Database migration from version 3.X to 4.X

OpenIAM migration procedure is linked with fact that root encryption algorithm was changed from 3DES to AES.

RPM Installation

PostgreSQL and MySQL

For PostgreSQL and MySQL since v4.1.5.1 one can use a migration utility. Utility is stored in /usr/local/OpenIAM/data/openiam/conf/schema/migration folder. To use the mentioned utility

  1. /run.sh <db_type> <current_openiam_version> <db_root_password>, where db_type may have the following values: mysql, postgresql; current_openiam_version may be: 3, 4 - for 3.4.X installations, 3.5 for 3.5, 3.6, 3.6.1 installations, db_root_password is a password for root. In case of using MySQ it is user and idmuser in case of using PostgreSQL.
Examples
1./run.sh mysql 3.4 openiamExample of updating MySQL server with 3.4.X OpenIAM version using root user with password openiam.
2./run.sh mysql 3.5 openiamExample of updating MySQL server with 3.5,3.6 or 3.6.1 OpenIAM version using root with password openiam.
3./run.sh postgresql 3.4 idmuserExample of updating PostgreSQL server with 3.4.X OpenIAM version using idmuser user with password idmuser.
4./run.sh postgresql 3.5 idmuserExample of updating PostgreSQL server with 3.5,3.6 or 3.6.1 OpenIAM version using idmuser user with password "idmuser"

Oracle

Use Oracle SQL developer to apply scripts to the existing Oracle database. Please run consistently scripts from:

/data/openiam/conf/schema/oracle/4.0 /data/openiam/conf/schema/oracle/4.0.1 /data/openiam/conf/schema/oracle/4.1.0 /data/openiam/conf/schema/oracle/4.1.1

etc...

Next, apply the following script.

UPDATE PROPERTY_FILE_VALUES SET PROPERTY_VALUE = 'DES' WHERE PROPERTY_ID = 'org.openiam.iam.cryptor.algorithm';

Note: Use AES encryption instead of 3DES

After a successful update of the database and running the application you will be able to update your deployment to use AES encryption instead of 3DES that was used in v3.X.

To do that, perform the following steps:

  1. Go to webconsole as sysadmin at: http://your_server/webconsole.
  2. Navigate on top menu to Administration > System Configuration.
  3. In System tab find Crypto Algorithm Name and change the value to AES.
  4. Click Save button at the bottom.
  5. Stop OpenIAM application (you can stop only openiam-esb module).
  6. Login to the redis server with redis-cli command.
  7. In redis-cli console, if you are using the password, type AUTH <YOUR_REDIS_PASSWORD>.
  8. Run FLUSHALL command in redis-cli console. It will cleanup all cache and current active users’ sessions. Don't worry, you will not lose any kind of important information.
  9. Run openiam-esb application.
  10. Now you can use your passwords. AES encryption is applied.