When upgrading Express environments from gcr.io/forgerock-io/am:7.0.0-b33f5b14758a42cfc02c2e36b084955d5453bc74 to gcr.io/forgerock-io/am:7.0.0-2f528d0a3626b8dfcefec1d1c6405c6317a24d35 the upgrade step org.forgerock.openam.upgrade.steps.scripting.ScriptingSchemaStep is run because Express' OIDC claims script whitelist does not include all of the classes that the upgrade step wants it to have.
Unfortunately, rather than adding to the existing whitelist stored in AM's config the upgrade step completely replaces the whitelist. This means that additional classes needed for Express' customised OIDC claims script are no longer present and the script cannot be run.
- Setup a default installation of AM using gcr.io/forgerock-io/am:7.0.0-b33f5b14758a42cfc02c2e36b084955d5453bc74
- Update the OIDC claims whitelist using the attached script
- Upgrade AM to gcr.io/forgerock-io/am:7.0.0-2f528d0a3626b8dfcefec1d1c6405c6317a24d35
Manually update the OIDC whitelist after AM's upgrade completes
This change is applied by the upgrade step org.forgerock.openam.upgrade.steps.scripting.ScriptingSchemaStep