The database schema for the JDBC data sources was updated to add support for multi-tenancy, thus allowing to store data for different tenants in a single database instance. A nullable tenant_id column has been added to the accounts, linked_accounts, credentials, devices and buckets tables. New indexes have been added to enforce uniqueness of data per tenant.
tenant_id
accounts
linked_accounts
credentials
devices
buckets
Moreover, the primary key has been changed for the linked_accounts and buckets tables.
Note
The database schema migration is optional in this minor release and the Curity Identity Server supports both versions of the schema.
To upgrade the SQL database schema, the following steps must be carried out:
Warning
Due to the changes of primary key for some tables, it is advised to perform a full database backup before running the migration scripts.
To enable the multi-tenancy feature in Curity Identity Server, new columns and indexes must be created by running the <dbms>-upgrade-from-9.1-to-9.2.sql SQL file matching your DBMS. It is provided with this release in the $IDSVR_INSTALL/misc/upgrade/9.1-to-9.2 directory.
<dbms>-upgrade-from-9.1-to-9.2.sql
$IDSVR_INSTALL/misc/upgrade/9.1-to-9.2
The migration scripts have been designed to perform online database schema migration, allowing the production load to be served without locking users of the Curity Identity Server. However, it is preferable to migrate the database schema during low traffic hours.
The change of primary key for the buckets table implies a full table rewrite. If you are using a buckets data source, make sure the database has enough additional storage space to perform the table update.
At the end of the schema upgrade, old and new indexes will exist in the database allowing to get maximum query performance with versions 9.1 and 9.2 of Curity Identity Server.
Upgrade Curity Identity Server to version 9.2.0 or above following the General Upgrade Procedure
Multi-tenancy feature will only be usable once old indexes are deleted.
Once the Curity Identity Server has been upgraded to version 9.2.0, old indexes must be deleted by running the <dbms>-cleanup-from-9.1-to-9.2.sql SQL file matching your DBMS. It is provided with this release in the $IDSVR_INSTALL/misc/upgrade/9.1-to-9.2 directory.
<dbms>-cleanup-from-9.1-to-9.2.sql
Due to the changes of primary key for some tables, it is advised to perform a full database backup after running the migration scripts.
Some corrections were done to the Email authenticator which required minor changes to the following templates:
authenticator/email/enter-username/index.vm
_singleFactor
authenticator/email/enter-otp/index.vm
otp
In case your deployment uses modified templates, please ensure that these templates are updated.
AccountManager
The AccountManager service was improved so that account updates and deletion correctly handle credentials, as was already the case for account creation. When an instance of AccountManager is combined with a Credential Manager using withCredentialManager, the ùpdateAccount and deleteAccount methods will also handle credentials. These methods now throw CredentialUpdateException when the credential update is rejected. Refer to each method’s Javadocs for more details.
withCredentialManager
ùpdateAccount
deleteAccount
CredentialUpdateException
In addition, the experimental create method in AccountManager was removed; the previously existing createAccount method should be used instead. This method now throws CredentialUpdateException when the credential is rejected. Refer to the method’s Javadocs for more details.
create
createAccount