In DA 3.3.0 and earlier, the setup script assigned a cross-origin resource sharing (CORS) policy to the Delegated Admin HTTP servlet extension. This policy is potentially insecure because the CORS setting Allowed-Origin permits requests that use a wildcard to allow requests from any origin. Unless you have made changes to secure this policy, remove it, as follows:

dsconfig set-http-servlet-extension-prop --extension-name "Delegated Admin" --reset "cross-origin-policy"
dsconfig delete-http-servlet-cross-origin-policy --policy-name "Delegated Admin Cross-Origin Policy"
Important: Beginning with Delegated Admin 3.2.0 and PingDirectory Server, the following configuration changes were made:
  • delegated-admin-resource-type was replaced with rest-resource-type.
  • delegated-administrator was replaced with delegated-admin-rights and delegated-admin-resource-rights.

As a result, Delegated Admin 3.0.2 or earlier requires PingDirectory Server or earlier. Similarly, Delegated Admin 3.2.0 or later requires PingDirectory Server or later.

The update tool converts earlier configurations to new configuration definitions. This tool is also used during the process of upgrading PingDirectory Server.

The migrated Delegated Admin configuration features a group REST resource type for the structural object classes groupOfNames and groupOfUniqueNames. If the original user's resource type configuration includes a value for Org Search Filter, then the migrated configuration also features a generic orgs REST resource type, with the structural object class organizationalUnit as the parent resource type of users. If necessary, change the structural object class on the resource type configuration after the Delegated Admin update completes.

Note: If you change the structural object class, you must stop the server to proceed with the update.

To upgrade Delegated Admin on PingDirectory Server, perform the following steps:

  1. Extract the contents of the Delegated Admin upgrade ZIP file.
  2. Rename the original delegator folder to retain a backup copy of the earlier version.
  3. Copy the extracted folder named delegator to the PingDirectory Server folder named webapps.
  4. Copy the configuration file config.js to the new delegator folder.

    config.js is located in {OriginalDelegatorFolder}/app/config.js.

  5. Restart PingDirectory Server.

For more information, including details about upgrading the RPM package and reverting an update, refer to the PingDirectory Server Administration Guide.