Skip to content

Upgrade instructions versions 3.x

2.5.x to 3.0.0

Property changes

The credential configuration for token validation and the payload encryption policy have been replaced with a single set of credential properties.

The following properties have been replaced:

Old property name New property name
SECURITY_PROXY_ENGINE_ENCRYPTION_POLICY_USERNAME SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_ID
SECURITY_PROXY_ENGINE_ENCRYPTION_POLICY_PASSWORD SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_SECRET
SECURITY_PROXY_TOKEN_VALIDATION_SERVICE_CLIENT_ID SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_ID
SECURITY_PROXY_TOKEN_VALIDATION_SERVICE_CLIENT_SECRET SECURITY_PROXY_TOKEN_SERVER_API_CLIENT_SECRET

Embedded Resource gateway migration

If you are using The embedded resource gateway functionality you must update your Token Server configuration and Request mapper implementation.

Token Server configuration

Since version 3.0.0 of the Security Proxy it uses the Token introspection API of the Token Server to validate an access token. You must update your Token Server configuration to ensure the Security Proxy can still validate access tokens. The Token Server documentation describes how to configure an API client as resource server . Since you probably already have an API client configured for the payload encryption policy you only need to add Token introspection as one of the allowed Token Server API's to the existing API client that was previously only used to fetch the payload encryption policy.

Request mapper implementation

A request mapper implementation is used to map an access token into something that your back-end understands. Since the Security Proxy now uses the Token Introspection API of the Token Server to get all information about an access token the response containing the Access token metadata give to your request mapper implementation is also changed. The token_validation_result implementation returns the sub property instead of the reference_id which contains the user id.