Kantega SSO Enterprise 5.x. update notes

Here are some important notes on updating to Kantega SSO Enterprise 5.x.

This is a major release with a lot of both visible and under the hood changes. To see the complete list of changes, see our Kantega SSO Enterprise 5.0 release notes. When upgrading from version 4.x or earlier, some settings have a format that must be converted.

Encountering issues after update of config? You can always revert Kantega SSO Enterprise back to a stable version.

Update notes

Here's a summary of changes and important notes from Kantega SSO Enterprise 5.0.

More restrictive CSRF policy

From Kantega SSO Enterprise 5.0, the policy for CSRF has been changed. Now you have to have an Origin header set in the POST request to save data to a page in KSSO. If you are using nginx proxy, you might have to set the following value in your configuration: Access-Control-Allow-Origin: <your-domain-here>. If you temporarily need this off to configure Kantega SSO, this is possible by deleting a file on the server in the Atlassian home folder: /kerberos/enable_csrf_origin_check.txt.

 

IP formats

One of the changes in Kantega SSO Enterprise 5.0 is new formats for specifying IP addresses and ranges. The changes are made to support the most common and requested formats and make these consistent across all features where you configure IPs in the product. Kantega SSO Enterprise will attempt to update these values automatically, but is not completely fault-proof. In some cases you might have to translate IP restriction values yourself to comply with the new set of fomrats.

Supported formats:

  • Full IP addresses

  • CIDR-notation

  • Regex (requires starts with (^) and ends with ($) tags)

Deprecated formats:

  • IP prefix (will be upgraded to regex)

  • Regex with only starts with (^) tag (will be upgraded to new regex format)

Affected features:

  • Kerberos

  • API tokens

  • Header authentication

API tokens

If you're upgrading from Kantega SSO Enterprise any version between 4.1.0 - 4.2.4 to Kantega SSO Enterprise 5.x, the format used to store API tokens in the database has changed. Kantega SSO Enterprise should upgrade your tokens automatically and save them in a new database table. If you need to downgrade, the tokens will still be available in the old format in the table used in prior versions.

SCIM

Version 4.13 introduced new authentication methods for SCIM. If you are upgrading from a version before this, you will not be able to downgrade past version 4.13, as earlier versions do not know about the authentication formats. Please make sure to take a backup before upgrading if you need to revert to a version before 4.13.

Update procedure

We always recommend that you test the upgrade in a test environment. To prevent unexpected downtime for your users, please make sure to create a backup of your environment which you can roll back to, should anything unexpected happen during the upgrade.

  1. Go to > Manage Apps

  2. Update Kantega SSO Enterprise

  3. If your configuration needs upgrading, you will be prompted with a notification to upgrade. You can also check by navigating to the Common > Configuration status page in the Kantega SSO Enterprise admin area to see if any action is required.