Upgrading from 8.0.X to 8.1.0

Database Changes

The description of owner column in delegations table has been updated. Migration scripts for all impacted databases are provided with this release in the $IDSVR_INSTALL/misc/upgrade/8.0-to-8.1/ directory.

Custom Token Issuers

Token Issuer Names

Custom issuers are now enforced to have a unique combination of the issuer identifier and the purpose-type within a profile. Until now, having such issuers in a token profile would result in runtime errors. Existing custom token issuers have to be renamed in case they don’t adhere to this new constraint before upgrading. Token procedures using the renamed issuers have to be updated to use the new issuer names.

ID token issuers

A custom ID token issuer cannot have a data source configured now. Having a custom ID token issuer with a configured data source in a token profile caused runtime errors, thus it is highly unlikely that such issuers are configured. However, if such issuers are configured, they have to be updated - their data sources have to be unset before upgrading. Having a custom ID token issuer configured on an authentication profile doesn’t produce any runtime error, however such an issuer cannot be used in the runtime. Therefore it is recommended to remove such issuers completely.

Email Authenticator

The Email authenticator was updated so that when the authentication hyperlink is followed in the same user-agent/session where it was requested, the authentication flow immediately continues in the window/tab where the hyperlink was followed. In this case, the initial window/tab - which was waiting for the hyperlink to be followed - will move to a new page that informs the user that authentication is completed (no further action is possible).

The new behavior can be disabled by setting hyperlink-continue-authentication-in-verify-window to false.

To support the new feature, a new template was added (authenticator/email/link-wait-completed/index.vm), as well as the corresponding message keys.