COMPASS 6.3 migration guide
COMPASS Version 6.2, 6.3, 6.4 © General Re Corporation 2021 - 2026. All Rights Reserved (created: 2025-08-22 generated: 2026-07-10)
Please follow the steps to migrate from COMPASS 6.2 to 6.3.
1. Update the environment
-
Update Java from version 11 to 17
-
Update Application Server (Tomcat / Wildfly / … ) only if required. We tested COMPASS 6.3 with Tomcat Server. COMPASS 6.3 cannot run with Tomcat 9.x version as it needs Jakarta EE dependencies. Therefore Tomcat server has to be updated to 10.1.x version in order to run COMPASS 6.3
2. Update the configuration
2.1 Update RuleManagerService configuration (RuleManagerService.properties / RuleManagerService.yaml)
Properties to be deleted
-
compass.security.oauthServerUrl
-
compass.security.resource_id
-
compass.security.clientSecret
-
compass.security.tokenValidationTimeout
Properties to be added
-
springdoc.api-docs.version=openapi_3_1 -
Used for Swagger Documentation.
-
rulemanager.security.authServerUrl -
define the COMPASS 6.3 Authorization server URL / Keycloak Authorization server URL Example:
-
For Keycloak:
rulemanager.security.authServerUrl=https://localhost:8085/realms/Compass -
For COMPASS 6.3 Authorization server:
rulemanager.security.authServerUrl=https://localhost:8091/AuthorizationServer -
rulemanager.security.requireHttps -
This property is used by RuleManagerApp for COMPASS 6.3 Authorization server / Keycloak Authorization server. It is used to define the https for the Authorization server. If set to true, Authorization server URL needs to use https. Example:
-
rulemanager.security.requireHttps=true -
rulemanager.security.sessionCheckInterval -
This property is used by RuleManagerApp for COMPASS 6.3 Authorization server / Keycloak Authorization server. Tokens will be checked in the defined regular interval if they are valid. Example:
-
rulemanager.security.sessionCheckInterval=15000 -
rulemanager.security.roleBasedResourceAccessEnabled -
This property is used to secure the REST API based on the user role. If active, only users with role RULES can access all the REST API from RuleManagerService. If users without the role RULES try to access the REST API, HTTP error 403 forbidden will be thrown. If not active, then all the users independent of roles can access the REST API. Example:
-
rulemanager.security.roleBasedResourceAccessEnabled=true
Properties to be updated
| Old Properties | New Properties |
|---|---|
compass.language=en |
rulemanager.language=en |
compass.country=DE |
rulemanager.country=DE |
compass.subLocale.languages=nl |
rulemanager.subLocale.languages=nl |
compass.subLocale.countries=BE |
rulemanager.subLocale.countries=BE |
compass.database.global.url=jdbc:mariadb://localhost:3306/rm60 |
rulemanager.database.global.url=jdbc:mariadb://localhost:3306/rm60 |
compass.database.global.driver=org.mariadb.jdbc.Driver |
rulemanager.database.global.driver=org.mariadb.jdbc.Driver |
compass.database.global.user=username |
rulemanager.database.global.user=username |
compass.database.global.password=xxxxx |
rulemanager.database.global.password=xxxxx |
compass.login.check.enabled=true |
rulemanager.login.check.enabled=true |
compass.security.cors.enabled=true |
rulemanager.security.cors.enabled=true |
compass.security.cors.crossOrigin.urls=http://localhost:8080/RuleManagerService |
rulemanager.security.cors.crossOrigin.urls=http://localhost:8080/RuleManagerService |
compass.security.clientId=rm-client |
rulemanager.security.clientId=rulemanager-client |
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://10.130.130.115:8085/realms/RuleManager |
spring.security.oauth2.resourceserver.jwt.issuer-uri=${rulemanager.security.authServerUrl} |
compass.database.knowledge.url=jdbc:mariadb://localhost:3306/rm60 |
rulemanager.database.knowledge.url=jdbc:mariadb://localhost:3306/rm60 |
compass.database.knowledge.user=username |
rulemanager.database.knowledge.user=username |
compass.database.knowledge.password=xxxxx |
rulemanager.database.knowledge.password=xxxxx |
compass.database.knowledge.driver=org.mariadb.jdbc.Driver |
rulemanager.database.knowledge.driver=org.mariadb.jdbc.Driver |
compass.database.knowledge.reconnect=false |
rulemanager.database.knowledge.reconnect=false |
compass.database.knowledge.real=java.lang.Double |
rulemanager.database.knowledge.real=java.lang.Double |
compass.database.knowledge.viewname.Author=c40_author |
rulemanager.database.knowledge.viewname.Author=c40_author |
compass.database.knowledge.viewname.BoolOrInt=c40_boolorint |
rulemanager.database.knowledge.viewname.BoolOrInt=c40_boolorint |
compass.database.knowledge.viewname.Double=c40_double |
rulemanager.database.knowledge.viewname.Double=c40_double |
compass.database.knowledge.viewname.Group=c40_groupid |
rulemanager.database.knowledge.viewname.Group=c40_groupid |
compass.database.knowledge.viewname.Index=c40_index |
rulemanager.database.knowledge.viewname.Index=c40_index |
compass.database.knowledge.viewname.Keys=c40_keys |
rulemanager.database.knowledge.viewname.Keys=c40_keys |
compass.database.knowledge.viewname.Name=c40_name |
rulemanager.database.knowledge.viewname.Name=c40_name |
compass.database.knowledge.viewname.PersObj=c40_persobj |
rulemanager.database.knowledge.viewname.PersObj=c40_persobj |
compass.database.knowledge.viewname.Relation=c40_relation |
rulemanager.database.knowledge.viewname.Relation=c40_relation |
compass.database.knowledge.viewname.Search=c40_search |
rulemanager.database.knowledge.viewname.Search=c40_search |
compass.database.knowledge.viewname.String=c40_string |
rulemanager.database.knowledge.viewname.String=c40_string |
2.2 Update CompassService configuration (CompassService.properties / CompassService.yaml)
Properties to be deleted
-
compass.security.oauthServerUrl
-
compass.security.resource_id
-
compass.security.clientSecret
-
compass.security.tokenValidationTimeout
Properties to be added
-
compass.security.authServerUrl -
define the COMPASS 6.3 Authorization server URL / Keycloak Authorization server URL Example:
-
For Keycloak:
compass.security.authServerUrl=https://localhost:8085/realms/Compass -
For COMPASS 6.3 Authorization server:
compass.security.authServerUrl=https://localhost:8091/AuthorizationServer -
compass.security.requireHttps -
This property is used by CaseViewerApp for COMPASS 6.3 Authorization server / Keycloak Authorization server. It is used to define the https for the Authorization server. If set to true, Authorization server URL needs to use https. Example:
-
compass.security.requireHttps=true -
compass.security.sessionCheckInterval -
This property is used by CaseViewerApp for COMPASS 6.3 Authorization server / Keycloak Authorization server. Tokens will be checked in the defined regular interval if they are valid. Example:
-
compass.security.sessionCheckInterval=15000 -
compass.security.roleBasedResourceAccessEnabled -
This property is used to secure the REST API based on the user role. If active, only users with role CASES can access all the REST API from CompassService. If users without the role CASES try to access the REST API, HTTP error 403 forbidden will be thrown. If not active, then all the users independent of roles can access the REST API. Example:
-
compass.security.roleBasedResourceAccessEnabled=true
Properties to be updated
Old Properties |
New Properties |
compass.security.clientId=case-viewer |
compass.security.clientId=caseviewer-client |
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8085/realms/CaseViewer |
spring.security.oauth2.resourceserver.jwt.issuer-uri=${compass.security.authServerUrl} |
Cloud properties to be updated (Optional - only when more languages are needed)
In case there is no compass home directory defined, the information from the compass.properties need to be/can be added to the service property/yaml file. For the sublanguages and countries, they need to be added like this:
-
compass.country.subLocale.languages=nl;nl;en -
compass.country.subLocale.countries=;BE;
2.3 Update RuleManagerApp configuration (appConfig.json)
Properties to be deleted
"CompassAuthorizationBase": "/CompassAuthorization/"
"KeycloakAuthorization": {
"baseHref": "/RuleManagerApp/",
"silentTokenRefreshEnabled": false,
"moduleConfig": {
"clientId": "rulemanager-client",
"requireHttps": false,
"issuer": "http://localhost:8080/realms/RuleManager",
"sessionCheckIntervall": 15000,
"showDebugInformation": false
}
2.4 Update CaseViewerApp configuration (appConfig.json)
Properties to be deleted
"silentTokenRefreshEnabled": false,
"keycloakModuleConfig": {
"clientId": "caseviewer-client",
"requireHttps": false,
"issuer": "http://localhost:8080/realms/CaseViewer",
"sessionCheckIntervall": 15000,
"showDebugInformation": false
}
Properties to be added
"idleTimeout": {
"showDialogAfterMs": 600000,
"timerMs": 300000
}
-
showDialogAfterMS - defines the Idle timeout duration (in millisecond) after which Session about to end dialog will appear.
-
timerMS - the time duration (in millisecond), the session about to end dialog is displayed after which the user is automatically logged out if no action is taken. This time is visibly counted down in the dialog.
2.5 Update Authorization Server
Please follow the below 3 steps in order to migrate from COMPASS Authorization Server (version 6.2 or older) to COMPASS 6.3 Authorization Server
2.5.1 Update Artifact (WAR file)
-
Delete the old CompassAuthorization.war file.
-
Use the new AuthorizationServer.war file.
2.5.2 Check Database version to run COMPASS 6.3 Authorization Server
-
Please check the minimum Database version required to run the COMPASS 6.3 Authorization Server from this site
2.5.3 Update Properties (CompassAuthorization.properties / CompassAuthorization.yaml)
Properties to be deleted
-
spring.datasource.driverClassName
-
spring.datasource.jdbcUrl
-
spring.jpa.database-platform
-
ldap.enabled
-
security.tokenEndpoint.retryEnabled
-
security.tokenEndpoint.numberOfRetries
-
security.tokenEndpoint.retryWaitingTime
-
security.connectionPoolEnabled
Properties to be added
-
locale -
Define the language for the login screen. If set to
de, then the login screen will be in German language. If set toen, then the login screen will be in English language Example: -
For German language:
locale=de -
spring.profiles.active -
Authorization PROFILE. There are totally 2 profiles available - "database-auth", "ldap-auth". To authorize with Database connectivity, configure
database-auth. To authorize with LDAP Connectivity, configureldap-authExample: -
For Database Authorization:
spring.profiles.active=database-auth -
spring.jpa.hibernate.ddl-auto=validate -
To validate the database schema
Properties to be updated
Old Properties |
New Properties |
server.servlet.contextPath=/CompassAuthorization |
server.servlet.contextPath=/AuthorizationServer |
Note: Only if the connection pool is configured, the following properties need to be updated in addition to the above update.
Old Properties |
New Properties |
spring.datasource.minimumIdle |
spring.datasource.hikari.minimumIdle |
spring.datasource.maximumPoolSize |
spring.datasource.hikari.maximumPoolSize |
spring.datasource.idleTimeout |
spring.datasource.hikari.idleTimeout |
spring.datasource.poolName |
spring.datasource.hikari.poolName |
spring.datasource.maxLifetime |
spring.datasource.hikari.maxLifetime |
spring.datasource.connectionTimeout |
spring.datasource.hikari.connectionTimeout |
spring.datasource.type= |
spring.datasource.hikari.type |
2.5.4 SQL migration script
There are updates in the Database and therefore it needs to be migrated. SQL migration script for Authorization server can be found here
3. Update the artifacts and start the application
Replace the old artifacts (WAR files) with the COMPASS 6.3 artifacts and start the application