MPIWG

Max Planck Institute for the History of Science Internal Blogs

Blog Post

How to upgrade the MITRE OpenID Connect server

  • 28 Feb 2018
  • BITS-AND-BYTES
  • Robert Casties

Our OpenID-Connect server https://id.mpiwg-berlin.mpg.de runs the MITRE OpenIdConnect server software from:

https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server

More specifically the LDAP version of the software from:

https://github.com/mitreid-connect/ldap-openid-connect-server

The software comes with upgrade instructions:

https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Upgrading

The instructions suggest to download the data from the old server in JSON format, then install the new server with an empty database and then upload the data to the new server using HTTP POST.

The first step is easy:

  • log in as an admin user
  • add /api/data to the URL
  • save the resulting JSON data

The second step is ok:

  • shut down the old server
  • install the new server software (in this case version 1.3, up from version 1.1)
  • compare the format of src/main/webapp/WEB-INF/data-context.xml with the current version because the format may have changed ?
  • delete the old database files in /usr/local/openid-server/data/ (location in the config file above)
  • uncomment the section “You can optionally initialize the database with test values here” in data-context.xml
  • start the server
  • stop the server
  • comment out the section “You can optionally initialize the database with test values here” in data-context.xml
  • start the server again
  • now you have a server with an empty database.

The third step is hard:

  • log in as an admin user
  • look at the cookies in your browser using the developer tools and copy the cookie JSESSIONID
  • open a browser plugin like RESTer for Firefox
  • create a POST request to the /api/data URL
  • add a header type Cookie with JSESSIONID= and the value you got from your browser session above
  • add a header type Content-Type with application/json
  • add a request body and paste the JSON that you downloaded in the first step
  • in the JSON remove the first client with the id “client” from the clients list
  • in the JSON remove the whole systemScopes list at the end (make sure that there are no dangling commas!)
  • submit the request, ?, and check the log for errors

If everything went well you now have a new version of the server with your old data ??.