Skip to content

Upgrading PWM

Jump to bottom Edit New page
Jason Rivard edited this page Mar 5, 2025 · 1 revision

Overview

General Upgrade Process

  1. Backup PwmConfiguration.xml
  2. Optionally backup LocalDB contents (see below)
  3. Install new PWM update artifact

Unless you have made other modifications to the application, all configuration and the LocalDB will be in the application path directory which is otherwise untouched during your upgrade. If your moving or delete the application path directory you can restore the config file and LocalDB.

Backup/Restore of LocalDB

The LocalDB is stored in the configured PWM application path. The LocalDB nominally contains ephemeral data, users are typically not impacted if the contents of the LocalDB are lost. The LocalDB contains:

  • Logging data
  • User Challenge/Response data (in test mode only, production environment should never be configured this way)
  • User OTP secrets (in test mode only, production environment should never be configured this way)
  • Audit history (production servers should be forwarding this to a central audit server via syslog)
  • Server Statistics
  • Queued email and SMS messages (usually empty when server is shutdown unless target email/SMS servers are unreachable.

To backup/restore the LocalDB, use one of the following methods:

  • While the PWM server is stopped, copy the contents of the LocalDB directory inside PWM's configured application path directory.
  • In a web browser, navigate to Config Manager -> LocalDB and use Download/Import LocalDB buttons.

Upgrade PWM WAR Artifact deployment:

Linux

PWM 1.7+ - You will need to define PWM_APPLICATIONPATH environment variable. You can set this within the setenv.sh script in tomcat when it start's up. Example, export PWM_APPLICATIONPATH=/opt/pwmdata , if you renamed the war to something else such as mypwm then it would read, export MYPWM_APPLICATIONPATH=/opt/mypwmdata

PWM 1.8+ - Your config files and LocalDB would be located where you defined PWM_APPLICATIONPATH and not necessarily in /WEB-INF/. For example, PWM_APPLICATIONPATH=/opt/pwmdata then /opt/pwmdata would replace /WEB-INF/ below.

JDK Version - Ensure you update your JDK if needed.

  1. Stop the tomcat service

  2. Copy your pwm application directory to a location outside of tomcat

  3. If using a version before 1.9, check if the files /WEB-INF/PwmConfiguration.xml and /WEB-INF/LocalDB are inside tomcat directory, if so, make a backup copy

  4. If you made other changes, such as sql drivers/jars, theme, copy those also. You can also add those to tomcats global lib directory so that you don't always have to copy them off.

  5. Delete the existing pwm directory and pwm.war from tomcats webapps directory

  6. Delete pwm directory from tomcats /work folder , such as /var/lib/tomcat7/work/Catalina/localhost/pwm which is a symlink to /var/cache/tomcat7/Catalina/localhost/pwm

  7. Copy the new pwm.war to tomcats webapps directory

  8. Start Tomcat and let it deploy the new application. Wait until it finishes and then Stop tomcat.

  9. If needed from step 3, Copy LocalDB and PwmConfiguration.xml to wherever your PWM application path directory is set to.

  10. Start tomcat

Windows

Add a custom footer
Add a custom sidebar
Clone this wiki locally