Upgrade from previous version
Current version is pre 2.0
Even though PhenixID server is fully compliant with previous versions there are differences. Upgrades should not be done without contacting PhenixID.
When contacting PhenixID please add information about current usage of PhenixID server. This will help in assessing the work upgrading the system.
Current version is 2.0 or later
The installer will guide through the update. Be sure to backup the existing installation before starting the upgrade.
Step by step document for upgrade can be found here:
As always, verify customizations from earlier version and transfer to new installation if needed.
There has been changes to the "front end files" such as css, js and templates. If you see strange behavior with the web apps or authentication pages, please clear the browser cache.
From version 2.6 there has been a change to the template file used by One Touch.
The server will now look for this file in the folder /resources and the name of the default template file has changed from onetouch_template_json.template to ot_auth_template.json.
If there are One Touch scenarios configured in earlier versions, please go into the Configuration Manager, locate your scenario(s) for One Touch and click on the tab "Advanced".
Edit the name of the template file according to your environment.
If One Touch tokens have been enrolled in version 2.7 and before, you might see this error on startup.
Replacement of persistent layer (database)
Module, com.phenixidentity~phenix-store-mpl, has gone through refactorization that will require additional steps in order to keep old data after upgrade.
In short this means exporting old data and importing it using a tool provided by PhenixID.
See separate article.
NOTE: If the following is seen in server.log, during startup, after upgrade of internal HSQLDB:
[MasterVerticle] ERROR: There was a problem deploying SQL server....java.lang.RuntimeException: liquibase.exception.ValidationFailedException: Validation Failed:
1 change sets check sum phenixid.sql::create-multiple-tables::initialdatasetup was: 8:905a0da2bdc836a49fce7f95018f1d2f but is now: 8:5be9527e045acd9810f4ed81a0cff6ad
Please edit <pasinstallationdir>/data/phenixid.script, find the first value and replace with the second, then start service again.
Upgrading from an clustered installation
Clustering configuration and recommendation has been updated in a way that previously installed systems using cluster will need additional configuration. Functionality will be maintained.
BankID template update
If using Swedish bankid, the template has been updated. Current configuration is found in Authenticators manual.
Module com.phenixidentity~phenix-api-authenticate API calls has been updated.
In order to access any One Touch api endpoint, the uri now must end with a "/", ie /api/authentication/onetouch/assign/
In addition the ending part of the URI must be listed as an allowed operation:
ADFS MFA Adapter
The ADFS MFA Adapter for One Touch has been updated to work against a PAS 3.2 backend.
Download new binaries here.
Unregister and register the PhenixID One Touch MFA Adapter.
Manual updates are required in boot.json & phenix.store.json
Read about the requirements here.
Guide updates - User name & One Touch
Any configuration done through GUIDE User Name and One touch must be manually updated.
Authenticators have updates that may result in new behavior. The update consists in a change in how a user is bound to the session:
For authenticators PostUidPasswordAndOTPSAML, OIDCPostUidPasswordAndOTP & PostUidPasswordAndOTP the session is rebound for each authentication. This means that scenarios, where the above authenticators are used along with others in an already authenticated session, may change the primary user identity when re-authenticating using one of the above authenticators.