Classic Experience migration to the New Experience
In the SecureAuth® Identity Platform, use the Classic Migration feature to migrate Classic Experience realms to the New Experience.
This migration method allows you to move realms that were originally created in the Classic Experience to the New Experience. With this migration, you can assign integrated data stores and an authentication policy that are set up in the New Experience to migrated applications.
The Classic Migration feature determines whether a Classic Experience realm will migrate to the Application Manager or the Internal Application Manager in the New Experience. The Application Manager contains third-party SAML application integrations while the Internal Application Manager contains applications like the SSO Portal, Help Desk pages and so on.
Prerequisites
Legacy realms created in the Classic Experience (now known as Advanced Settings)
Upgrade to Identity Platform release 22.02 with Hotfix 2 or later
Enable the Classic Migration page in the Identity Platform, in one of two ways:
Go to D:\SecureAuth\API\web.config for the Admin API and add the following line to the <appSettings> section:
<add key="AllowMigrationFromClassic" value="True"/>
Add environment variable to enable Classic Migration in the Identity Platform.
How to migrate Classic Experience realms
On the left side of the Identity Platform page, click Classic Migration.
The Migrate Classic realms to New Experience page displays.
To apply default values for data stores and an authentication policy to all applicable classic realms, click the Set default values... link below the Search box.
Set any of the following default values.
Data Stores
Click inside the box and select one or more data stores from the list. Or, type the name for a filtered list.
When this field is populated, it automatically assigns the data store to all applicable Classic realms for migration. See the Data Store column in the list of Classic realms.
Authentication Policy
From the list, select an authentication policy.
When this field is populated, it automatically assigns an authentication policy to all applicable Classic realms for migration. See the Policy column in the list of Classic realms.
For each Classic realm you want to migrate, review the following information about each realm.
Name. The name of the Classic realm.
Realm. The Classic realm number and the type of migration (Application Manager or Internal Application Manager).
Data Store. You can manually change the assigned default data store (set in the previous step), add and remove a data store.
Policy. You can manually change the assigned default policy to a different authentication policy.
For example, you can add another data store, or change the default policy from "Default Policy" to "Sample Custom Policy".
Click Migrate for each Classic Experience realm and confirm the migration.
A message appears upon completion of the migration.
When you edit a migrated application in the Application Manager or the Internal Application Manager, there is a message indicating that the application was migrated from the Classic Experience.
Application Manager - migrated application
Internal Application Manager - migrated application
Troubleshooting
Classic Experience realms not supported for migration
Some post authentication pages are not supported for migration to the New Experience:
Authorized/MobileAppStore.aspx - Redirect to your organization's mobile app in an app store.
Authorized/Reporting.aspx – Reporting page for administrators to review and log authentication events.
Authorized/RevokeCert.aspx – Revoke Certificate page for administrators to review and revoke user's certificates
Authorized/PINOTP.aspx – PIN OTP page for end users to receive a one-time password (OTP)
Authorized/InterSiteTransfer.aspx – SAML 1.1 assertion page
Authorized/SAML20SPInitWL.aspx – SAML 2.0 (SP-initiated) assertion for Oracle WebLogic
Authorized/SAML20RelayState.aspx – SAML 2.0 RelayState URL page
Also not supported are Classic Experience realms with DMZ use cases.
Error messages and log entries
The following is a list of error messages and log entries to help you troubleshoot Classic Experience realm migration issues.
Log entry | Error message | What it means |
---|---|---|
COMMON_PROPERTIES_NOT_PARSED | Error parsing common properties for realm, check the error logs for more information | This might be due to a manual edit of the web.config with incorrect data (like a typo or data is not what is expected). |
LOGO_ERROR | Error parsing logo for migration, check the error logs for more information | There might be an issue with accessing the /images folder of the realm. |
POSTAUTH_PROPERTIES_NOT_PARSED | Error parsing post auth properties for realm, check the error logs for more information | This might be due to a manual edit of the web.config with incorrect data (like a typo or data is not what is expected). |
POST_AUTH_UNKNOWN | Error parsing Post Auth information, Post auth option is not supported yet | This might be due to a customized post auth page with a different name than the out-of-box options. |
POST_AUTH_UNSUPPORTED | Post Auth is not supported on SWAP | Classic Experience realm is not supported for migration. See Classic Experience realms not supported for migration |