This article describes how to upgrade Smart ID Identity Manager from 23.10.9 to 5.0.1.

New BPMN engine

With Smart ID Identity Manager 5.0.1, the BPMN engine powering the processes in Identity Manager will be Flowable as opposed to Activiti in older versions. The migration of the database will take place on the first startup of Identity Manager Admin or Identity Manager Operator. These applications must have the rights to change the database for the first startup after the migration.  

Uploaded configurations will be migrated automatically on the first startup. It is not supported to upload configurations from other versions.

To convert configuration files, do the following:

1. Upload the configuration files to the version they have been exported from.

2. Upgrade the system.

3. Export the configuration files again. 

Using custom beans in a BPMN task

If you use a service task in BPMN, it is possible to use an expression like ${sendEMailToAll}. It references a user-defined/custom bean.

Due to the switch of the BPMN engine from Activiti to Flowable you have to make a small adjustment if you want to continue using such beans.

The JavaDelegate interface from the package org.activiti.engine.delegate was used with Activiti. In its place your beans now have to implement BpmnJavaDelegate from the package de.nexus.processexecution.bpmn.runtime.

How to migrate:

1. Change the interface from JavaDelegate to BpmnJavaDelegate. The import statement for the java package must also be adapted.

2. Search for the method execute(DelegateExecution execution) and change its signature to execute(DelegateExecution execution, MappedTask mappedTask) . You can ignore the parameter mappedTask, which is optional.

Sign and Encrypt engine bootstrap verification

Various checks of the Sign and Encrypt engine's configuration have been introduced with Identity Manager 5.0.0. Depending on the severity, failed checks will lead to log messages or even prevent the system from starting. If that happens, a new bootstrapping is necessary.

See Sign and Encrypt engine bootstrap verification for more information and Bootstrapping production systems for instructions. Dummy certificates are not delivered with Identity Manager. See Bootstrapping development and test systems for more information on how to set up development and test systems. 

Support for encodings of USB Tokens via Card SDK is discontinued

Existing configurations which use the Card SDK for USB tokens will suffer from the Java bug described in Identity Manager release note 5.0.1 (see CRED-13706) and are no longer officially supported. 

PKI encoding of USB tokens can be handled by Smart ID Desktop App instead, which is not using Java and thus not affected by the issue. 

These are the migration steps: 

• General preparation: make sure that the Smart ID Messaging server is deployed and configured in Identity Manager. 

• For card production tasks: set the production component on the Card object to Personal Desktop App/Smart ID Desktop App. 

• For card operation tasks: change Devices=8710 to Devices=8711 in the encoding description header. 

Support for OsVersionField and PackageInformationField in encoding desriptions discontinued 

Support for OsVersionField and PackageInformationField has been removed from encoding descriptions. This feature was specific to CardOS smartcards and APDU commands can be used to get the same result. 

Below is an example how how to adjust the encoding from the old mechanism.

Old mechanism:

New mechanism: