Identity Service PostInstall Secret & Secret PIT Issue

Identity Service PostInstall Secret & Secret PIT Issue


When you are registering a new URL in Security tab of Identity Service UI,
you get the following error.


<Cause>

*Postinstall secret key was replaced based on different Secret PIT.

*This error occurs when you run Identity Service PostInstall on existing database twice
*Postinstall should be executed on empty database just only once. Unique Secret PIT and PostInstall Secret key were generated.

V22.8 installer runs this Postinstall even though upgrading


<Security Perspective>

*We have to manually fix this Postinstall Secret key.
*This is because we should not allow anyone to change Secret Key. If Postinstall program automatically changes the exisiting database, it will be a security breach.


<Measurement>

*From next release (V22.9), If the installer finds existing Secret PIT, it doesn't run PostInstall.
<Manual Fix>
*Documents attached here.

    • Related Articles

    • Workstation Agent Silent Script Sample

      Attached. Developer's Note: ************************************************************************* If Agent silent script is run with SCCM or Desktop Central - it will run under users NETWORK SERVICE or LOCAL SERVICE, so there's no way it will ...
    • Applications Manager: Capping Function Stability

      Sometimes rebooting machine or upgrading OpenLM components leads to unstability of Applications Manager capping functions. Applications Manager service should start after OpenLM Server service.
    • .Net8 & Linux: Self-Contained Binary doesn't work anymore: Need to Change Run.sh

      After installing .Net 8 SDK, OpenLM Server service didn't run. You will get a error message of you need .Net 8.0.0 or something. This is because of run.sh commands not supported in .Net8 anymore. In Run.sh the command is like this. ...
    • API Program + Bat File For Importing User CSV file

      I created a makeshift short program to import users' CSV file into EasyAdmin by API program and Bat File. This program works under the environment of Identity Security Mode and OpenLM Server. <Important: You can't change the file name. These files ...