On Linux servers, use the Upgrade Utility to upgrade to the current version of PingFederate.
The Upgrade Utility migrates the existing versions of all PingFederate plugins by
default. If preferred, you can use the
-c command line parameter to
override the default behavior and install the latest versions of each plugin.
Upgrade results are contained in the upgrade.log file, which is located in <pf_install_target>/pingfederate/upgrade/log.
If you are upgrading a clustered PingFederate environment, start with the console node, and then follow the additional steps to upgrade the engine nodes.
- Download the latest version of the PingFederate Server distribution.zip file from the Ping Identity website.
- Extract the distribution .zip file into the target installation directory.
- Stop PingFederate.
On the command line, change the current directory to
the target installation and execute the following command:
./upgrade.sh <pf_install_source> [-l <newLicense>] [-c] [--release-notes-reviewed]
The command prompt displays messages indicating upgrade progress. The process is complete when the following message appears.
- The full or relative path of the base directory where the existing PingFederate
software (pingfederate) is installed.Note:
The pingfederate subdirectory must exist by that name for the Upgrade Utility to function correctly.
- The optional path and file name of the license to use for the upgraded PingFederate version.
If your current license is valid, the Upgrade Utility automatically copies it from the source installation to the target installation, and you do not need to specify the
If your license is not valid, obtain a valid license file and specify its path and file name for this parameter.
- The optional parameter to run the tool in custom mode, which allows you to override newer default security settings (if any) and to upgrade to the newest version of each installed plugin.
- An optional parameter that indicates that you have already reviewed the release notes. This parameter prevents prompts during the upgrade that ask if you have read the release notes and the upgrade considerations.
Upgrade completed with [N] errors and [N] warnings
If there are errors, scroll up the command window to see them and then correct the indicated problems. Errors during the upgrade should be rare but might include problems such as missing or malformed configuration files in the source installation. The messages are also logged to the upgrade.log file in the Upgrade Utility base directory.
If you are using AWS CloudHSM version 2.0.x:
- Update the CloudHSM client and the CloudHSM Software Library for Java to version 3.2.0 and restart the client.
- Copy <pf_install>/pingfederate/lib-ext/pf-aws-cloud-hsm-wrapper.jar to the JAVA_HOME/jre/lib/ext directory.
- Copy all of the files under /opt/cloudhsm/java and /opt/cloudhsm/lib to the JAVA_HOME/jre/lib/ext directory.
If you are upgrading a clustered PingFederate environment, repeat from
step 1 to upgrade PingFederate on each engine node.
End users might experience disruptions while you upgrade your PingFederate environment.
Start the new PingFederate installation.
If you are upgrading a clustered PingFederate environment, start the new PingFederate instance on the console node.
If you have configured single sign-on using OpenID Connect as the console authentication scheme and set the endpoint settings back to your PingFederate environment, start the new PingFederate instance on the console node and one of the engine nodes.
- Open the administrative console and verify the new installation.
If you are upgrading a clustered PingFederate environment:
- Start the new installation on each engine node, and then ensure all nodes are shown on the window.
- Click Replicate Configuration on the Cluster Management window.
If PingFederate is running as a service, re-configure the service.
- PingFederate systemd service
- Edit the PingFederate systemd unit file and reconfigure the PingFederate service (see step 5 in Installing the PingFederate service on Linux manually).
- PingFederate SysV initialization script
- Edit the PingFederate SysV initialization script and reconfigure the PingFederate service (see step 6 in Installing the PingFederate service on Linux manually).
The upgrade utility automatically merges, migrates, and copies the language packs'
.properties files into the upgraded PingFederate
installation. Verify the language packs in the upgrade installation by looking at the
.properties files located in the upgraded
- Standard .properties files include pingfederate-email-messages.properties, pingfederate-messages.properties, and pingfederate-sms-messages.properties. During upgrade, these files are migrated and merged into the upgraded PingFederate installation.
- Localized .properties files (for example, pingfederate-messages_fr_CA.properties), are also migrated and merged into the upgraded PingFederate installation.
- If the PingOne MFA or PingOne Protect integration kit was installed on PingFederate, you must manually migrate its .properties file after the upgrade.
- All other .properties files in <pf_install>/pingfederate/server/default/conf/language-packs that do not fit the previous criteria are copied (not merged) into the upgraded PingFederate installation.