User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

ONE Runtime Server 14.5.1 Upgrade Notes

Spring Boot 3 upgrade

ONE Runtime Server now uses Spring Boot 3. If you are using Keycloak Security or Spring Security, additional configuration changes are needed in the HTTP Dispatcher configuration or the Spring Security XML file respectively.

Keycloak Security

The following configuration options have changed in the HTTP Dispatcher component:

  • identityProviders element is no longer used. For backward compatibility, you do not need to change your configuration if it meets the following conditions:

    • It contains only one identityProvider element within it, provided that the identityProvider uses the default pattern attribute (pattern="/**").

    • The identityProvider uses the default pattern (/**).

      Otherwise, the server does not start and the following error message is logged: Field identityProviders is now deprecated. Please use identityProvider instead.
  • pattern attribute in the identityProvider element is no longer used. For backward compatibility, as explained earlier, you do not need to remove it if it is set to the default value and there is only one identityProvider defined.

  • roleMapping attribute is added, which determines how roles are retrieved from Keycloak. The default value realm_access.roles is used if no value is not set in the server configuration.

    In addition, the following settings must be enabled in Keycloak Admin Console:

    • In Client Scopes > [role], on the Settings tab, enable Include in Token Scope.

    • In Client Scopes > Mappers > [realm roles]:

      • Enable Add to ID token and Add to userinfo.

      • Check whether Token Claim Name matches the value of roleMapping.

    To verify your setup, you can navigate to Clients > [your client ID] > Client Scopes > Evaluate > [user] and select Evaluate. The sections Generated ID Token and Generated User Info should contain the necessary roles.

    If you start the server with incorrect settings, the same instructions are available in the server log.

  • If Keycloak properties are loaded from keycloak.json or the runtime configuration, only the following properties are taken into account: resource (the client ID in Keycloak), realm, auth-server-url, credentials, and secret (for authenticating to Keycloak clients). Other properties (such as ssl-required and confidential-port) are ignored.

  • loginUrl attribute in the securityFilter element is no longer used. It is ignored if it is still present in the configuration.

  • usePlatformDeployment element is added for cloud deployments, which is used to enable different security settings on different endpoints on the server. This is typically needed for RDM in cloud deployments to enable InternalJWT authentication for internal communication between ONE modules. The settings are preconfigured and no user action is needed.

    For more detailed information and configuration samples, see HTTP Dispatcher.

Spring Security

Update your Spring Security XML configuration file based on the sample provided in step 2 in Spring Security Configuration, section Define the Spring Security XML configuration cile.

In addition, create a new users.properties file (see step 4 in Spring Security Configuration, section Define Spring Security XML configuration file) and change the admin user password.

Was this page useful?