to the integrated Username Token Processor
  about-this-task-2: About this task
  steps-2: Steps
  related-links-2: Related links
---

# Migrating other components

Some custom and integrated components might require additional steps after upgrading PingFederate.

## Updating the custom authentication selector

Through the use of the PingFederate SDK, you can create a custom authentication selector by implementing the `AuthenticationSelector` interface.

Most implementations return `AuthenticationSelectorContext.ResultType.CONTEXT` as the result type, which requires no further action after an upgrade.

If your implementation returns either:

* `AuthenticationSelectorContext.ResultType.ADAPTER_ID`, an Identity Provider (IdP) adapter instance ID

* `AuthenticationSelectorContext.ResultType.IDP_CONN_ID`, the connection ID of an IdP connection

You must update the descriptor instance of your custom authentication selector to call the `setSelectAuthnSourceResultType` method with an input of `true`. For each authentication policy path that ends with an instance of such custom authentication selector, you must ensure that its action is set to **Done**.

For more information, see the Javadoc for the `AuthenticationSelector` interface and the `AuthenticationSelectorDescriptor` class.

|   |                                                                                               |
| - | --------------------------------------------------------------------------------------------- |
|   | The Javadoc for PingFederate is located in the `<pf_install>/pingfederate/sdk/doc` directory. |

## Migrating to the integrated LDAP Username PCV

### About this task

As of PingFederate 7.3, the integrated LDAP Username Password Credential Validator (PCV) can return additional attribute values upon successful validation.

If you have previously deployed the `LDAPExtendedAttributesPCV-<version>.jar` file from the PingID integration kit and created an instance of the LDAP PCV with Extended Attributes, migrate to the integrated LDAP Username PCV.

### Steps

1. Create an instance of the integrated LDAP Username PCV:

   1. Go to **System > Data & Credential Stores > Password Credential Validators** and click **Create New Instance**.

   2. On the **Type** tab, enter the required information and select **LDAP Username Password Credential Validator** from the list.

   3. On the **Instance Configuration** tab, select an LDAP datastore from the list, enter a search base and a search filter, and select the scope of the search.

      |   |                                                                                             |
      | - | ------------------------------------------------------------------------------------------- |
      |   | You can reuse the information from the existing LDAP PCV with Extended Attributes instance. |

   4. On the **Extended Contract** tab, enter `memberOf` in the **Extend the Contract** section, and click **Add.**

   5. On the **Summary** tab, review the setup and click **Done**.

   6. On the **Manage Credential Validator Instances** page, click **Save**.

2. In the configuration where the LDAP PCV with Extended Attributes instance is used, replace it with the newly created LDAP Username Password Credential Validator instance.

   For example, if you have created an instance of the PingID PCV (with integrated RADIUS server) instance and have selected an instance of the LDAP PCV with Extended Attributes as one of the delegate PCVs, remove the selection and add the newly created LDAP Username Password Credential Validator instance to the list.

3. After replacing the LDAP PCV with Extended Attributes instance, delete it from the **Password Credential Validators** page.

4. Remove the `<pf_install>/pingfederate/server/default/deploy/LDAPExtendedAttributesPCV-<version>.jar` file on all PingFederate servers.

5. Restart PingFederate on all PingFederate servers.

### Related links

* [Configuring the LDAP Username Password Credential Validator](../administrators_reference_guide/pf_configure_ldap_username_pcv.html)

## Migrating to the integrated Username Token Processor

### About this task

As of PingFederate 7.2, the Username Token Translator has been deprecated and replaced with an integrated Username Token Processor. Although the integrated Username Token Processor and the deprecated Username Token Translator can be simultaneously deployed, you should migrate it to the new token processor.

### Steps

1. Go to **Identity Provider > Token Processors**.

2. To create an instance of the integrated Username Token Processor, click **Create New Instance**.

   1. On the **Type** page, select **Username Token Processor** from the list.

      |   |                                                                                                                                                                              |
      | - | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
      |   | If you have multiple WS-Trust STS SP connections, you can reuse the same Username Token Processor instance or create additional instances of the token processors as needed. |

3. Map the new token processor instance to the applicable WS-Trust STS SP connection on the **IdP Token Processor Mapping** page.

   Repeat this step if you have multiple WS-Trust STS SP connections.

4. Test your WS-Trust STS SP connections using the instance of the integrated Username Token Processor.

5. Remove the token processor instance of the deprecated Username Token Translator from all WS-Trust STS SP connections on the **IdP Token Processor Mapping** page.

6. If you have set up token translator mappings, create new entries to replace those using instances of the deprecated Username Token Translator, test the new mapping entries, and delete the entries that use instances of the deprecated Username Token Translator.

7. Delete all token processor instances of the deprecated Username Token Translator on the **Identity Provider > Token Processors** page.

8. Remove the `pf-username-token-translator-<version>.jar` file from the `<pf_install>/pingfederate/server/default/deploy` directory on all PingFederate servers.

9. Restart PingFederate on all PingFederate servers.

### Related links

* [Managing token processors](../administrators_reference_guide/pf_managing_token_processors.html)

* [Managing IdP token processor mappings](../administrators_reference_guide/help_wstrustsptokencreationtasklet_wstrusttokenprocessormappingstate.html)

* [Token translator mappings](../administrators_reference_guide/pf_token_translator_mappings.html)

* [IdP protocol endpoints](../administrators_reference_guide/help_idp_protocol_endpoints.html)