Database migration from version 3.X to 4.X
OpenIAM migration procedure is linked with fact that root encryption algorithm was changed from 3DES to AES.
PostgreSQL and MySQL
For PostgreSQL and MySQL since v126.96.36.199 one can use a migration util. Util is located in /usr/local/OpenIAM/data/openiam/conf/schema/migration folder. Usage:
|Migrate from 3.4.X to 4.X|
|1||./run.sh <db_type> <current_openiam_version> <db_root_password>|
where db_type may has values: mysql, postgresql, current_openiam_version may has values: "3.4" - for 3.4.X installations, "3.5" for 3.5,3.6,3.6.1 installations, db_root_password is a password for root user in case of using MySQL, idmuser in case of using PostgreSQL
|1||./run.sh mysql 3.4 openiam||Example of updating mysql server with 3.4.X OpenIAM version using root user with password "openiam"|
|2||./run.sh mysql 3.5 openiam||Example of updating mysql server with 3.5,3.6 or 3.6.1 OpenIAM version using root user with password "openiam"|
|3||./run.sh postgresql 3.4 idmuser||Example of updating postgresql server with 3.4.X OpenIAM version using idmuser user with password "idmuser"|
|4||./run.sh postgresql 3.5 idmuser||Example of updating postgresql server with 3.5,3.6 or 3.6.1 OpenIAM version using idmuser user with password "idmuser"|
Use Oracle SQL developer to apply scripts to the existing Oracle database. Please run consistently scripts from:
/data/openiam/conf/schema/oracle/4.0 /data/openiam/conf/schema/oracle/4.0.1 /data/openiam/conf/schema/oracle/4.1.0 /data/openiam/conf/schema/oracle/4.1.1
Next, apply the following script.
UPDATE PROPERTY_FILE_VALUES SET PROPERTY_VALUE = 'DES' WHERE PROPERTY_ID = 'org.openiam.iam.cryptor.algorithm';
Note: Use AES encryption instead of 3DES
After uccessful update of database and running the application you will be able to update your deployment to use AES encryption instead of 3DES that was used in v3.X.
To do that, perform the following steps:
- Go to webconsole as sysadmin at: http://your_server/webconsole
- Navigate on top menu to
Crypto Algorithm Nameand change the value to AES
- Click save button at the bottom.
- Stop openiam application (you can stop only openiam-esb module)
- Login to the redis server with redis-cli command
- In redis-cli console, if you are using the password, type AUTH <YOUR_REDIS_PASSWORD>
- Run FLUSHALL command in redis-cli console. It will cleanup all cache and current active users sessions. Don't worry, you will not loose any kind of important information.
- Run openiam-esb application.
- Now you are able to use your passwords. AES encryption is applied.