v5.7 (IIS)
Upgrading on IIS
The following process can be run when upgrading any v5.x instance to v5.7 on IIS.
The upgrade of any version to Cinchy v5.7 requires changes to be made to various App Setting files.
Prerequisites
If you have made custom changes to your deployment file structure, please contact your Support team before you upgrade your environments.
- Download the latest Cinchy Artifacts from the Cinchy Releases Table > Release Artifacts column.
- Download .NET 6.0 if not already installed.
Depending on your current version, you may need to:
- Run the 5.2 upgrade script
- Run the 5.5 upgrade script
- Make changes to your connection string:
If you are upgrading from 5.0-5.3 to 5.4 on an SQL Server Database, you will need to make a change to your connectionString
in your SSO and Cinchy appsettings.json. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.
Ex:
"SqlServer" : "Server=MyServer;Database=Cinchy;User ID=cinchy;Password=password;Trusted_Connection=False;Connection Timeout=30;Min Pool Size=10;TrustServerCertificate=True"
Current Version | Run the 5.2 Upgrade Script | Run the 5.5 Upgrade Script | Connection String Changes (SQL Server DB) |
---|---|---|---|
5.0 | Yes | Yes | Yes |
5.1 | Yes | Yes | Yes |
5.2 | X | Yes | Yes |
5.3 | X | Yes | Yes |
5.4 | X | Yes | X |
5.5 | X | X | X |
5.6 | X | X | X |
Upgrade process
-
Merge the following configs with your current instance configs:
- Cinchy/web.config
- Cinchy/appsettings.json
- CinchySSO/appsettings.json
- CinchySSO/web.config
-
If you are upgrading to 5.7 on an SQL Server Database and didn't do so in any previous updates, you will need to make a change to your
connectionString
in both your SSO and Cinchy appsettings.json. Adding TrustServerCertificate=True will allow you to bypass the certificate chain during validation.Ex:
"SqlServer" : "Server=MyServer;Database=Cinchy;User ID=cinchy;Password=password;Trusted_Connection=False;Connection Timeout=30;Min Pool Size=10;TrustServerCertificate=True"
-
When upgrading to 5.7, you are required to make the following changes to various appsettings.json files:
CinchySSO\appsettings.json
Navigate to your CinchySSO\appsettings.json file and make the following changes:
- ADD the following value:
- "StsPrivateOriginUri" - This should be the private base URL used by the .well-known discovery. If left blank will match the request URL. /cinchysso
"AppSettings": {
"CinchyUri": "http://localhost",
"CertificatePath": "C:\\inetpub\\wwwroot\\cinchysso\\cinchyidentitysrv.pfx",
"CertificatePassword": "",
"SAMLClientEntityId": "",
"SAMLIDPEntityId": "",
"SAMLMetadataXmlPath": "",
"SAMLSSOServiceURL": "",
"SAMLEncryptedCertificatePath": "",
"SAMLEncryptedCertificatePassword": "",
"SAMLSignCertificatePath": "",
"SAMLSignCertificatePassword": "",
"HstsMaxAge": 2592000,
"HstsIncludeSubDomains": false,
"HstsPreload": false,
"SAMLSignCertificateMinAlgorithm": "",
"SAMLSignCertificateSigningBehaviour": "",
"AcsURLModule": "",
"StsPublicOriginUri": "",
// Add in the below "StsPrivateOriginUri".
//This should be the private base URL used by the .well-known discovery.
// If left blank will match the request URL. /cinchysso
"StsPrivateOriginUri": "",
"MaxRequestHeadersTotalSize": 65536,
"MaxRequestBufferSize": 65536,
"MaxRequestBodySize": -1,
"MachineKeyXml": "",
"DpApiKeyRingPath": "",
"TlsVersion": "",
"CinchyAccessTokenLifetime": "7.00:00:00",
"DataChangeCallbackTimeout": 7,
"RefreshCacheTimeInMin": 10,
"DefaultExpirationCacheTimeInMin": 360,
"DBType": "PostgreSQL"
Cinchy\appsettings.json
Navigate to your Cinchy\appsettings.json file and make the following changes:
- REMOVE the following values:
- "StsAuthorityUri"
- "RequireHttpsMetadata"
- ADD the following values:
- "StsPrivateAuthorityUri" - This should match your private Cinchy SSO URL.
- "StsPublicAuthorityUri" - This should match your public Cinchy SSO URL.
- "CinchyPrivateUri" - This should match your private Cinchy URL.
- "CinchyPublicUri" - This should match your public Cinchy URL.
"AppSettings": {
// Add the below "StsPrivateAuthorityUri" value.
// This should match your private Cinchy SSO URL.
"StsPrivateAuthorityUri": "",
// Add the below "StsPublicAuthorityUri" value.
// This should match your public Cinchy SSO URL.
"StsPublicAuthorityUri": "",
// Add the below "CinchyPrivateUri" value.
// This should match your private Cinchy URL.
"CinchyPrivateUri": "",
// Add the below "CinchyPublicUri" value.
// This should match your public Cinchy URL.
"CinchyPublicUri": "",
"AllowLogFileDownload": false,
"LogDirectoryPath": "C:\\CinchyLogs\\CinchyWeb",
"SSOLogPath": "C:\\CinchyLogs\\CinchySSO\\log.json",
"UseHttps": true,
"HstsMaxAge": 2592000,
"HstsIncludeSubDomains": false,
"HstsPreload": false,
"TlsVersion": "",
"RouteDebuggerEnabled": false,
"RefreshCacheTimeInMin": 10,
"DefaultExpirationCacheTimeInMin": 360,
"DBType": "PostgreSQL",
"StorageType": "Local", // Local | S3 | AzureBlobStorage
"MaxRequestBodySize": 1073741824 // 1gb
},
Worker Directory appsettings.json
Navigate to your appsettings.json file within your Cinchy Worker directory and make the following changes:
- ADD a new section titled CinchyClientSettings, following the below code snippet as a guide:
{
"CinchyClientSettings": {
"Url": "", // Cinchy Url
"Username": "", // For Cinchy v4 only, remove otherwise
"Password": "" // For Cinchy v5, this should be the password for the user connections@cinchy.com. For v4 this will be the desired user's password.
},
- REMOVE the following:
- "AuthServiceDomain"
- "UseHttps"
Event Listener Directory appsettings.json
Navigate to your appsettings.json file within your Cinchy Listener directory and make the following changes:
- ADD a new section titled CinchyClientSettings, following the below code snippet as a guide:
"CinchyClientSettings": {
"Url": "", // Cinchy Url
"Username": "", // For Cinchy v4, remove otherwise
"Password": "" // For Cinchy v5, this should be the password for the user eventlistener@cinchy.com. For v4 this will be the desired user's password.
}
- REMOVE the following:
- "StateFileLocation"
- "Path"
- Execute the following command:
iisreset -stop
- Replace the Cinchy and CinchySSO folders with the new build and your merged configs.
- Execute the following command:
iisreset -start
- Open your Cinchy URL in your browser.
- Ensure you can log in.
If you encounter an error during this process, restore your database backup and contact Cinchy Support.