Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Upgrade from PRIME 3.6 to PRIME 3.7

Owned by Ann Base (Deactivated)
Last updated: Jan 18, 2024 by Ylva AnderssonVersion comment
2 min read

This article is valid from Nexus PRIME 3.7

This article describes the steps that must be done when upgrading from PRIME 3.6 to PRIME 3.7. The instructions cover relevant changes for standard features that can be used by configuration in PRIME Designer or configuration files. Customization changes in internal APIs etc are not included.

 Prerequisites

Upgraded PRIME to 3.7, see Upgrade Identity Manager.

Step-by-step instructions

 Activiti 5.22

Activiti Process Engine has been updated to version 5.22.0. 

Important: After the database update was done, the configuration must be re-imported, or at least the timer-started processes. It is not possible to update them automatically.

  1. In PRIME Explorer, go to the Admin page.
  2. Click Upload configuration and select the file with the latest configuration.
 Certificate Manager

When PRIME was upgraded from 3.6 to 3.7, the Certificate Manager (CM) SDK was upgraded to 7.16. The connection from PRIME 3.7 is not backwards-compatible to older CM servers below 7.15. Follow these steps if you need to downgrade the connection to CM 7.11 - 7.14.

  1. In both PRIME Designer and PRIME Explorer Tomcat applications, navigate to the WEB-INF/lib/ directory.
  2. The zip archive jarsForNexusCm-7.14.zip, which is part of the software delivery, contains all necessary files. Replace the following files:
    • cmcommon-7.16.1.jar > cmcommon-7.11.0.jar
    • cmsdk-7.16.1.4.jar > cmsdk-7.11.0.1.jar
    • common-7.16.1.jar > common-7.11.0.jar
    • csp-7.16.1.jar > csp-7.11.0.jar
  3. Add the following file:
    • log4j-1.2-api-2.10.0.jar
 Certificate templates

There are necessary updates for certificate configurations in PRIME Designer.

  1. In PRIME Designer, go to Home > Certificates.
  2. Check if the SAN_EMAIL certificate attribute is used with a comma separated list in any of the certificate templates. Comma separated attribute configurations, for example, SAN_EMAIL = "email1@domain.com, email2@domain.com" are no longer supported.
  3. If you find any comma separated lists, split them up to separate attributes, for example: SAN_EMAIL = email1@domain.com, SAN_EMAIL = email2@domain.com.
 Postlogin processes

The postlogin process can now be applied to any Authentication profile (not only the Core Object based ones), and the processes can be defined differently for each profile, for example like this:

<util:map id="loginProcessesMapping" 
			key-type="de.vps.act.kernel.authentication.AuthProfileType">
		<entry key="INTERNAL" value="loginProcessAllAuthProfiles"/>
		<entry key="CLIENT_CERT_INTERNAL" value="loginProcessAllAuthProfiles"/>
		<entry key="SAML_SSO_CORE_OBJECT" value="loginProcess"/>
		<entry key="USER_PASSWORD_CORE_OBJECT" value="loginProcess"/>
</util:map>

The loginProcessUserName has been extracted as a separate bean to serve both PRIME Explorer and PRIME USSP configurations:

<bean id="loginProcessUser" class="java.lang.String">
	<constructor-arg value="loginProcessUserName"/>
</bean>

The value in the constructor-arg is the actual user name that will be used when running the processes.

The postlogin processes have also been implemented for PRIME USSP.

 Nexus Card SDK
Nexus PRIME 3.7 requires a new Card SDK. You need to update the corresponding clients to Card SDK Version 5.3, see Nexus Card SDK.

Additional information


Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions