Here are some important notes on updating to Kantega SSO Enterprise 5.x.
This is a major release with a lot of both visible and under the hood changes. To see the complete list of changes, see our Kantega SSO Enterprise 5.0 release notes. When upgrading from version 4.x or earlier, some settings have a format that must be converted.
Here's a summary of changes and important notes from Kantega SSO Enterprise 5.0.
More restrictive CSRF policy
From Kantega SSO Enterprise 5.0, the policy for CSRF has been changed. Now you have to have an Origin header set in the POST request to save data to a page in KSSO. If you are using nginx proxy, you might have to set the following value in your configuration: Access-Control-Allow-Origin: <your-domain-here>
One of the changes in Kantega SSO Enterprise 5.0 is new formats for specifying IP addresses and ranges. The changes are made to support the most common and requested formats and make these consistent across all features where you configure IPs in the product.
Full IP addresses
Regex (requires starts with (^) and ends with ($) tags)
IP prefix (will be upgraded to regex)
Regex with only starts with (^) tag (will be upgraded to new regex format)
If you're upgrading from Kantega SSO Enterprise any version between 4.1.0 - 4.2.4 to Kantega SSO Enterprise 5.x, the format used to store API tokens in the database has changed. Kantega SSO Enterprise should upgrade your tokens automatically and save them in a new database table. If you need to downgrade, the tokens will still be available in the old format in the table used in prior versions.
Version 4.13 introduced new authentication methods for SCIM. If you are upgrading from a version before this, you will not be able to downgrade past version 4.13, as earlier versions do not know about the authentication formats. Please make sure to take a backup before upgrading if you need to revert to a version before 4.13.
Persistent documentation links in the setup wizard
The documentation links in the first two steps in the setup wizard (Identity Provider and Protocol) remember the last identity provider you started configuring. The links point to the specific guide for that provider instead of the link associated with that step.
We always recommend that you test the upgrade in a test environment. To prevent unexpected downtime for your users, please make sure to create a backup of your environment which you can roll back to, should anything unexpected happen during the upgrade.
Go to > Manage Apps
Update Kantega SSO Enterprise
If your configuration needs upgrading, you will be prompted with a notification to upgrade. You can also check by navigating to the Common > Configuration status page in the Kantega SSO Enterprise admin area to see if any action is required.