- This line was added.
- This line was removed.
- Formatting was changed.
This article describes the steps that must be done when upgrading Nexus PRIME from version 3.11 to 3.12.
This article describes the steps that must be done when upgrading Nexus PRIME from version 3.11 to 3.12. The instructions cover relevant changes for standard features that can be used by configuration in PRIME Designer or configuration files. Customization changes in internal APIs etc are not included.
If you upgrade from a more previous version, you must do the upgrades step by step, that is, first upgrade from 3.10 to 3.11 and then from 3.11 to 3.12. If that is the case, see also Upgrade from PRIME 3.10 to PRIME 3.11.
Upgraded PRIME to 3.12, see Upgrade PRIME.
The SAML implementation has been revised and significant changes have been done to simplify the configuration.
For that reason, there is no automated upgrade path for an existing SAML configuration. SAML authentication profiles from previous releases have to be deleted and re-configured when upgrading to 3.12.
For details on how to configure SAML in PRIME 3.12, see chapters "Configure SAML SSO Core Object profile" and "Configure SAML SSO LDAP profile" in Set up authentication profile.
With PRIME 3.12 the latest major release of Nexus Certificate Manager (CM), version 8.1, is supported. With CM 8, several changes have been done in the integration interfaces. A downgrade to older CM versions just by replacing corresponding CMSDK files, is no longer possible. It is therefore highly recommend to upgrade CM to version 8.1. If you cannot upgrade immediately, there is a backport patch to CM version 7.18.1. See separate instructions that are delivered with the patch for details.
All PRIME PKI connectors have been moved to the internal connector architecture. This was done already with the previous PRIME release. Therefore the old "External CA Connector" interface is no longer needed and it has been removed in the PRIME Designer configuration.
If you still have a PKI connected via this interface, you need to switch to the corresponding internal PRIME connector instead.
As part of external PKI connector cleanup, the old "trustserver" functionality has been changed. "trustserver" was used in early PRIME projects to store sensitive data (like PIN and PUK) in Nexus Certificate Manager. Since sensitive data now can be encrypted also in PRIME, the trustserver functionality is only kept for compatibility reasons for existing PRIME installations.
Therefore the standalone usage of "trustserver" is no longer supported. Only the "combined" approach (new secrets are stored in PRIME internally, fallback is to check trustserver) can be used with PRIME 3.12.
In earlier releases, this functionality required nexus_cm.properties configuration in PRIME Designer, PRIME Explorer and PRIME Tenant. The current implementation requires a trustserver.properties available in all three applications. But only PRIME Explorer needs a working configuration, see an example file below. In PRIME Designer and PRIME Tenant, the file can be empty.
Cleanup and restructuring has been done in engineSignEncrypt.xml:
See Sign and encrypt engine for more information. Also, see the updated engineSignEncrypt.xml in the PRIME 3.12 delivery for further information.
The Groovy Script Engine has been updated from version 2.4 to version 3.0. Some Interfaces have changed or have been deprecated in Groovy 3.0. This might cause that custom Groovy scripts are failing after the update.
Please check the corresponding release notes or change logs to verify if your custom scripts are affected and adapt your scripts if necessary.
All standard service tasks are found here: Standard service tasks.
New standard service tasks for PRIME 3.12
Updated standard service tasks for PRIME 3.12
Updated standard service tasks not related to the 3.12 release
For PRIME 3.12.4, these standard service tasks are updated, and the value for the parameter storagePriority is changed from TPM to VSC:
Both tasks are used in the standard workflow Creation of virtual smartcard (Id: PcmSubProcCreationOfVSC), used in the module Digital Id.
Upgrade from PRIME 3.11.5 to 3.11.6
The cron user requires a tenant ID again.
Upgrade from PRIME 3.12.14 to 3.12.15
The cron user requires a tenant ID again.