Here are some important notes on updating to Kantega SSO Enterprise 5.x.
This is a major release with a lot of both visible and under the hood changes. To see the complete list of changes, see our Kantega SSO Enterprise 5.0 release notes. When upgrading from version 4.x or earlier, some settings have a format that must be converted.
Here's a summary of changes and important notes from Kantega SSO Enterprise 5.0.
More restrictive CSRF policy
From Kantega SSO Enterprise 5.0, the policy for CSRF has been changed. Now you have to have an Origin header set in the POST request to save data to a page in KSSO. If you are using nginx proxy, you might have to set the following value in your configuration: Access-Control-Allow-Origin: <your-domain-here>. If you temporarily need this off to configure Kantega SSO, this is possible by deleting a file on the server in the Atlassian home folder: /kerberos/enable_csrf_origin_check.txt.
One of the changes in Kantega SSO Enterprise 5.0 is new formats for specifying IP addresses and ranges. The changes are made to support the most common and requested formats and make these consistent across all features where you configure IPs in the product. Kantega SSO Enterprise will attempt to update these values automatically, but is not completely fault-proof. In some cases you might have to translate IP restriction values yourself to comply with the new set of fomrats.
Full IP addresses
Regex (requires starts with (^) and ends with ($) tags)
IP prefix (will be upgraded to regex)
Regex with only starts with (^) tag (will be upgraded to new regex format)
If you're upgrading from Kantega SSO Enterprise any version between 4.1.0 - 4.2.4 to Kantega SSO Enterprise 5.x, the format used to store API tokens in the database has changed. Kantega SSO Enterprise should upgrade your tokens automatically and save them in a new database table. If you need to downgrade, the tokens will still be available in the old format in the table used in prior versions.
Version 4.13 introduced new authentication methods for SCIM. If you are upgrading from a version before this, you will not be able to downgrade past version 4.13, as earlier versions do not know about the authentication formats. Please make sure to take a backup before upgrading if you need to revert to a version before 4.13.
We always recommend that you test the upgrade in a test environment. To prevent unexpected downtime for your users, please make sure to create a backup of your environment which you can roll back to, should anything unexpected happen during the upgrade.
Go to > Manage Apps
Update Kantega SSO Enterprise
If your configuration needs upgrading, you will be prompted with a notification to upgrade. You can also check by navigating to the Common > Configuration status page in the Kantega SSO Enterprise admin area to see if any action is required.