PingFederate Server

Upgrading PingFederate on Linux systems

You can use the Upgrade Utility on Linux servers to upgrade to the current version of PingFederate.

About this task

The Upgrade Utility copies all relevant sources of your current installation into the new target directory of your choice. It doesn’t change the current installation.

The Upgrade Utility migrates the existing versions of all PingFederate plugins by default. You can use the -c command line parameter to override the default behavior and install the latest versions of each plugin.

Upgrade results are contained in the <pf_install_target>/pingfederate/upgrade/log/upgrade.log file.

To use the Upgrade Utility on Linux servers to upgrade to the current version of PingFederate:

Steps

  1. Download the latest version of the PingFederate Server distribution.zip archive from the Ping Identity website.

  2. Extract the .zip to the new target directory of your choice, <pf_install_target>.

  3. Stop PingFederate.

  4. On the command line, change directory to <pf_install_target>/upgrade/bin and execute the following command:

    ./upgrade.sh  <pf_install_source>  <newLicense>] [-c] [--release-notes-reviewed]

    where: <pf_install_source>::

    The full or relative path of the base pingfederate directory where the existing PingFederate software is installed.

The pingfederate directory must have the name "pingfederate" for the Upgrade Utility to function correctly.
<newLicense>

The optional path and file name of the license to use for the upgraded PingFederate version.

If your current license is valid, the Upgrade Utility automatically copies it from the source installation to the target installation, and you don’t need to specify the <newLicense> parameter.

If your license isn’t valid, obtain a valid license file and specify its path and file name for this parameter.
-c

The optional parameter to run the tool in custom mode, which allows you to override newer default security settings (if any) and to upgrade to the newest version of each installed plugin.

--release-notes-reviewed

An optional parameter that indicates that you’ve already reviewed the release notes. This parameter prevents prompts during the upgrade that ask if you’ve read the release notes and the upgrade considerations.

The command prompt displays messages indicating upgrade progress. The process is complete when the following message appears:

Upgrade completed with  [N]  errors and  [N]  warnings

If there are errors, scroll up the command window to see them and then correct the indicated problems. Errors during the upgrade should be rare but might include problems such as missing or malformed configuration files in the source installation. The messages are also logged to the upgrade.log file in the Upgrade Utility base directory.

  1. If you’re using an older version of the Amazon Web Services (AWS) CloudHSM client:

    1. Update the CloudHSM client and the CloudHSM Software Library for Java to a supported version and restart the client.

      For more information, see System requirements.

    2. Copy <pf_install_target>/pingfederate/lib-ext/pf-aws-cloud-hsm-wrapper.jar to the JAVA_HOME/jre/lib/ext directory.

    3. Copy all of the files in the /opt/cloudhsm/java and /opt/cloudhsm/lib directories to the JAVA_HOME/jre/lib/ext directory.

    If you’re upgrading a clustered PingFederate environment, repeat from step 1 to upgrade PingFederate on each engine node.

End users might experience disruptions while you upgrade your PingFederate environment.

  1. If PingFederate is running as a service, reconfigure the PingFederate service:

    1. Edit the <pf_install_target>/pingfederate/sbin/linux/pingfederate.service systemd unit file (see step installing_and_uninstalling_pingfederate:pf_install_pf_service_on_linux_manually.adoc#pf_step_installPingfederateSystemdService in Installing PingFederate > Installing on Linux manually).

    2. Edit the <pf_install_target>/pingfederate/sbin/linux/pingfederate SysV initialization script (see step installing_and_uninstalling_pingfederate:pf_install_pf_service_on_linux_manually.adoc#pf_step_installPingfederateSysvInitializationScript in Installing PingFederate > Installing on Linux manually).

    Start the new PingFederate installation.

If you’re upgrading a clustered PingFederate environment, start the new PingFederate instance on the console node.

If you’ve configured single sign-on using OpenID Connect (OIDC) as the console authentication scheme and set the endpoint settings back to your PingFederate environment, start the new PingFederate instance on the console node and one of the engine nodes.

  1. Verify the new installation’s version:

    1. Open the new installation’s administrative console.

    2. On the toolbar, click the Question Mark icon. On the Help menu, click About.

    3. Verify that the pop-up shows the new version.

  2. If you’re upgrading a clustered PingFederate environment:

    1. Start the new installation on each engine node, and then ensure all nodes are shown on the System → Server → Cluster Management page.

    2. On the Cluster Management page, click Replicate Configuration.

  1. Although the upgrade utility automatically merges, migrates, and copies the language packs' .properties files into the upgraded PingFederate installation, verify the language packs in the upgrade installation by looking at the .properties files located in the upgraded <pf_install_target>/pingfederate/server/default/conf/language-packs directory.

    • Standard .properties files include pingfederate-email-messages.properties, pingfederate-messages.properties, and pingfederate-sms-messages.properties. During the upgrade, these files are migrated and merged into the upgraded PingFederate installation.

    • Localized .properties files (for example, pingfederate-messages_fr_CA.properties), are also migrated and merged into the upgraded PingFederate installation.

    • If the PingOne MFA or PingOne Protect integration kit was installed on PingFederate, you must manually migrate its .properties file after the upgrade.

    • All other .properties files in <pf_install_target>/pingfederate/server/default/conf/language-packs that don’t fit the previous criteria are copied (not merged) into the upgraded PingFederate installation.

Next steps

After upgrading PingFederate, perform the Post-upgrade tasks.