Upgrading from 9.1.X to 9.2.0

JDBC data source - database schema changes

The database schema for the JDBC data sources was updated to add support for multi-tenancy, thus allowing to store data for different tenants in a single database instance. A nullable tenant_id column has been added to the accounts, linked_accounts, credentials, devices and buckets tables. New indexes have been added to enforce uniqueness of data per tenant. The new index - IDX_DEVICE_ID has been added to the devices table to support discoverable credentials.

Moreover, the primary key has been changed for the linked_accounts and buckets tables.

Note

The database schema migration is optional in this minor release and the Curity Identity Server supports both versions of the schema.

To upgrade the SQL database schema, the following steps must be carried out:

  1. Perform a full database backup
  2. Upgrade the SQL database schema
  3. Upgrade Curity Identity Server to version 9.2.0 or above following the General Upgrade Procedure
  4. Clean up the SQL database schema from old indexes
  5. Perform a full database backup

Upgrade the SQL database schema

Warning

Due to the changes of primary key for some tables, it is advised to perform a full database backup before running the migration scripts.

To enable the multi-tenancy feature in Curity Identity Server, new columns and indexes must be created by running the <dbms>-upgrade-from-9.1-to-9.2.sql SQL file matching your DBMS. It is provided with this release in the $IDSVR_INSTALL/misc/upgrade/9.1-to-9.2 directory.

Note

The migration scripts have been designed to perform online database schema migration, allowing the production load to be served without locking users of the Curity Identity Server. However, it is preferable to migrate the database schema during low traffic hours.

Warning

The change of primary key for the buckets table implies a full table rewrite. If you are using a buckets data source, make sure the database has enough additional storage space to perform the table update.

At the end of the schema upgrade, old and new indexes will exist in the database allowing to get maximum query performance with versions 9.1 and 9.2 of Curity Identity Server.

Upgrade Curity Identity Server to version 9.2.0

Upgrade Curity Identity Server to version 9.2.0 or above following the General Upgrade Procedure

Clean up the SQL database schema

Note

Multi-tenancy feature will only be usable once old indexes are deleted.

Once the Curity Identity Server has been upgraded to version 9.2.0, old indexes must be deleted by running the <dbms>-cleanup-from-9.1-to-9.2.sql SQL file matching your DBMS. It is provided with this release in the $IDSVR_INSTALL/misc/upgrade/9.1-to-9.2 directory.

Warning

Due to the changes of primary key for some tables, it is advised to perform a full database backup after running the migration scripts.

Template Changes

Email Authenticator

Some corrections were done to the Email authenticator which required minor changes to the following templates:

  • authenticator/email/enter-username/index.vm - use the _singleFactor variable to control display of the form element.
  • authenticator/email/enter-otp/index.vm - fix label for the otp input element.

In case your deployment uses modified templates, please ensure that these templates are updated.

SDK changes

Account operations using the AccountManager service

The AccountManager service was improved so that account updates and deletion correctly handle credentials, as was already the case for account creation. When an instance of AccountManager is combined with a Credential Manager using withCredentialManager, the ùpdateAccount and deleteAccount methods will also handle credentials. These methods now throw CredentialUpdateException when the credential update is rejected. Refer to each method’s Javadocs for more details.

In addition, the experimental create method in AccountManager was removed; the previously existing createAccount method should be used instead. This method now throws CredentialUpdateException when the credential is rejected. Refer to the method’s Javadocs for more details.