Info |
---|
This article is valid from Nexus PRIME 3.11 |
This article describes the steps that must be done when upgrading upgrading Smart ID Identity Manager from version 3.10 to 3.11. The instructions cover relevant changes for standard features that can be used by configuration in PRIME Designer or configuration files. Customization changes in internal APIs etc are not included. These instructions apply when upgrading the 3.10 standard packages to 3.11.
If you upgrade from a more previous version, you must do the upgrades step by step, that is, first upgrade from 3.9 to 3.10 and then from 3.10 to 3.11. If that is the case, see also Upgrade from PRIME 3.9 to PRIME 3.10.
...
Expand |
---|
|
Upgraded PRIME to 3.11, see Upgrade Identity Manager. |
...
Expand |
---|
title | Adapt PRIME processes to new Execute Search service task |
---|
|
For PRIME 3.11, the new service task Execute Search has replaced beans in several processes in PRIME. Some beans in all custom beans files have been removed. For more information on Execute Search , see Process - Standard service tasks in Identity Manager. To adapt to the new setup, the PRIME configuration must be modified. There are two options to do this: Option 1 - Manually update processes- In your current configuration, update the PRIME processes that are listed below. Compare each process with the corresponding process for 3.11 and update it accordingly.
Expand |
---|
title | These processes must be updated |
---|
|
Code Block |
---|
Smart ID Base module
BaseProcSaveEmployeeWithUniqueness Save employee with unique email
BaseProcSaveVisitorWithUniqueEmail Save visitor with unique email
*************************************************************************************
Smart ID Digital ID
PcmProcActivatePMProfile Install certificates on mobile Id (was: Request PM certificates)
PcmProcContractorCardWithApproval Request contractor card
PcmProcContractorCardWithoutApproval Create contractor card
PcmProcDeactivateContractor Deactivate contractor
PcmProcDeactivateEmployee Deactivate employee
PcmProcDeactivateEmployeeCard Deactivate employee card
PcmProcDeactivateVisitor Deactivate visitor
PcmProcEmployeeCardProduction Employee Card Production
PcmProcEmployeeCardWithApproval Request employee card
PcmProcEmployeeCardWithoutApproval Create employee card
PcmProcEmployeeTemporaryCard Create employee temporary card
PcmProcLockEmployeeCard Lock employee card
PcmProcLockEmployeeTempCard Lock employee Temp Card
PcmProcLockPersonalMobile Lock mobile Id
PcmProcLockPersonalX Lock virtual smartcard
PcmProcProvisioningCertificateToVSC Provisoning certificate to virtual smartcard
PcmProcReactivateEmployeeCard Reactivate employee card
PcmProcRenewEmployeeCard Renew employee card
PcmProcRenewVirtualSmartcard Renew virtual smartcard
PcmProcRepeatEmployeeCardProduction Repeat Employee Card Prod.
PcmProcReplaceEmployeeCard Replace employee card
PcmProcReplaceVSC Replace virtual smartcard
PcmProcUSSPEmployeeCardWithApproval Request USSP-Employee card
PcmProcUSSPEmployeeCardWithoutApproval Create USSP-Employee card
PcmProcWithdrawEmployeeTempCard Withdraw Employee Temp Card
PcmSubProcCreationOfVSC Creation of virtual smartcard
PcmSubProcMobileId Subprocess Mobile Id
PcmSubProcReplaceEmployeeCard Subprocess Replace employeecard
PstmProcProceedSoftwareTokenRequest Proceed softtoken request
PstmProcReplaceSofttokenUSSP Replace softtoken
PstmProcRevokeAllSofttokenTypes Revoke all softtoken types
PstmProcSendCertificatesToStand-In Send encryption certificates to stand-in
PstmProcSubSubProcRenewSofttoken Subprocess Renew softtoken
PstmSubProcReplaceSofttokenUSSP Subprocess Replace Softtoke USSP
*************************************************************************************
Smart ID Physical Access Module
BaseProcCreateActivateContractor Create contractor
BaseProcCreateActivateEmployee Create employee
BaseProcReactivateEmployee Reactivate employee
BaseProcReactivateEmployeeWithRoleUSSP Reactivate employee
PcmProcActivateContractorCard Activate employee card
PcmProcActivateEmployeeCard Activate employee card
PcmProcAssignNonPersonalCard Assign non personal card
PcmProcAssignNonPersonalCardToEmployee Assign Non Personal Card To Employee
PcmProcDeactivateContractor Deactivate contractor
PcmProcDeactivateContractorCard Deactivate contractor card
PcmProcDeactivateEmployee Deactivate employee
PcmProcDeactivateEmployeeCard Deactivate employee card
PcmProcLockContractorCard Lock contractor card
PcmProcLockEmployeeCard Lock employee card
PcmProcReactivateEmployeeCard Reactivate employee card
PcmProcReactivateEmployeeWithRoleUSSP Reactivate employee with Role USSP
PcmProcReplaceEmployeeCard Replace employee card
PcmProcWithdrawNonPersonalCard Withdraw non personal card
PcmSubProcReplaceEmployeeCard Subprocess Replace employee card
PemProcCreateAccessRule Create access rule
PemProcDeleteAccessRule Delete access rule
PemProcDeleteGroup Delete group
PemProcEditAccessRule Edit access rule
PemProcWithdrawGroupMembership Withdraw group membership
PemSubProcGenerateExpression Subprocess Generate expression
|
|
Option 2 - Enable PRIME 3.11 to work with the previous custom-beans Note |
---|
Since the old beans will be removed in the future, it is recommended that you make a plan to adapt the processes to the new service task, according to option 1. No date is set yet, for when beans will be removed. |
Take a backup of the existing custom beans files in this folder:
Code Block |
---|
title | Example: custom beans file folder |
---|
| <...>\webapps\prime_explorer\WEB-INF\classes\spring |
Copy the following custom beans files:
Note |
---|
These files are only to be used when upgrading PRIME to 3.11. |
custom-beans-PSTM.xml custom-beans-PEM.xml custom-beans-PCM.xml custom-beans-BIM.xml custom-beans-SCM.xml Place the files in this folder: Code Block |
---|
title | Example: custom beans file folder |
---|
| <...>\webapps\prime_explorer\WEB-INF\classes\spring |
- If you had created your own beans, copy them from the old to the new custom beans files.
- Restart Tomcat.
|
...
Expand |
---|
title | Parameter change in service task Core Objects: Drop Relation |
---|
|
To keep the old behavior for the service task Core Objects: Drop Relation when upgrading PRIME to 3.11 you must do these parameter changes: Parameter | Update |
---|
dataPoolName | Keep | objectType | New. Set value from destinationType parameter | destinationType | Remove |
See also this article: |
Upgrade from < 3.10.1 to >= 3.11.0
Expand |
---|
title | Updates in standard service tasks |
---|
|
Excerpt |
---|
It is recommended to maintain certificates and PKCS#10 requests in the process map as byte. Both certificates and PKCS#10 request can either be represented in their ASN.1 binary form or as utf-8 bytes of the PEM encoded form. - It is now required to get the data as byte for a number of tasks:
- Cert: Execute PKCS10 Request (${executePKCS10RequestTask})
- Cert: Extract PKCS#10 Attributes From Request (${extractPKCS10AttributesFromRequestTask})
- Personal Messaging: Install Certificates on Personal Mobile (${hermodInstallCertificatesTask})
- Attributes:
- signatureCertificate
- authenticationCertificate
- deviceEncryptionP10
- Personal Messaging: Install Certificates on Virtual Smartcard (${pxVscHermodInstallCertificatesTask})
- Attributes:
- signatureCertificate
- authenticationCertificate
- deviceEncryptionP10
- The binary form will now be emitted from a number of tasks:
- Cert: Execute PKCS10 Request (${executePKCS10RequestTask})
- Personal Messaging: Create Key on Personal Mobile (${hermodKeyCreationTask})
- Variables in the process map provided by the subsequent event:
- SIG_P10_VAR
- AUTH_P10_VAR
- DEVICE_ENC_P10_VAR
- Personal Messaging: Create Key on Virtual Smartcard (${pxVscHermodKeyCreationTask})
- Variables in the process map provided by the subsequent event:
- SIG_P10_VAR
- AUTH_P10_VAR
- DEVICE_ENC_P10_VAR
- It's also necessary to do a database update as a new table was introduced.
|
|
...
Additional information
...