Upgrade from previous version

Current version is pre 2.0

Even though PhenixID server is fully compliant with previous versions there are differences. Upgrades should not be done without contacting PhenixID.

When contacting PhenixID please add information about current usage of PhenixID server. This will help in assessing the work upgrading the system.

Current version is 2.0 or later

The installer will guide through the update. Be sure to backup the existing installation before starting the upgrade.

As always, verify customizations from earlier version and transfer to new installation if needed.

NOTE:

There has been changes to the "front end files" such as css, js and templates. If you see strange behavior with the web apps or authentication pages, please clear the browser cache.

In case you see the text below in server.log, please contact PhenixID for assistance (only applies to clustered environments):

ERROR: Startup failed com.phenixidentity.core.CoreException: Quorum (1) cannot be reached on server 'PHIDTEST01' database 'phenixid' because it is major than the nodes in quorum (0)

From version 2.6 there has been a change to the template file used by One Touch.
The server will now look for this file in the folder /resources and the name of the default template file has changed from onetouch_template_json.template to ot_auth_template.json.
If there are One Touch scenarios configured in earlier version, please go into the Configuration Manager, locate your scenario(s) for One Touch and click on the tab "Advanced".
Edit the name of the template file according to your environment.

Existing instance of MyApps

This version comes with the simplified configuration of MyApps. An already existing instance of MyApps is not compatible with this version. 

Functionality wise the new version of MyApps is equal to previous installations. 

Migration is done by configuring MyApps through the guide.

The old version of MyApps could be  used  as an interim solution. Configure the prism-myapps module with "bounce": "false" in order to do so. Note: this is considered an interim solution and a re-configuration of the new MyApps webapp should be planned!


Stricter HTTPS communication validation

Updates are made so that communication using HTTPS uses stricter validation. This will only affect systems where certificates in any way violates common standard. To relax this it is possible to set a system property, "com.phenixidentity.globals.usePromiscuousMode" = true. It is not recommended in a production environment and is set to false by default.

Self signed certificates and corporate CAs are example of certificates that might require promiscous mode.

Best practice would be to import the certificate or CA certificate as a trusted root certificate in the cacerts used by the jre.

BankID trust

By replacing the default cacerts file trust with both BankID test and prod server will be established.

Trusting BankID CA