Kantega SSO Enterprise 5.x. update notes

Here are some important notes on updating to Kantega SSO Enterprise 5.x.

This is a major release with a lot of both visible and under the hood changes. To see the complete list of changes, see our Kantega SSO Enterprise 5.0 release notes. When upgrading from version 4.x or earlier, some settings have a format that must be converted.

Encountering issues after update of config? You can always revert Kantega SSO Enterprise back to a stable version.

Upgrade notes

Here's a summary of changes and important notes from Kantega SSO Enterprise 5.0.

More restrictive CSRF policy

From Kantega SSO Enterprise 5.0, the policy for CSRF has been changed. Now you have to have an Origin header set in the POST request to save data to a page in KSSO. If you are using nginx proxy, you might have to set the following value in your configuration: Access-Control-Allow-Origin: <your-domain-here>

IP formats

One of the changes in Kantega SSO Enterprise 5.0 is new formats for specifying IP addresses and ranges. The changes are made to support the most common and requested formats and make these consistent across all features where you configure IPs in the product.

Supported formats:

  • Full IP addresses

  • CIDR-notation

  • Regex (requires starts with (^) and ends with ($) tags)

Deprecated formats:

  • IP prefix (will be upgraded to regex)

  • Regex with only starts with (^) tag (will be upgraded to new regex format)

Affected features:

  • Kerberos

  • API tokens

  • Header authentication

API tokens

If you're upgrading from Kantega SSO Enterprise any version between 4.1.0 - 4.2.4 to Kantega SSO Enterprise 5.x, the format used to store API tokens in the database has changed. Kantega SSO Enterprise should upgrade your tokens automatically and save them in a new database table. If you need to downgrade, the tokens will still be available in the old format in the table used in prior versions.


Version 4.13 introduced new authentication methods for SCIM. If you are upgrading from a version before this, you will not be able to downgrade past version 4.13, as earlier versions do not know about the authentication formats. Please make sure to take a backup before upgrading if you need to revert to a version before 4.13.

Known issues

The documentation links in the first two steps in the setup wizard (Identity Provider and Protocol) remember the last identity provider you started configuring. The links point to the specific guide for that provider instead of the link associated with that step.

Update procedure

We always recommend that you test the upgrade in a test environment. To prevent unexpected downtime for your users, please make sure to create a backup of your environment which you can roll back to, should anything unexpected happen during the upgrade.

  1. Go to > Manage Apps

  2. Update Kantega SSO Enterprise

  3. If your configuration needs upgrading, you will be prompted with a notification to upgrade. You can also check by navigating to the Common > Configuration status page in the Kantega SSO Enterprise admin area to see if any action is required.