The custom-mode feature in the Upgrade Utility (invoked with the
option on the command line) allows you to override several newer default security
settings (new, depending on which PingFederate version is currently running). In
addition, if the installed OpenToken Adapter is out of date, running the tool in custom
mode allows you to replace the adapter with the latest version, if applicable.
In general, using the new security defaults is highly recommended and should not cause significant issues for most PingFederate installations. The newer default security settings include:
- Disabling weaker cipher suites for both the SUN and LUNA Java Cryptography Extension
(JCE) in PingFederate version 6.2 and later. If you want to see which cipher suites
are commented out, choose yes (
y) when prompted on whether to use the new defaults. Then, after the upgrade is complete, refer to either of the following configuration files in the new installation's <pf_install>/pingfederate/server/default/data/config-store directory:
Upgrading the OpenToken Adapter from an earlier version is also recommended and will not normally require any follow-on configuration changes.
- If your existing installation uses a version of the OpenToken Adapter prior to 2.3, upgrading requires minor configuration modifications in the PingFederate console and redeployment of the agent configuration file.
- If you are upgrading from an OpenToken version prior to 2.5.1, we recommend that you
redeploy agent configuration files, if applicable, as well as any new agent libraries
contained in recent versions of PingFederate integration kits and other plug-ins that
Starting in PingFederate 7.2, the LDAP Java Adapter is no longer supported. This adapter was deprecated in PingFederate 6.6 and replaced by the LDAP Username Password Credential Validator (PCV), which can be used with the HTML Form Adapter or HTTP Basic Adapter.