You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current migration documentation does not provide guidance on migrating an older APIM and IS-KM setup to the latest versions, specifically APIM 4.3.0 and IS 7.0.0.
Given that IS 7.0.0 no longer shares database schemas with APIM as IS-KM did, IS 7.0.0 must be configured as a third-party Key Manager. Simply configuring IS 7.0.0 as a third-party Key Manager after migration is insufficient. Additional steps are required to correctly map the existing keys to the newly created Key Manager; otherwise, the migrated application keys will incorrectly appear as keys from the Resident Key Manager.
Post-Migration Steps:
Retrieve the UUID of the WSO2-IS7 Key Manager from the AM_KEY_MANAGER table in the AM_DB: SELECT UUID, NAME, TYPE FROM AM_KEY_MANAGER WHERE TYPE='WSO2-IS-7';
Similarly, retrieve the UUID of the default WSO2-IS Key Manager from the same table: SELECT UUID, NAME, TYPE FROM AM_KEY_MANAGER WHERE TYPE='WSO2-IS';
Update the KEY_MANAGER column of the AM_APPLICATION_KEY_MAPPING table using the UUID of WSO2-IS7 obtained in the first step. Ensure that you only update the KEY_MANAGER value for records where the current KEY_MANAGER value matches the UUID of WSO2-IS 6.1.0: UPDATE AM_APPLICATION_KEY_MAPPING SET KEY_MANAGER = '<UUID_WSO2-IS-7>' WHERE KEY_MANAGER = '<UUID_WSO2-IS>';
This will correctly associate the consumer keys and secrets with the migrated applications.
Additionally, remove the following configuration from the deployment.toml file of APIM, which was added prior to the migration:
[apim.key_manager]
service_url = "https://localhost:9444/services/"
type = "WSO2-IS"
These steps should be included in the migration documentation as post-migration actions required to correctly configure IS 7.0.0 as the Key Manager.
Hi Team,
The current migration documentation does not provide guidance on migrating an older APIM and IS-KM setup to the latest versions, specifically APIM 4.3.0 and IS 7.0.0.
Given that IS 7.0.0 no longer shares database schemas with APIM as IS-KM did, IS 7.0.0 must be configured as a third-party Key Manager. Simply configuring IS 7.0.0 as a third-party Key Manager after migration is insufficient. Additional steps are required to correctly map the existing keys to the newly created Key Manager; otherwise, the migrated application keys will incorrectly appear as keys from the Resident Key Manager.
Post-Migration Steps:
AM_KEY_MANAGERtable in theAM_DB:SELECT UUID, NAME, TYPE FROM AM_KEY_MANAGER WHERE TYPE='WSO2-IS-7';SELECT UUID, NAME, TYPE FROM AM_KEY_MANAGER WHERE TYPE='WSO2-IS';KEY_MANAGERcolumn of theAM_APPLICATION_KEY_MAPPINGtable using the UUID of WSO2-IS7 obtained in the first step. Ensure that you only update theKEY_MANAGERvalue for records where the currentKEY_MANAGERvalue matches the UUID of WSO2-IS 6.1.0:UPDATE AM_APPLICATION_KEY_MAPPING SET KEY_MANAGER = '<UUID_WSO2-IS-7>' WHERE KEY_MANAGER = '<UUID_WSO2-IS>';This will correctly associate the consumer keys and secrets with the migrated applications.
These steps should be included in the migration documentation as post-migration actions required to correctly configure IS 7.0.0 as the Key Manager.
Thanks,
Abshan
Affected Product Version:
APIM-4.3.0 and IS-7.0.0
Related Issues:
[1] https://github.com/wso2-enterprise/wso2-apim-internal/issues/7097
The text was updated successfully, but these errors were encountered: