Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor

...

Info

This article is valid from Nexus PRIME 3.7

This article describes the steps that must be done when upgrading from PRIME 3.6 to PRIME 3.7. The instructions cover relevant changes for standard features that can be used by configuration in PRIME Designer or configuration files. Customization changes in internal APIs etc are not included.

...

Expand
titlePrerequisites

Upgraded PRIME to 3.7, see Upgrade Identity Manager.

Step-by-step instructions

Expand
titleActiviti 5.22

Activiti Process Engine has been updated to version 5.22.0. 

Note

Important: After the database update was done, the configuration must be re-imported, or at least the timer-started processes. It is not possible to update them automatically.

  1. In PRIME Explorer, go to the Admin page.
  2. Click Upload configuration and select the file with the latest configuration.


Expand
titleCertificate Manager

When PRIME was upgraded from 3.6 to 3.7, the Certificate Manager (CM) SDK was upgraded to 7.16. The connection from PRIME 3.7 is not backwards-compatible to older CM servers below 7.15. Follow these steps if you need to downgrade the connection to CM 7.11 - 7.14.

  1. In both PRIME Designer and PRIME Explorer Tomcat applications, navigate to the WEB-INF/lib/ directory.
  2. The zip archive jarsForNexusCm-7.14.zip, which is part of the software delivery, contains all necessary files. Replace the following files:
    • cmcommon-7.16.1.jar > cmcommon-7.11.0.jar
    • cmsdk-7.16.1.4.jar > cmsdk-7.11.0.1.jar
    • common-7.16.1.jar > common-7.11.0.jar
    • csp-7.16.1.jar > csp-7.11.0.jar
  3. Add the following file:
    • log4j-1.2-api-2.10.0.jar


Expand
titleCertificate templates

There are necessary updates for certificate configurations in PRIME Designer.

  1. In PRIME Designer, go to Home > Certificates.
  2. Check if the SAN_EMAIL certificate attribute is used with a comma separated list in any of the certificate templates. Comma separated attribute configurations, for example, SAN_EMAIL = "email1@domain.com, email2@domain.com" are no longer supported.
  3. If you find any comma separated lists, split them up to separate attributes, for example: SAN_EMAIL = email1@domain.com, SAN_EMAIL = email2@domain.com.


Expand
titlePostlogin processes

The postlogin process can now be applied to any Authentication profile (not only the Core Object based ones), and the processes can be defined differently for each profile, for example like this:

Code Block
<util:map id="loginProcessesMapping" 
			key-type="de.vps.act.kernel.authentication.AuthProfileType">
		<entry key="INTERNAL" value="loginProcessAllAuthProfiles"/>
		<entry key="CLIENT_CERT_INTERNAL" value="loginProcessAllAuthProfiles"/>
		<entry key="SAML_SSO_CORE_OBJECT" value="loginProcess"/>
		<entry key="USER_PASSWORD_CORE_OBJECT" value="loginProcess"/>
</util:map>

The loginProcessUserName has been extracted as a separate bean to serve both PRIME Explorer and PRIME USSP configurations:

Code Block
<bean id="loginProcessUser" class="java.lang.String">
	<constructor-arg value="loginProcessUserName"/>
</bean>

The value in the constructor-arg is the actual user name that will be used when running the processes.

The postlogin processes have also been implemented for PRIME USSP.


Expand
titleNexus Card SDK
Nexus PRIME 3.7 requires a new Card SDK. You need to update the corresponding clients to Card SDK Version 5.3, see Nexus Card SDK.

...

This article is valid from Nexus PRIME 3.7

...

Additional information

Expand
titleUseful links