Database migration from version 3.X to 4.X

OpenIAM migration procedure is linked with fact that root encryption algorithm was changed from 3DES to AES.

RPM Installation

PostgreSQL and MySQL

For PostgreSQL and MySQL since v4.1.5.1 one can use a migration util. Util is located in /usr/local/OpenIAM/data/openiam/conf/schema/migration folder. Usage:

Migrate from 3.4.X to 4.X
1./run.sh <db_type> <current_openiam_version> <db_root_password>

where db_type may has values: mysql, postgresql, current_openiam_version may has values: "3.4" - for 3.4.X installations, "3.5" for 3.5,3.6,3.6.1 installations, db_root_password is a password for root user in case of using MySQL, idmuser in case of using PostgreSQL

For example https://drive.google.com/file/d/159IJ2k44drlUbACNro3xexiYJDqIt5eu/view?usp=sharing

Examples
1./run.sh mysql 3.4 openiamExample of updating mysql server with 3.4.X OpenIAM version using root user with password "openiam"
2./run.sh mysql 3.5 openiamExample of updating mysql server with 3.5,3.6 or 3.6.1 OpenIAM version using root user with password "openiam"
3./run.sh postgresql 3.4 idmuserExample of updating postgresql server with 3.4.X OpenIAM version using idmuser user with password "idmuser"
4./run.sh postgresql 3.5 idmuserExample of updating postgresql server with 3.5,3.6 or 3.6.1 OpenIAM version using idmuser user with password "idmuser"

Oracle

Use Oracle SQL developer to apply scripts to the existing Oracle database. Please run consistently scripts from:

/data/openiam/conf/schema/oracle/4.0 /data/openiam/conf/schema/oracle/4.0.1 /data/openiam/conf/schema/oracle/4.1.0 /data/openiam/conf/schema/oracle/4.1.1

and etc...

Next, apply the following script.

UPDATE PROPERTY_FILE_VALUES SET PROPERTY_VALUE = 'DES' WHERE PROPERTY_ID = 'org.openiam.iam.cryptor.algorithm';

Note: Use AES encryption instead of 3DES

After uccessful update of database and running the application you will be able to update your deployment to use AES encryption instead of 3DES that was used in v3.X.

To do that, perform the following steps:

  1. Go to webconsole as sysadmin at: http://your_server/webconsole
  2. Navigate on top menu to AdministrationSystem Configuration.
  3. In System tab find Crypto Algorithm Name and change the value to AES
  4. Click save button at the bottom.
  5. Stop openiam application (you can stop only openiam-esb module)
  6. Login to the redis server with redis-cli command
  7. In redis-cli console, if you are using the password, type AUTH <YOUR_REDIS_PASSWORD>
  8. Run FLUSHALL command in redis-cli console. It will cleanup all cache and current active users sessions. Don't worry, you will not loose any kind of important information.
  9. Run openiam-esb application.
  10. Now you are able to use your passwords. AES encryption is applied.