TPS-3326 (cumulative patch) - 7.2

author
Talend Documentation Team
EnrichVersion
7.2
EnrichProdName
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
EnrichPlatform
Talend Identity and Access Management

TPS-3326 (cumulative patch)

Info Value
Patch Name Patch_20190808_TPS-3295_v1.zip
Release Date 2019-08-08
Target Verson 20190620_1446-V7.2.1
Product affected IAM

Introduction

This patch is cumulative. It includes all previous generally available patches for Talend IAM 7.2.1.

NOTE: For information on how to obtain this patch, reach out to your Support contact at Talend.

Fixed issues

This patch contains the following fixes:

  • TPS-3295: [7.2.1] USAF Case/Jira Status- Case 00144616 (TPSVC-10274)
  • TPS-3326: [7.2.1] Remove hard coded keys used for encryption from sts-tac

Prerequisites

Consider the following requirements for your system:

  • Talend IAM 7.2.1 must be installed.

Installation

  1. Stop IAM.
  2. Create a backup directory
    $ mkdir -p <backup_dir>
    
  3. Copy original sts.wat, sts-tac.war, idp.war,oidc.war and scim.war to backup dir
    $ cp <TALEND>/iam/apache-tomcat/webapps/sts.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/sts-tac.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/idp.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/oidc.war <backup_dir>
    $ cp <TALEND>/iam/apache-tomcat/webapps/scim.war <backup_dir>
    
    Note: if you made any changes in extracted services apps before don't forget to backup them too.
  4. Remove original sts, sts-tac, idp, oidc and scim webapp directories
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/sts
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/sts-tac
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/idp
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/oidc
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/scim
    
  5. Drop idp database.
  6. Copy patched war-s to webapps directory replacing original ones
    $ cp sts.war <TALEND>/iam/apache-tomcat/webapps/
    $ cp sts-tac.war <TALEND>/iam/apache-tomcat/webapps/
    $ cp idp.war <TALEND>/iam/apache-tomcat/webapps/
    $ cp oidc.war <TALEND>/iam/apache-tomcat/webapps/
    $ cp scim.war <TALEND>/iam/apache-tomcat/webapps/
    
  7. Save keys.properties somewhere and add additional property to your <IAM-HOME>/iam/apache-tomcat/conf/catalina.properties
    encryption.keys.file=<path-to-keys.properties>
    
  8. Start IAM.

Uninstallation

  1. Stop IAM.
  2. Remove original sts, sts-tac, idp, oidc and scim webapp directories
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/sts
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/sts-tac
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/idp
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/oidc
    $ rm -rf <TALEND>/iam/apache-tomcat/webapps/scim
    
  3. Drop idp database.
  4. Copy saved sts.war, sts-tac.war, idp.war,oidc.war and scim.war from backup dir
    $ cp <backup_dir>/sts.war <TALEND>/iam/apache-tomcat/webapps/
    $ cp <backup_dir>/sts-tac.war <TALEND>/iam/apache-tomcat/webapps/
    $ cp <backup_dir>/idp.war <TALEND>/iam/apache-tomcat/webapps/
    $ cp <backup_dir>/oidc.war <TALEND>/iam/apache-tomcat/webapps/
    $ cp <backup_dir>/scim.war <TALEND>/iam/apache-tomcat/webapps/
    
  5. Start IAM

Affected files for this patch

The following files are installed by this patch: - sts.war - sts-tac.war - idp.war - oidc.war - scim.war

Notes:

When starting IAM, not encrypted password settings ( /iam/apache-tomcat/conf/iam.properties ) and client secrets in the application client settings ( json files in /iam/apache-tomcat/clients ) will automatically be encrypted and saved. In case you change the value of aes.key in keys.properties, you need to replace the encrypted passwords and secrets with plaintext values before restarting IAM with the new encryption key(s). Please refer to the documentation "Installing and configuring Talend Identity and Access Management" ( https://help.talend.com/reader/2~mlhPhrG6zeV9Ccrky5Ig/o0Ou1pAi3d5WIbcrfz_XpA ) to locate the settings ( commonly entries ending with '.password' or named 'client_secret') that need to be changed for the Talend applications accessed via IAM.