Classic Experience migration to the New Experience

In the SecureAuth® Identity Platform, use the Classic Migration feature to migrate Classic Experience realms to the New Experience.

This migration method allows you to move realms that were originally created in the Classic Experience to the New Experience. With this migration, you can assign integrated data stores and an authentication policy that are set up in the New Experience to migrated applications.

The Classic Migration feature determines whether a Classic Experience realm will migrate to the Application Manager or the Internal Application Manager in the New Experience. The Application Manager contains third-party SAML application integrations while the Internal Application Manager contains applications like the Secure Portal, Help Desk pages and so on.

Prerequisites

  • Legacy realms created in the Classic Experience

  • Upgrade to Identity Platform release 22.02 with Hotfix 2 or later

  • Enable the Classic Migration page in the Identity Platform, in one of two ways:

    • In the Admin API web.config, add the following line to the <appSettings> section:

      <add key="AllowMigrationFromClassic" value="True"/>

    • Add environment variable to enable Classic Migration in the Identity Platform.

How to migrate Classic Experience realms

  1. On the left side of the Identity Platform page, click Classic Migration.

    The Migrate Classic realms to New Experience page displays.

    migrate_classic_001.png
  2. To apply default values for data stores and an authentication policy to all applicable classic realms, click the Set default values... link below the Search box.

  3. Set any of the following default values.

    Data Stores

    Click inside the box and select one or more data stores from the list. Or, type the name for a filtered list.

    When this field is populated, it automatically assigns the data store to all applicable Classic realms for migration. See the Data Store column in the list of Classic realms.

    Authentication Policy

    From the list, select an authentication policy.

    When this field is populated, it automatically assigns an authentication policy to all applicable Classic realms for migration. See the Policy column in the list of Classic realms.

    migrate_classic_002.png
  4. For each Classic realm you want to migrate, review the following information about each realm.

    • Name. The name of the Classic realm.

    • Realm. The Classic realm number and the type of migration (Application Manager or Internal Application Manager).

    • Data Store. You can manually change the assigned default data store (set in the previous step), add and remove a data store.

    • Policy. You can manually change the assigned default policy to a different authentication policy.

    For example, you can add another data store, or change the default policy from "Default Policy" to "Sample Custom Policy".

    migrate_classic_003.png
  5. Click Migrate for each Classic Experience realm and confirm the migration.

    A message appears upon completion of the migration.

    When you edit a migrated application in the Application Manager or the Internal Application Manager, there is a message indicating that the application was migrated from the Classic Experience.

    migrate_classic_009.png

    Application Manager - migrated application

    migrate_classic_010.png

    Internal Application Manager - migrated application

Troubleshooting

Classic Experience realms not supported for migration

Some post authentication pages are not supported for migration to the New Experience:

  • Authorized/MobileAppStore.aspx - Redirect to your organization's mobile app in an app store.

  • Authorized/Reporting.aspx – Reporting page for administrators to review and log authentication events.

  • Authorized/RevokeCert.aspx – Revoke Certificate page for administrators to review and revoke user's certificates

  • Authorized/PINOTP.aspx – PIN OTP page for end users to receive a one-time password (OTP)

  • Authorized/InterSiteTransfer.aspx – SAML 1.1 assertion page

  • Authorized/SAML20SPInitWL.aspx – SAML 2.0 (SP-initiated) assertion for Oracle WebLogic

  • Authorized/SAML20RelayState.aspx – SAML 2.0 RelayState URL page

Also not supported are Classic Experience realms with DMZ use cases.

Error messages and log entries

The following is a list of error messages and log entries to help you troubleshoot Classic Experience realm migration issues.

Log entry

Error message

What it means

COMMON_PROPERTIES_NOT_PARSED

Error parsing common properties for realm, check the error logs for more information

This might be due to a manual edit of the web.config with incorrect data (like a typo or data is not what is expected).

LOGO_ERROR

Error parsing logo for migration, check the error logs for more information

There might be an issue with accessing the /images folder of the realm.

POSTAUTH_PROPERTIES_NOT_PARSED

Error parsing post auth properties for realm, check the error logs for more information

This might be due to a manual edit of the web.config with incorrect data (like a typo or data is not what is expected).

POST_AUTH_UNKNOWN

Error parsing Post Auth information, Post auth option is not supported yet

This might be due to a customized post auth page with a different name than the out-of-box options.

POST_AUTH_UNSUPPORTED

Post Auth is not supported on SWAP

Classic Experience realm is not supported for migration. See Classic Experience realms not supported for migration