Re: Issues on upgrading UAA 3.6.0 to 3.12.0?

Home Messages Hashtags Subgroups

Filip Hanik #6782 We recommend that you upgrade to 3.16.0 to make sure you get all security fixes included. The UAA you are upgrading to supports multiple keys. Here is an example https://github.com/cloudfoundry/uaa/blob/develop/uaa/src/test/resources/test/bootstrap/all-properties-set.yml#L72-L82 add both your new and old keys into the configuration. Then set the activeKeyId to be the new key. The old key will be used to verify existing tokens only. The new key will be used to sign new tokens. When you believe the time is right, you can remove the old key from the configuration. any tokens still signed with the old key will then be considered invalid. Filip toggle quoted message Show quoted text On Mon, May 8, 2017 at 4:23 PM, Sam Leong <sam.leong(a)quicken.com> wrote: Hi, We've been running UAA 3.6 on production and need to upgrade to 3.12. One requirement is that we will need to retain the validity of the token that was issued by UAA 3.6 after the upgrade. We used the default key for token signing in 3.6, in the upgrade we will use a new key, so I like to know the way how the client be able to verify the signature of the old valid tokens while the new tokens will be signed by a new key after upgrade to 3.12? Thanks, Sam attachment.html attachment.html
More All Messages By This Member

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.